Systems and software engineering -- Systems and software quality requirements and evaluation (SQuaRE) -- Quality requirements framework

This document provides the framework for quality requirements for systems, software products and data, which includes concept of the quality requirements, and requirements and recommendations for the processes and methods to elicit, define, use and govern them. Intended readers of this document include, but are not limited to: — acquirers: evaluate if the system/software products/data fulfills their value proposition, i.e., meets the expected quality, — developers: design, implement and test the system/software products/data to ensure that it meets the expected quality, — testers: verify and validate that the system/software products/data meets the expected quality, — project managers: plan, monitor and control the achievement of the expected quality, and — independent evaluators: evaluate the system/software products/data with the objective criteria. This document complies with the technical processes defined in ISO/IEC/IEEE 15288, which are relevant for elicitation of stakeholders' quality needs and for defining, analyzing and maintaining quality requirements. In this document, the quality models in ISO/IEC 25010 and ISO/IEC 25012 are used to categorize quality requirements and to provide a basis for quantifying them in terms of quality measures in the quality measure division of ISO/IEC 2502n. This document does not cover specification of the other requirements (such as functional requirements, process requirements, etc.), and prescribes neither any specific quality measure nor any specific development process.

Titre manque

General Information

Status
Published
Publication Date
27-Aug-2019
Current Stage
6060 - International Standard published
Start Date
07-Aug-2019
Completion Date
28-Aug-2019
Ref Project

RELATIONS

Buy Standard

Standard
ISO/IEC 25030:2019 - Systems and software engineering -- Systems and software quality requirements and evaluation (SQuaRE) -- Quality requirements framework
English language
46 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 25030
Second edition
2019-08
Systems and software engineering —
Systems and software quality
requirements and evaluation
(SQuaRE) — Quality requirements
framework
Reference number
ISO/IEC 25030:2019(E)
ISO/IEC 2019
---------------------- Page: 1 ----------------------
ISO/IEC 25030:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2019

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2019 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 25030:2019(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 2

4 Abbreviated terms .............................................................................................................................................................................................. 4

5 Conformance ............................................................................................................................................................................................................. 5

6 Concept of quality requirements ......................................................................................................................................................... 5

6.1 General ........................................................................................................................................................................................................... 5

6.2 Types of quality requirements .................................................................................................................................................. 5

6.3 Targets for quality requirements ............................................................................................................................................ 5

6.4 Quality models and measures for quality requirements .................................................................................... 7

6.5 Important considerations of quality requirements................................................................................................. 7

6.5.1 Sources of quality requirements ........................................................................................................................ 7

6.5.2 Categories of ICT products ...................................................................................................................................... 8

6.5.3 Interrelation with functional/data requirements ............................................................................... 8

6.5.4 Derivation of quality requirements ................................................................................................................. 9

6.5.5 Quality requirements trade-offs ......................................................................................................................... 9

7 Quality requirements processes .......................................................................................................................................................10

7.1 General ........................................................................................................................................................................................................10

7.2 Overview of quality requirements processes ............................................................................................................10

7.3 Elicitation of quality needs ........................................................................................................................................................11

7.3.1 Identification of stakeholders ............................................................................................................................11

7.3.2 Defining stakeholder needs .................................................................................................................................11

7.4 Steps for defining quality requirements ........................................................................................................................12

7.4.1 Overall description ......................................................................................................................................................12

7.4.2 Definition of steps ........................................................................................................................................................14

8 Using and governing quality requirements ...........................................................................................................................16

8.1 Critical success factors for implementing quality requirements ..............................................................16

8.2 Quality requirements traceability .......................................................................................................................................17

8.3 Critical factors for testing quality requirements ....................................................................................................17

Annex A (informative) Recommended process for elicitation of quality needs ...................................................18

Annex B (informative) Example for mapping quality needs to quality characteristics ................................24

Annex C (informative) Example for specifying quality requirements ............................................................................27

Annex D (informative) Relationship to ISO/IEC/IEEE 15288 (System lifecycle processes) .....................28

Annex E (informative) Relationship to ISO/IEC/IEEE 29148 (Requirement engineering) .......................31

Annex F (informative) Derivation from quality in use requirements to product quality

requirements.........................................................................................................................................................................................................35

Annex G (informative) Example of relationship between product quality characteristics ......................37

Annex H (informative) Example of deployment and traceability of quality requirements to

software ......................................................................................................................................................................................................................39

Annex I (informative) Example of stakeholder-target matrix ................................................................................................40

Annex J (informative) Examples of level of quality required for different ICT products(using

decision table format) .................................................................................................................................................................................42

Annex K (informative) IT service quality requirements ...............................................................................................................45

© ISO/IEC 2019 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 25030:2019(E)

Bibliography .............................................................................................................................................................................................................................46

iv © ISO/IEC 2019 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 25030:2019(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that

are members of ISO or IEC participate in the development of International Standards through

technical committees established by the respective organization to deal with particular fields of

technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other

international organizations, governmental and non-governmental, in liaison with ISO and IEC, also

take part in the work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/patents) or the IEC

list of patent declarations received (see http: //patents .iec .ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso

.org/iso/foreword .html.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 7, Software and Systems Engineering.

This second edition cancels and replaces the first edition (ISO/IEC 25030:2007), which has been

technically revised.
The main changes compared to the previous edition are as follows:
— extension of the view from software to system;
— enhancement and deployment of quality requirements;
— clarification of quality requirements definition steps:
— stating them exhaustively by using the quality models;
— specifying them with the quality measures with criteria for evaluation;
— clarification of how to use quality requirements.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/members .html.
© ISO/IEC 2019 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC 25030:2019(E)
Introduction

It is important to identify and specify quality requirements as part of system, software and data

requirements, because finding the right balance of quality requirements, in addition to well-specified

functional requirements, is a critical success factor to meet the stakeholders' objectives. Quality

requirements are needed for:
— specifying the system, including contractual agreements and call for tender;
— planning the project, including feasibility analysis;

— developing the system, including identification of architecture drivers or potential quality problems

during development; and

— evaluating the system, including objective assessment and certification of quality.

This document focuses on defining, using and governing quality requirements. If not clearly defined,

they can be viewed, interpreted, implemented and evaluated differently by the relevant stakeholders.

This can result in systems that are inconsistent with user expectations and of poor quality; and time

and cost overruns to rework the system. Therefore quality requirements for the system need to be

specified clearly at the earliest stage of the development or acquiring process as possible, to provide a

critical input to the development or acquisition.

This document can be used to improve the quality of quality requirements, by providing requirements

and recommendations for them, and provides guidance for the steps used to define and use them.

Quality requirements can be categorized into characteristics/subcharacteristics by using the

quality models defined in the ISO/IEC 2501n family of standards. Measures of these characteristics/

subcharacteristics, which are defined in the ISO/IEC 2502n family of standards, can be used to specify

quality requirements and evaluate the quality of the target system or data. After ISO/IEC 25030:2007

was published, several international standards which define these models and measures have been

published and so the previous edition has become inconsistent with these standards.

Furthermore many systems are now deeply embedded into social infrastructures used in daily life. This

requires the systems to achieve much higher quality; e.g., connected systems need to be interoperable

and secure, reliable, maintainable and usable.

This revision updates the quality requirements division of SQuaRE series, aligning it with the other

divisions, and furthermore providing more practical guidelines for defining and using quality

requirements.

Figure 1 illustrates the organization of the SQuaRE series representing families of standards, further

called divisions. The SQuaRE series consists of five main divisions and on extension division. The

divisions within the SQuaRE series are:

— ISO/IEC 2500n — Quality Management Division. The standards that form this division define

all common models, terms and definitions used by all other standards in the SQuaRE series. The

division also provides requirements and guidance for the planning and management of a project.

— ISO/IEC 2501n — Quality Model Division. The standards that form this division provide quality

models for system/software products, quality in use (QIU), data, and IT services. Practical guidance

on the use of the quality model is also provided.

— ISO/IEC 2502n — Quality Measurement Division. The standards that form this division include

a system/software product quality measurement reference model, definitions of quality measures,

and practical guidance for their application. This division presents internal measures of software

quality, external measures of software quality, QIU measures and data quality measures. Quality

measure elements forming foundations for the quality measures are defined and presented.

— ISO/IEC 2503n — Quality Requirements Division. The standard that forms this division helps

specifying quality requirements. These quality requirements can be used in the process of quality

vi © ISO/IEC 2019 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/IEC 25030:2019(E)

requirements elicitation for a system/software product to be developed, designing a process for

achieving necessary quality, or as inputs for an evaluation process.

— ISO/IEC 2504n — Quality Evaluation Division. The standards that form this division provide

requirements, recommendations and guidelines for system/software product evaluation, whether

performed by independent evaluators, acquirers or developers. The support for documenting a

measure as an Evaluation Module is also presented.

ISO/IEC 25050 to ISO/IEC 25099 are reserved for SQuaRE extension International Standards, which

currently include in ISO/IEC 25051 requirements for quality of Ready to Use Software Products (RUSP)

and instructions for testing, and in ISO/IEC TR 25060 to ISO/IEC 25069 common industry format for

usability.
Figure 1 — Organization of the SQuaRE series of International Standards
© ISO/IEC 2019 – All rights reserved vii
---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO/IEC 25030:2019(E)
Systems and software engineering — Systems and software
quality requirements and evaluation (SQuaRE) — Quality
requirements framework
1 Scope

This document provides the framework for quality requirements for systems, software products and

data, which includes concept of the quality requirements, and requirements and recommendations for

the processes and methods to elicit, define, use and govern them. Intended readers of this document

include, but are not limited to:

— acquirers: evaluate if the system/software products/data fulfills their value proposition, i.e., meets

the expected quality,

— developers: design, implement and test the system/software products/data to ensure that it meets

the expected quality,

— testers: verify and validate that the system/software products/data meets the expected quality,

— project managers: plan, monitor and control the achievement of the expected quality, and

— independent evaluators: evaluate the system/software products/data with the objective criteria.

This document complies with the technical processes defined in ISO/IEC/IEEE 15288, which are

relevant for elicitation of stakeholders’ quality needs and for defining, analyzing and maintaining

quality requirements. In this document, the quality models in ISO/IEC 25010 and ISO/IEC 25012 are

used to categorize quality requirements and to provide a basis for quantifying them in terms of quality

measures in the quality measure division of ISO/IEC 2502n.

This document does not cover specification of the other requirements (such as functional requirements,

process requirements, etc.), and prescribes neither any specific quality measure nor any specific

development process.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 25000:2014, Systems and software engineering — Systems and software Quality Requirements

and Evaluation (SQuaRE) — Guide to SQuaRE

ISO/IEC 25010:2011, Systems and software engineering — Systems and software Quality Requirements

and Evaluation (SQuaRE) — System and software quality models

ISO/IEC 25012, Software engineering — Software product Quality Requirements and Evaluation

(SQuaRE) — Data quality model

ISO/IEC 25022, Systems and software engineering — Systems and software quality requirements and

evaluation (SQuaRE) — Measurement of quality in use

ISO/IEC 25023, Systems and software engineering — Systems and software Quality Requirements and

Evaluation (SQuaRE) — Measurement of system and software product quality
© ISO/IEC 2019 – All rights reserved 1
---------------------- Page: 8 ----------------------
ISO/IEC 25030:2019(E)

ISO/IEC 25024, Systems and software engineering — Systems and software Quality Requirements and

Evaluation (SQuaRE) — Measurement of data quality

ISO/IEC/IEEE 15288:2015, Systems and software engineering — System life cycle processes

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 25000 and the

following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/

NOTE The essential definitions from ISO/IEC 25000 and the other ISO standards are reproduced here.

3.1
classification axis

total range of a mapping of systems and software for categorizing them from a particular perspective

[SOURCE: ISO/IEC TR 12182:2015, 3.7]
3.2
context of use

conditions and constraints under which ICT products (3.8) are used by specific users (3.20) in a specific

environment to achieve specific goals as part of the larger information system (3.10)

Note 1 to entry: Environment includes physical aspects such as equipment and resources as well as social aspects

such as demographics and culture.
3.3
deployment
deployment of requirements
assignment of requirements (3.16) along with the system decomposition
3.4
derivation
derivation of requirements

translation and elaboration of requirements (3.16) from one type of requirements to another in the

same system level

Note 1 to entry: Types of requirements include quality in use (3.13) requirements, product quality requirements

(3.15) and data requirements.
3.5
domain-based requirement
requirement (3.16) originated from its application domain
3.6
functional requirement

requirement (3.16) that specifies a function that a system or system component shall perform

[SOURCE: IEEE 730:2014, 3.2]
3.7
ICT requirement

requirement (3.16) resulting from adoption of some information and communication technologies (ICTs)

technical solutions in the design process

Note 1 to entry: ICT technical solutions include web-based technologies, cloud servers, and so on.

2 © ISO/IEC 2019 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC 25030:2019(E)
3.8
ICT product

product (3.12) which uses information and communication technologies (ICTs) and can be a part of

information system (3.10)

Note 1 to entry: Figure 3 describes what ICT product consists of and the relationship to information system.

3.9
indirect user
person who receives output from a system, but does not interact with the system
EXAMPLE Executive manager, service acquirer.
[SOURCE: ISO/IEC 25010:2011, 4.3.6, modified — EXAMPLE has been added.]
3.10
information system

system that comprises of software, hardware, communication facility, data and the people who use it in

a given environment to satisfy their information processing needs
Note 1 to entry: Figure 3 describes what information system consists of.
3.11
primary user
user (3.20) who interacts with the system to achieve the primary goals
Note 1 to entry: The definition is adapted from ISO/IEC 25010:2011, 3.6.
3.12
product

artifact that is produced, is quantifiable and is deliverable to the user (3.20) as either an end item in

itself or a component item

Note 1 to entry: This definition is adapted from A Guide to the Project Management Body of Knowledge (PMBOK)

Fifth Edition.

Note 2 to entry: Product includes ICT products (3.8), software, and software components.

3.13
quality in use

extent to which the behavioral and attitudinal outcomes and consequences of use of a product (3.12),

system or service meets the needs of users (3.20) or other stakeholders (3.18) in specific contexts of

use (3.2)
3.14
quality measure

measure that is defined as a measurement function of two or more values of quality measure elements

[SOURCE: ISO/IEC 25010:2011, 4.3.10]
3.15
quality requirement

requirement (3.16) for quality properties or attributes of an ICT product (3.8), data or service that satisfy

needs which ensue from the purpose for which that ICT product, data or service is to be used

Note 1 to entry: Quality requirements in this document do not cover quality requirements for service.

3.16
requirement

statement which translates or expresses a need and its associated constraints and conditions

[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.37]
© ISO/IEC 2019 – All rights reserved 3
---------------------- Page: 10 ----------------------
ISO/IEC 25030:2019(E)
3.17
secondary user

user (3.20) who interacts with the product (3.12) to support the primary users (3.11)

EXAMPLE Content provider, system manager, administrator, security manager, maintainer, installer.

[SOURCE: ISO/IEC/IEEE 24765:2017, 3.3651, modified — The word "person" has been replaced with

"user"; EXAMPLE has been added.]
3.18
stakeholder

individual or organization having a right, share, claim or interest in a system or in its possession of

characteristics that meet their needs and expectations

Note 1 to entry: Stakeholders include users (3.20), developers, testers, project managers, acquirers, independent

evaluators, data owners, supporters, trainers, regulatory bodies and other people influenced by the system.

[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.44, modified — The original EXAMPLE and Note 1 to entry

have been replaced with a new Note 1 to entry.]
3.19
technical product quality requirement

product (3.12) quality requirement (3.15) on its technically identified properties which are used in its

development and maintenance processes
3.20
user

individual or group that interacts with a system or benefits from a system during its utilization

[SOURCE: ISO/IEC 25010:2011, 4.3.16, modified — NOTE has been removed.]
3.21
validation

confirmation, through the provision of objective evidence, that the requirements (3.16) for a specific

intended use or application have been fulfilled
[SOURCE: ISO/IEC 25000:2014, 4.41, modified — Note 1 to entry has been removed.]
3.22
verification

confirmation, through the provision of objective evidence, that specified requirements (3.16) have been

fulfilled
[SOURCE: ISO/IEC 25000:2014, 4.43, modified — Note 1 to entry has been removed.]
4 Abbreviated terms
ICT information and communication technology
PQR product quality requirement
QIUR quality in use requirement
DQR data quality requirement
SRS software requirements specification
StRS stakeholder requirements specification
SyRS system requirements specification
4 © ISO/IEC 2019 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC 25030:2019(E)
5 Conformance

Any quality requirements specification that conforms to this document shall meet all the requirements

described in Clauses 6, 7 and 8.
6 Concept of quality requirements
6.1 General

This clause describes the concept of quality requirements, including their target entities for which the

quality requirements are to be defined, and important considerations on them.
6.2 Types of quality requirements

Quality in use requirements (QIURs) specify the required levels of quality from the stakeholders' point

of view. These requirements are derived from the needs of various stakeholders. QIURs relate to the

outcome when the product is used in a particular context of use, and QIURs can be used as the target for

validation of the product.

Product quality requirements (PQRs) specify levels of quality required from the viewpoint of the ICT

product. Most of them are derived from stakeholder quality requirements including QIURs, which can

be used as targets for verification and validation of the target ICT product. Technical product quality

requirements are requirements for technically identified attributes (targeting specifications, source

code, etc.) to meet the other PQRs. Technical product quality requirements can be used as targets for

verification at various stages of development and maintenance.

NOTE 1 PQRs can also be used to specify attributes of deliverable, non-executable software products such as

documentation and manuals.

The data quality requirements (DQRs) specify levels of quality required for the data associated with

the product. These include requirements derived from QIURs and PQRs of input and output products.

DQRs can be used for verification and validation from the data side.

NOTE 2 Many DQRs can be derived from PQRs for the target product, while some DQRs such as data integrity

can be derived directly from QIURs.
6.3 Targets for quality requirements

The scope of the three types of quality requirements is shown in Figure 2. QIURs are defined on the

information system, which includes not only an ICT product but also its users and relevant environments

(e.g., mechanicals monitored/controlled by the ICT product and business processes in which the ICT

product is used). PQRs are defined on the ICT product or its constituents (including sub-ICT products,

hardware, communication facilities, software and, in some cases, software components), and DQRs are

defined on the data inside the ICT product.
© ISO/IEC 2019 – All rights reserved 5
---------------------- Page: 12 ----------------------
ISO/IEC 25030:2019(E)
Figure 2 — Scope of quality requirements

Figure 2 describes only the scope of each type of quality requirements, not describing the system

hierarchy, which is formally defined in Figure 3.
NOTE 1 Annex K describes how IT service quality requirements are to be treated.
Figure 3 — System hierarchy used in Figure 2

NOTE 2 Users include primary users, secondary users and indirect users. See Table 2.

NOTE 3 A “system of systems” can be considered an information system, which recursively includes some

subsidiary information systems.
6 © ISO/IEC 2019 – All rights reserved
---------------------- Page: 13 ------------------
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.