ISO/IEC 25002:2024

International
Standard
ISO/IEC 25002
First edition
Systems and software
2024-03
engineering — Systems and
software Quality Requirements
and Evaluation (SQuaRE) — Quality
model overview and usage
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 7
5 Guidance for using SQuaRE quality models . 7
6 Quality model overview . 8
7 Quality model framework . 8
7.1 Quality model structure .8
7.2 Quality model categories .10
7.3 Ontology of quality model concepts .11
7.4 Quality requirement priorities and conditions . 12
7.5 Applying and extending quality models . 12
8 Quality model usage .13
8.1 Stakeholders . 13
8.2 Use of quality models within quality processes .14
8.2.1 Introduction to quality model usage examples .14
8.2.2 Quality requirements definition .14
8.2.3 Quality engineering . 15
8.2.4 Quality evaluation . 15
8.2.5 Quality measurement.16
8.2.6 Quality management .16
Bibliography . 17

© ISO/IEC 2024 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
iv
Introduction
A wide variety of organizational functions and personal activities are increasingly performed by information
systems and IT services. Therefore, high-quality information systems and IT services are essential to
providing value and avoiding potential negative consequences for their stakeholders. Unfortunately, quality
assurance has traditionally focused primarily on functional requirements, giving far less attention to the
non-functional attributes of a system/product. Comprehensive specification, design, and evaluation of all
quality attributes of information systems and IT services are critical to optimizing the value of information
systems to their stakeholders.
The comprehensive specification of quality characteristics associated with a specific type of information
system is represented in a quality model. A quality model can be used as an objective reference supporting
requirements definition, evaluation, and validation/verification. By establishing an international agreement
on quality characteristics and their measurement, the SQuaRE family of standards provides a framework for
reliable world-wide development and delivery of information systems and IT services.
This document is intended to provide guidelines for interpreting and using ISO/IEC 25010, ISO/IEC TS 25011,
ISO/IEC 25012, ISO/IEC 25019, and other SQuaRE quality models to be published in the future. Quality
models in the SQuaRE family can guide the development of quality measures and evaluation processes used
to provide evidence that information systems, ICT products, data, and IT services have the capability to
perform their role in achieving the sustainable development goals of SDGs 4, 9, and 11.
This document introduces the structure of SQuaRE quality models and provides requirements for developing
them. This document describes how SQuaRE quality models in the quality model division (ISO/IEC 2501n)
can be used in conjunction with other SQuaRE standards to guide quality-related activities across the
information system lifecycle. These quality models can guide the development of measures for evaluating
the quality of information systems and IT services to meet the requirements of their stakeholders. These
models provide a common language for describing quality characteristics that can be understood by all
stakeholders and should be considered in defining product requirements. They also provide a basis for
defining standard quantitative measures of quality characteristics for evaluating the quality properties of a
target entity.
The complexity of information systems has grown exponentially with the advent of modern digital
technologies. This complexity elevates the importance of non-functional requirements and qualities.
SQuaRE quality models can help guide the development of modern digital technologies that are trustworthy
and that delight their users.
This document is a part of the SQuaRE series of International Standards, which consists of the following
divisions:
— quality management division;
— quality model division;
— quality measurement division;
— quality requirements division;
— quality evaluation division;
— SQuaRE extension division.
Figure 1 (adapted from ISO/IEC 25000) illustrates the organization of the SQuaRE family of International
Standards. Similar standards are grouped into divisions. Each division provides guidance and resources for
performing a different function in ensuring system and software product quality.

© ISO/IEC 2024 – All rights reserved
v
Figure 1 — Organization of SQuaRE family of International Standards
The divisions within the SQuaRE family are:
— ISO/IEC 25000 to ISO/IEC 25009 - quality management division. The International Standards that form
this division define all common models, terms, and definitions referred to by all other International
Standards from the SQuaRE family. This division also provides requirements and guidance for a
supporting function that is responsible for the management of the requirements, specification, and
evaluation of software product quality. Practical guidance on the use of the quality models is also
provided.
— ISO/IEC 25000: Guide to SQuaRE
— ISO/IEC 25001: Planning and management
— ISO/IEC 25002: Quality models overview and usage
— ISO/IEC 25010 to ISO/IEC 25019 - quality model division. The International Standards that form this
division present detailed quality models for computer systems and software products, data, IT services
and quality-in-use.
— ISO/IEC 25010: Product quality model
— ISO/IEC TS 25011: IT service quality model
— ISO/IEC 25012: Data quality model
— ISO/IEC 25019: Quality-in-use model
— ISO/IEC 25020 to ISO/IEC 25029 - quality measurement division. The International Standards that form
this division include a quality measurement framework, mathematical definitions of quality measures,
and practical guidance for their application. Examples are given of quality measures for internal and
external properties of products, data, IT services and quality-in-use. Quality measure elements (QME)
forming foundations for quality measures for internal and external properties of products are defined
and presented.
— ISO/IEC 25030 to ISO/IEC 25039 - quality requirements division. The International Standards that
form this division help specify quality requirements based on quality models and quality measures.
These quality requirements can be used in the process of eliciting quality requirements for information
systems and IT services to be developed or as input for an evaluation process.
— ISO/IEC 25040 to ISO/IEC 25049 - quality evaluation division. The International Standards that form
this division provide requirements, recommendations and guidelines for software product evaluation,

© ISO/IEC 2024 – All rights reserved
vi
whether performed by evaluators, acquirers or developers. The guideline for documenting a measure as
an evaluation module is also provided.
— ISO/IEC 25050 to ISO/IEC 25099 - SQuaRE extension division. These International Standards currently
include requirements for quality of ready-to-use software product (RUSP), Common Industry Formats
for usability reports, and quality models and measures for new technologies such as cloud services and
artificial intelligence.
The SQuaRE standards can be used in conjunction with ISO/IEC/IEEE 15288, particularly the processes
for the specification and evaluation of quality requirements. ISO/IEC 25030 describes how quality models
can be used for systems and software quality requirements; and ISO/IEC 25040 describes how the quality
models can be used for systems and software quality evaluation.
The SQuaRE standards can also be used in conjunction with ISO/IEC 33000 family of International Standards
which are concerned with software process assessment to provide:
— a framework for software product quality definition in the customer-supplier process;
— support for quality review, verification, and validation, as well as a framework for establishing
quantitative quality characteristics;
— support for setting organizational quality goals in the management process.
The SQuaRE standards can be used in conjunction with ISO 9001 (which is concerned with quality assurance
processes) to provide:
— support for setting quality goals;
— support for design review, verification, and validation.

© ISO/IEC 2024 – All rights reserved
vii
International Standard ISO/IEC 25002:2024(en)
Systems and software engineering — Systems and software
Quality Requirements and Evaluation (SQuaRE) — Quality
model overview and usage
1 Scope
This document establishes a framework for defining quality models which are composed of quality
characteristics and sub-characteristics. In particular, this document provides:
— the concept of a quality model;
— the structure and semantics of quality models;
— the relationship between quality models and the other concepts, including measurement, requirement
definition, and evaluation;
— guidelines, requirements and examples for using quality models.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
attribute
inherent property or characteristic of an entity that can be distinguished quantitatively or qualitatively by
human or automated means
[SOURCE: ISO/IEC 25000:2014, 4.1, modified — Notes to entry have been removed.]
3.2
component
entity with discrete structure, such as an assembly or software module, within a system (3.29) considered
at a particular level of analysis
Note 1 to entry: ICT products (3.8) are composed from multiple entities including sub-ICT products, hardware,
firmware, communication infrastructure, software, software components, and data
[SOURCE: ISO/IEC 19770-5:2015, modified — The term has been changed from "software component" to
"component"; the original note 1 to entry has been replaced by a new one.]

© ISO/IEC 2024 – All rights reserved
3.3
context of use
users (3.31), tasks, equipment (hardware, software and materials), and the physical and social environments
in which a product (3.15) is used
[SOURCE: ISO/IEC 25000:2014, 4.2]
3.4
data quality
capability of the characteristics of data to satisfy stated and implied needs when used under specified
conditions
[SOURCE: ISO/IEC 25000:2014, 4.5, modified— “degree to which the characteristics of data satisfy” has been
changed to “capability of the characteristics of data to satisfy”.]
3.5
developer
individual or organization that performs development activities [including requirements (3.25) analysis,
design, testing through acceptance] during the system (3.29) or software life cycle process
[SOURCE: ISO/IEC 25000:2014, 4.6]
3.6
direct user
person who interacts with the product (3.15)
Note 1 to entry: This includes primary users (3.31) who use the system (3.29) to achieve their goals and secondary
users like content providers, system managers, administrators, operators and installers.
3.7
evaluator
individual or organization that performs an evaluation
[SOURCE: ISO/IEC 25000:2014, 4.10]
3.8
ICT product
product (3.15) which uses information and communication technologies (ICTs) and can be a part of
information system (3.10)
Note 1 to entry: ICT product can constitute other ICT products (sub-products) and sometimes a component (3.2) of
an ICT product can also be considered as ICT products by themselves. Examples of ICT products includes computer
hardware, software products (3.15), and data.
Note 2 to entry: ICT product refers to combination of one or more technology components (e.g. cloud, internet, data,
multimedia, communication, hardware, firmware, software, and middleware) that enables modern computing and
allows people and organizations to interact and operate in the digital world.
Note 3 to entry: ICT product does not include people, machines, infrastructure, and other facilities which are
independent from communication and data. ICT product includes hardware with embedded computer, such as sensors
and communicators, but not the users (3.31).
Note 4 to entry: While many artefacts like data sheets, user manuals, installation manuals, operations guides, and
configuration guides contribute to the quality of an ICT product and the information system that constitutes it, they
are not ICT products by themselves.
[SOURCE: ISO/IEC 25030:2019, 3.8, modified — The original note 1 to entry has been removed; 4 new notes
to entry have been added.]
3.9
indirect user
person who receives output from a system (3.29), but does not interact with the system
EXAMPLE business managers, acquirers, product managers

© ISO/IEC 2024 – All rights reserved
3.10
information system
system (3.29) that comprises software, hardware, communication facility, data, and the people who use it
[users (3.31)] in a given (user and system) environment to satisfy their information processing needs (goals)
Note 1 to entry: While information systems can be part of larger systems that include other electro-mechanical products
(3.15) and their users, this document considered these components (3.2) as part of the context of use (3.3) of the system
only if they have a direct relevant relationship to the ICT products (3.8) and users who are part of the information
system. However, many of the quality attributes (3.1) can be applied to these larger systems of systems as well.
Note 2 to entry: The quality-in-use (3.18) model can be used as a guide to represent the user’s expectations about the
system's behaviour.
Note 3 to entry: Users of the quality-in-use includes direct (3.6) and indirect users (3.9). When applied to direct users,
quality-in-use appears as “effect”; and when applied to other stakeholders (3.26) it appears as “influence”.
[SOURCE: ISO/IEC 25030:2019, 3.10, modified — "(users)", "(user and system)" and "(goals)" have been
added; the original note 1 to entry has been removed; 3 new notes to entry have been added.]
3.11
IT service
service that makes use of IT systems (3.29) as tools to provide value to an individual user (3.31) or a business
by facilitating results the user or business wants to achieve
Note 1 to entry: Users include customers and service providers.
[SOURCE: ISO/IEC TS 25011:2017, modified — The preferred term "information technology service" has
been removed; the original note 1 to entry has been replaced by a new one.]
3.12
IT service system
system (3.29) that is comprised of an IT service (3.11) and the people who use it [users (3.31)] in a given
(user) environment to satisfy their service needs
3.13
IT service quality
capability of an IT service (3.11) to satisfy stated and implied quality needs when delivered under specified
conditions
Note 1 to entry: This definition differs from the ISO 9000:2015 quality definition mainly because the IT service quality
definition refers to the satisfaction of stated and implied needs, while the ISO 9000 quality definition refers to the
satisfaction of requirements (3.25).
Note 2 to entry: Typically, users (3.31) do not consider IT services that only satisfy delivery requirements as high-
quality IT services. Quality relates to satisfying and even surpassing expectations within associated constraints and
conditions.
[SOURCE: ISO/IEC TS 25011:2017, 3.3.10, modified — "degree to which an IT service satisfies" has been
changed to "capability of an IT service to satisfy"; "quality" has been added; "used" has been changed to
"delivered"; notes 1 and 2 to entry have been added.]
3.14
maintainer
individual or organisation that performs maintenance activities
[SOURCE: ISO/IEC 25000:2014, 4.17, modified — Note 1 to entry has been removed.]

© ISO/IEC 2024 – All rights reserved
3.15
product
artefact that is produced, is quantifiable, and is deliverable to user (3.31) as either an end item in itself or a
component (3.2) item
Note 1 to entry: In this document, product refers to an ICT product (3.8) that is part of an information system (3.10).
ICT product components include subsystems, software, firmware, hardware, data, communication infrastructure, and
other elements that are part of the ICT product.
[SOURCE: ISO/IEC 25030:2019, 3.12, modified — The original notes 1 and 2 to entry have been replaced by a
new note to entry.]
3.16
product quality
capability of a system (3.29) or its components (3.2) to satisfy stated and implied quality needs when used
under specific conditions
Note 1 to entry: This quality definition is semantically similar to the ISO 9000:2015 quality definition. This software
quality definition refers to the satisfaction of stated and implied needs, and the ISO 9000 quality definition refers
to fulfil requirements (ISO 9000:2015, 3.6.4) defined as “need or expectation that is stated, generally implied or
obligatory”.
Note 2 to entry: Product quality model refers to the system and software product quality model defined in
ISO/IEC 25010.
Note 3 to entry: Typically, users (3.31) do not consider systems (3.29) that only satisfy requirements as high-quality
systems. Quality is related with satisfying and even surpassing expectations with associated constraints and
conditions.
[SOURCE: ISO/IEC 25020:2019, 3.17, modified — The preferred term "system and software product quality"
has been removed; "system and/or software" has been replaced by "system or its components"; "implied
needs" has been replaced by "implied quality needs"; notes 1 and 3 to entry have been added.]
3.17
quality characteristic
category of quality attributes (3.1) that bears on the quality of the ICT product (3.8) or information system (3.10)
Note 1 to entry: Quality characteristics can be further divided into quality sub-characteristics (3.24). While
characteristics typically represent one aspect of quality that is of interest to stakeholders (3.26), quality sub-
characteristics can help subdivide quality characteristics into individual aspects that help mapping them to quality
properties (3.22).
[SOURCE: ISO/IEC 25000:2014, 4.34, modified — The term has been changed from "software quality
characteristic" to "quality characteristic", the definition has been adapted to apply to a larger scope of
products and systems; the original note 1 to entry has been replaced by a new one.]
3.18
quality-in-use
extent to which the system (3.29) or product (3.15), when it is used in a specified context of use (3.3) satisfies
or exceeds stakeholders’ needs (3.27) to achieve specified beneficial goals or outcomes
Note 1 to entry: Beneficial goals can be stated as targets, in predefined conditions with managed economic,
environmental, organizational, and societal risks.
Note 2 to entry: The quality-in-use (3.18) model can be used as a guide to represent the user’s (3.31) expectations about
the system's behaviour.
Note 3 to entry: Users of the quality-in-use includes direct (3.6) and indirect users (3.9). When applied to direct users,
quality-in-use appears as “effect”; and when applied to other stakeholders (3.26) it appears as “influence”.

© ISO/IEC 2024 – All rights reserved
3.19
quality measure
derived measure that is defined as a measurement function of two or more values of quality measure
elements (3.20))
Note 1 to entry: Quality measures can be considered as derived properties of an ICT product (3.8) or information
system (3.10).
Note 2 to entry: Inherent (structural) quality measures quantify structural properties of the ICT product or
information system, while behavioural quality measures quantify properties that can be identified and measured on
the ICT product or information system as a whole and its behaviour in a context of use (3.3).
[SOURCE: ISO/IEC 25021:2012, 4.13, modified — Notes 1 and 2 to entry have been added.]
3.20
quality measure element
measure defined in terms of a property and the measurement method for quantifying it, including optionally
the transformation by a mathematical function
[SOURCE: ISO/IEC 25020:2019, 3.14, modified — The abbreviated term "QME" and note 1 to entry have been
removed.]
3.21
quality model
defined set of characteristics (3.17) and of relationships between them, which provides a framework for
specifying quality requirements (3.23) and evaluating the quality
[SOURCE: ISO/IEC 25000:2014, 4.27]
3.22
quality property
property of a target entity (3.30) that is related to a quality measure element (3.20) and which can be
quantified by a measurement method
Note 1 to entry: Quality properties can be used either in measurement of quality or just for providing qualitative
feedback.
Note 2 to entry: The term “quality property” is regarded as the same to the term “property to quantify” when
describing quality. Then, the definition is the same to the one that is originally for the term “property to quantify” of
ISO/IEC 25020:2019, 3.11.
3.23
quality requirement
requirement (3.25) for quality properties (3.22) or attributes (3.1) of an ICT product (3.8), data, or service that
satisfy needs which ensue from the purpose for which that ICT product, data, or service is to be used
[SOURCE: ISO/IEC 25030:2019, 3.15, modified —note 1 to entry has been removed.]
3.24
quality sub-characteristic
set of one or more quality properties (3.22) that represent a unique aspect of a quality characteristic (3.17)
3.25
requirement
statement which translates or expresses a need and its associated constraints and conditions
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.36]

© ISO/IEC 2024 – All rights reserved
3.26
stakeholder
individual or organisation having a right, share, claim, or interest in a system (3.29) or in its possession of
characteristics that meet their needs and expectations
EXAMPLE Stakeholders include customers, users (3.31), developers (3.5), maintainers (3.14), system integrators,
business analysts, vendor and acquisition managers, product managers, business managers and responsible parties,
independent evaluators (3.7), data owners, IT service (3.11) providers, trainers, auditors, regulatory bodies, and other
people affected by the system.
Note 1 to entry: Some stakeholders can have interests that oppose each other or oppose the system.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.44, modified — The EXAMPLE has been updated.]
3.27
stakeholder need
prerequisite identified as necessary for a stakeholder (3.26), or a set of stakeholders, to achieve an intended
outcome, implied or stated within a specific context of use (3.3)
3.28
sub-sub-characteristic
subdivision of a quality sub-characteristic (3.24) established by the user (3.31) of a quality model (3.21) to
provide more granular representation of the quality attributes (3.1) of a target entity (3.30)
3.29
system
arrangement of parts or elements that together exhibit a stated behaviour or meaning that the individual
constituents do not
Note 1 to entry: A system is sometimes considered as a product (3.15) or as the services it provides.
Note 2 to entry: In practice, the interpretation of its meaning is frequently clarified by the use of an associative noun,
e.g. aircraft system. Alternatively, the word “system” is substituted simply by a context-dependent synonym (e.g.
aircraft), though this potentially obscures a system principles perspective.
Note 3 to entry: A complete system includes all of the associated equipment, facilities, material, computer programs,
firmware, technical documentation, services, and personnel required for operations and support to the degree
necessary for self-sufficient use in its intended environment.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.46]
3.30
target entity
fundamental thing of relevance to the user (3.31), about which information is kept, and which needs to be
measured
Note 1 to entry: Target entities include ICT products (3.8) and their components (3.2) for ISO/IEC 25010, IT services
(3.11) for ISO/IEC TS 25011, and data for ISO/IEC 25012.
[SOURCE: ISO/IEC 25021:2012, 4.17, modified — "need" has been changed to "which needs"; note 1 to entry
has been added.]
3.31
user
individual or group that interacts with a system (3.29) or benefits from a system during its utilization
Note 1 to entry: Direct users (3.6) interact with a system; and direct and indirect users (3.9) can benefit from a system.
[SOURCE: ISO/IEC/IEEE 15939:2017, 3.40, modified — Note 1 to entry has been added.]

© ISO/IEC 2024 – All rights reserved
3.32
validation
confirmation, through the provision of objective evidence, that the requirements (3.25) for a specific intended
use or application have been fulfilled
Note 1 to entry: The objective evidence needed for a validation is the result of a test or other form of determination
such as performing alternative calculations or reviewing documents.
Note 2 to entry: The word “validated” is used to designate the corresponding status.
Note 3 to entry: The use conditions for validation can be real or simulated.
[SOURCE: ISO 9000:2015, 3.8.13]
3.33
verification
confirmation, through the provision of objective evidence, that specified requirements (3.25) have been
fulfilled
Note 1 to entry: The objective evidence needed for a verification can be the result of an inspection or of other forms of
determination such as performing alternative calculations or reviewing documents.
Note 2 to entry: The activities carried out for verification are sometimes called a qualification process.
Note 3 to entry: The word “verified” is used to designate the corresponding status.
[SOURCE: ISO 9000:2015, 3.8.12]
4 Abbreviated terms
ICT information and communication technology
IT information technology
5 Guidance for using SQuaRE quality models
Quality models in the quality model division and quality extension division of SQuaRE are aligned with
quality model structures enumerated in this document. The SQuaRE quality models in the quality model
division and quality extension division are elaborated with a structure of quality characteristics and sub-
characteristics that provide a basis for quantifying them with quality measures in the quality measurement
division.
Users of SQuaRE quality models should abide by the following guidelines when interpreting and modifying
quality models for specific applications.
— Quality model: When quality models presented in the quality model division and quality extension
division are modified for application to niche products, services, or contexts of use, the modified models
should adopt the relevant quality characteristics as defined in an existing quality model division and
quality extension division quality model. Modifications and interpretations of the quality characteristics
and sub-characteristics for the niche application should be documented.
— Quality characteristic: Interpretations of quality characteristics for a specific information system or
context of use should not differ conceptually from the definition of the quality characteristics in the
relevant quality model from the quality model division or quality extension division.
— Quality sub-characteristic: When a quality model is applied to a specific ICT product, definitions of
quality sub-characteristics may be modified or customized to fit unique stakeholder requirements,
ICT product properties, or the context of use. The modified sub-characteristics should be documented
and conceptually consistent with the definition of the sub-characteristics in the relevant quality model.
To support traceability and consistency in applying a modified quality model, interpretations and
modifications to sub-characteristics should be documented in all guidelines developed locally for using

© ISO/IEC 2024 – All rights reserved
or applying or interpreting the modified quality model in a specific context of use. Interpretations and
modifications should also be included in any document reporting results using measures derived from
the model for purposes such as selection, benchmarking, or validation.
6 Quality model overview
A quality model is a defined set of characteristics and sub-characteristics that are quantified by quality
measures that can be used to define quality requirements and evaluate the quality properties of target
entities. Each quality model provides a framework for specifying quality requirements and measuring the
capability of a target entity. SQuaRE quality models are designed to apply to all types of target entities
and stakeholders. These models categorize the quality properties of target entities into different quality
characteristics and sub-characteristics that can be prioritized, defined, measured, evaluated, and managed
on behalf of multiple stakeholders. Quality characteristics can be used to guide the definition of quality
requirements derived from stakeholder needs and goals.
The quality models included in the quality model division enable both quantitative and qualitative evaluation
and feedback about target entities that can be provided to business and IT stakeholders. Quality models
are used for specifying quality requirements (quality requirements division), establishing quality measures
(quality measurement division), and performing quality evaluations (quality evaluation division).
The quality models include quality characteristics and sub-characteristics which are associated with the
quality properties of target entities. Thus, quality characteristics in these quality models can be used to
evolve checklists for ensuring a comprehensive evaluation of whether quality requirements are satisfied.
These evaluations provide feedback to system development, integration, maintenance, and other lifecycle
processes.
Quality models can be applied to target entities that are developed from scratch, acquired ready to use,
customized on a vendor system, integrated from open source, or in operation needing maintenance or
enhancement. Quality models are independent of development methods since they apply to quality properties
of all ICT products and IT services. Thus, measures of quality characteristics and sub-characteristics can
help quantify the satisfaction of stakeholder needs and requirement for a wide range of ICT systems and IT
services. When used with target entities in operation, measures derived from quality models quantify the
effect target entities have on stakeholders.
7 Quality model framework
7.1 Quality model structure
SQuaRE quality models in the the SQuaRE family of standards exhibit the following structural attributes.
— The quality model is focused on a clearly defined target entity representing a cohesive domain of
artefacts.
— The quality model is composed from a set of quality characteristics that collectively cover the measurable
quality properties of the target entity.
— When the number or complexity of a quality characteristic’s attributes justify it, a quality characteristic is
partitioned into a set of quality sub-characteristics that collectively cover the range of quality attributes
normally associated with that quality characteristic.
— The quality sub-characteristics associated with the quality characteristics relevant to a target entity
collectively cover the full set of measurable quality properties relevant to the target entity.
— To the extent possible, quality sub-characteristics are associated with measures that are mutually
exclusive in quantifying the quality properties of a target entity.
— Each quality characteristic or sub-characteristic is related to one or more quality measures whose
definition and calculation are described in the quality measurement division.

© ISO/IEC 2024 – All rights reserved
In some instances, a sub-characteristic may need to be represented in finer granularity to be applied in a
specific context of use. In such cases, the sub-characteristic may be subdivided into sub-sub-characteristics
that are documented for a specific use. However, sub-sub-characteristics are not included as elements in a
quality model standard in the quality model division since they are defined only for a specific scenario of
use. The sub-sub-characteristics are exhaustive in covering the full domain of measurable quality properties
related to their sub-characteristic in the context of use. The sub-sub-characteristics are also mutually
exclusive in covering the quality properties related to their associated sub-characteristic. Measures
appropriate to the context of use can be defined for each of the sub-sub-characteristics.
Figure 2 depicts the structure of a SQuaRE quality model and relationships between different model elements.
Each SQuaRE quality model focuses on a class of target entities such as ICT products, IT services, or data. A
SQuaRE quality model presents a structured representation of the quality characteristics of its target entity.
These quality characteristics can be decomposed into one or more sub-characteristics, each of which can
be measured by one or more quality measures. For instance, the quality properties of ICT products can be
quantified with quality measures related to the quality characteristics and sub-characteristics associated
with stakeholder requirements.
Figure 2 — Structure of quality models in the quality model division
NOTE Further elaboration on the ‘measure’ aspects of this figure can be found in quality measurement division
standards.
Quality characteristics and sub-characteristics represent various needs and quality requirements that
affect the capabilities of a target entity. These characteristics and sub-characteristics can be measured
by quality measures as described in the quality measurement division. While characteristics and sub-
characteristics of a quality model are common to all types of target entities, their importance can depend on
the specific type of target entity under evaluation. Some quality characteristics and sub-characteristics may
only be important for certain types of target entities. There may be trade-offs where enabling one quality
characteristic impacts another, such as the negative effect on usability from increased security, or the
negative effect on maintainability from the increased complexity that often results from designing software
for performance efficiency.
© ISO/IEC 2024 – All rights reserved
Quality characteristics and sub-characteristics are associated with quality measures that are used to
evaluate the capability of a system to determine whether it meets quality requirements. Users of quality
models and their measures should define relationships and build traceability from quality characteristics,
sub-characteristics, and measures to the quality properties of the target entity under evaluation. This
traceability allows other stakeholders to understand how the target entity was evaluated and how to
interpret the quantitative results. Quality models may be modified or customized at the sub-characteristic
level (but not the characteristic level) for application in a specific context of use.
7.2 Quality model categories
There are two primary quality perspectives:
— quality of the ICT product, data, or IT service required to meet the needs of stakeholders (e.g. ICT product
security);
— quality-in-use as affecting users or other stakeholders in a specific context of use (e.g. satisfaction with
an interaction).
The quality of an ICT product is affected by the quality of its subsystems and components. An ICT product’s
software or firmware components share similar quality characteristics with the overall ICT product.
Although data quality affects the quality of ICT products, the quality model for data is defined by a
different set of quality characteristics than ICT products. Therefore, multiple quality models are needed
to address different contributors to information system and ICT product quality. the quality-in-use model
(ISO/IEC 25019) includes quality characteristics that describe the information system’s effe
...