ISO/IEC 25001:2014

INTERNATIONAL ISO/IEC
STANDARD 25001
Second edition
2014-03-15
Systems and software engineering —
Systems and software Quality
Requirements and Evaluation
(SQuaRE) — Planning and
management
Ingénierie des systèmes et du logiciel — Exigences de qualité et
évaluation des systèmes et du logiciel (SQuaRE) — Planification et
gestion
Reference number
ISO/IEC 25001:2014(E)
©
ISO/IEC 2014

---------------------- Page: 1 ----------------------
ISO/IEC 25001:2014(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2014
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2014 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 25001:2014(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Conformance . 1
3 Normative references . 1
4 Terms and definitions . 2
5 Evaluation management concepts . 3
6 Requirements and recommendations for systems and software quality requirements
specification and quality evaluation . 4
6.1 General . 4
6.2 Organisation level activities . 4
6.3 Project Management level activities . 7
6.4 Analysis and use of evaluation results . 8
Annex A (informative) Quality Evaluation Project Plan Template .10
Bibliography .13
© ISO/IEC 2014 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 25001:2014(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the national bodies
casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 25001 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Systems and software engineering.
This second edition cancels and replaces the first edition (ISO/IEC 25001:2007), of which it constitutes
a minor revision.
The SQuaRE series of standards consists of the following divisions under the general title Systems and
Software Quality Requirements and Evaluation (SQuaRE):
— ISO/IEC 2500n, Quality Management Division,
— ISO/IEC 2501n, Quality Model Division,
— ISO/IEC 2502n, Quality Measurement Division,
— ISO/IEC 2503n, Quality Requirements Division, and
— ISO/IEC 2504n, Quality Evaluation Division.
ISO/IEC 25050 to ISO/IEC 25099 are reserved to be used for SQuaRE extension International Standards
and/or Technical Reports.
iv © ISO/IEC 2014 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 25001:2014(E)

Introduction
This International Standard provides details about the planning and management requirements
associated with systems and software product quality requirements and evaluation.
While this International Standard is mainly concerned with systems and software product quality
requirements and evaluation, wherever it is relevant the corresponding process requirements and
evaluation activities are also discussed.
This International Standard aims to clarify the requirements, which should be identified by the
organisation in order to ensure the success of specifying systems and software quality requirements
and executing the evaluation.
This International Standard is intended to be used in conjunction with the other documents of the
ISO/IEC 25000 SQuaRE series of standards. The ISO/IEC 25000 SQuaRE series replaces the ISO/IEC 9126
series and the ISO/IEC 14598 series.
This International Standard complies with the technical processes identified in ISO/IEC 15288:2008
and ISO/IEC 12207:2008 related to quality requirements definition and analysis.
Figure 1 — Organization of SQuaRE series of standards
Figure 1 (quoted after ISO/IEC 25000) illustrates the organisation of the SQuaRE series representing
families of standards, further called Divisions.
The Divisions within SQuaRE model are:
— ISO/IEC 2500n - Quality Management Division. The International Standards that form this
division define all common models, terms and definitions referred to by all other standards from
the SQuaRE series. Referring paths (guidance through SQuaRE documents) and high level practical
suggestions in applying proper standards to specific application cases offer help to all types of
users. The division also provides requirements and guidance for a supporting function, which is
responsible for the management of product requirements specification and evaluation.
© ISO/IEC 2014 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 25001:2014(E)

— ISO/IEC 2501n - Quality Model Division. The International Standards that form this division
present detailed quality models for systems and software product, quality in use and data. Practical
guidance on the use of the quality model is also provided.
— ISO/IEC 2502n - Quality Measurement Division. The International Standards that form this
division include a system and software product quality measurement reference model, mathematical
definitions of quality measures, and practical guidance for their application. This division presents
internal measures of software quality, external measures of system or software product quality
and quality in use measures. Quality measure elements forming foundations for the latter measures
are defined and presented.
— ISO/IEC 2503n - Quality Requirements Division. The International Standard that forms this
division helps specifying quality requirements. These quality requirements can be used in
the process of quality requirements elicitation for a product to be developed or as inputs for an
evaluation process. The requirements definition process is mapped to Stakeholder Requirements
Definition Process in Technical Processes defined in ISO/IEC 15288:2008 and ISO/IEC 12207:2008.
— ISO/IEC 2504n - Quality Evaluation Division. The International Standards that form this division
provide requirements, recommendations and guidelines for product evaluation, whether performed
by independent evaluators, acquirers or developers. The support for documenting a measure as an
Evaluation Module is also presented.
— ISO/IEC 25050-25099 - Extension Division. SQuaRE extension (ISO/IEC 25050 to ISO/IEC 25099)
is designated to contain system or software product quality International Standards and/or
Technical Reports that address specific application domains or that can be used to complement one
or more SQuaRE International Standards.
vi © ISO/IEC 2014 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO/IEC 25001:2014(E)
Systems and software engineering — Systems and software
Quality Requirements and Evaluation (SQuaRE) —
Planning and management
1 Scope
This International Standard provides requirements and recommendations for an organization
responsible for implementing and managing the systems and software product quality requirements
specification and evaluation activities through the provision of technology, tools, experiences, and
management skills.
The role of the evaluation group includes motivating employees and training them for the requirements
specification and the evaluation activities, preparing appropriate documents, identification or
development of required methods, and responding to queries on relevant technologies.
Technology management is related to the planning and management of a systems and software
quality requirements specification and evaluation process, measurements and tools. This includes
the management of development, acquisition, standardisation, control, transfer and feedback of
requirements specification and evaluation technology experiences within the organisation.
The intended users of this International Standard are those responsible for:
— managing technologies used for requirements specification and evaluation execution,
— specifying systems and software product quality requirements,
— supporting systems and software product quality evaluation,
— managing systems and software development organisations,
as well as those in a quality assurance function. However, it is also applicable to managers involved in
other systems or software related activities.
2 Conformance
In order to conform to this International Standard, an organisation shall apply requirements from
clause 6 giving the reasons for any exclusion, or describe its own recommendations and provide a
mapping to the original requirements.
3 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 25000:2014, Software Engineering — Software product Quality Requirements and Evaluation
(SQuaRE) — Guide to SQuaRE
ISO/IEC 25010:2011, Systems and software engineering — Systems and software Quality Requirements and
Evaluation (SQuaRE) — System and software quality models
ISO/IEC 25020:2007, Software engineering — Software product Quality Requirements and Evaluation
(SQuaRE) — Measurement reference model and guide
© ISO/IEC 2014 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/IEC 25001:2014(E)

ISO/IEC 25021:2012, Systems and software engineering — Systems and software Quality Requirements
and Evaluation (SQuaRE) — Quality measure elements
ISO/IEC 25022, Systems and software engineering - Systems and software Quality Requirements and
1)
Evaluation (SQuaRE) – Measurement of quality in use
ISO/IEC 25023, Systems and software engineering: Systems and software Quality Requirements and
2)
Evaluation (SQuaRE) – Measurement of system and software product quality
ISO/IEC 25024, Systems and software engineering: Systems and software Quality Requirements and
3)
Evaluation (SQuaRE) – Measurement of data quality
ISO/IEC 25030:2007, Software engineering — Software product Quality Requirements and Evaluation
(SQuaRE) — Quality requirements
ISO/IEC 25040:2011, Systems and software engineering - Systems and software Quality Requirements and
Evaluation (SQuaRE) – Evaluation process
ISO/IEC 25041:2012, Systems and software engineering — Systems and software Quality Requirements
and Evaluation (SQuaRE) — Evaluation guide for developers, acquirers and independent evaluators
ISO/IEC 25045:2010, Systems and software engineering — Systems and software Quality Requirements and
Evaluation (SQuaRE) — Evaluation module for recoverability
ISO/IEC 25051, Software engineering — Systems and software Quality Requirements and Evaluation
(SQuaRE) — Requirements for quality of Ready to Use Software Product (RUSP) and instructions for testing
ISO/IEC 15288:2008, Systems and software engineering — System life cycle processes
ISO/IEC 12207:2008, Systems and software engineering — Software life cycle processes
4 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 25000 and the following
apply.
4.1
evaluation
systematic determination of the extent to which an entity meets its specified criteria (ISO/IEC 12207:2008)
4.2
evaluation activity
assessment of systems or software product against targeted values of identified and applicable quality
characteristics performed using applicable techniques or methods
4.3
evaluation group
organization responsible for specifying the systems and software quality requirements as well as
managing and implementing the quality evaluation activities through the provision of technology, tools,
experiences, and management skills
Note 1 to entry: Software quality requirements could be specified previously by the requestor of the evaluation
while the evaluation group would verify presence and value of the software quality requirements.
1) To be published.
2) To be published.
3) To be published.
2 © ISO/IEC 2014 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC 25001:2014(E)

4.4
evaluation technology (technology used for evaluation)
techniques, processes, tools, measures and relevant technical information used for evaluation
EXAMPLE internal, external or quality in use measures or specific evaluation processes designed for
developers, acquirers or independent evaluators
4.5
techniques
methods and skills required to carry out a specific activity
5 Evaluation management concepts
The ISO/IEC 25001 is applicable to the evaluation group, which provides the organisation-wide support
to all projects in systems or software development, systems or software acquisition and third party
evaluation organisations (see Table 1).
Table 1 — System or software quality evaluation activities
DEVELOPED SYSTEMS or SOFTWARE ACQUIRED SYSTEMS or SOFTWARE
Development Activities Evaluation Activities Acquisition Activities Evaluation Activities
The “deliverables” are Evaluation of specific Purchase of the existing sys- Evaluate the product
dependent upon the “deliverables” (out- tem or ready-to-use software to be acquired apply-
chosen life cycle (see put of the project) products (RUSP) ing appropriate Inter-
ISO/IEC 15288 and e.g. System Design national Standards
ISO/IEC 12207) e.g. Review and Technical Reports
System Requirements from ISO/IEC 25000
Specification, Systems SQuaRE series
Design Specification
The main responsibilities of the evaluation group are:
— leading and management of systems or software quality evaluation related activities,
— leading the identification and definition of quality requirements,
— execution of quality requirements specification and quality evaluation projects,
— development of criteria for setting benchmarks for the evaluation,
— collection and analysis of evaluation group activities results,
— dissemination of results of evaluation group activities within the organisation,
— acquisition of relevant technical information,
— acquisition of evaluation technology,
— development of the proprietary (company-specific) standards and tools,
— evaluation of effectiveness and quality of systems or software acquisition and development,
— facilitation of technology transfer.
NOTE The evaluation group can be external or internal with respect to the organisation which is evaluating
the systems or software.
© ISO/IEC 2014 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/IEC 25001:2014(E)

6 Requirements and recommendations for systems and software quality re-
quirements specification and quality evaluation
6.1 General
The organisation shall develop policies and plans for quality requirements specification and quality
evaluation activities, which also includes the roles of the evaluation group.
For the requirements specification purposes ISO/IEC 25010 and ISO/IEC 25030 shall be applied. For
the evaluation execution purposes ISO/IEC 25040, ISO/IEC 25041 and ISO/IEC 25045 (when applicable)
shall be applied. For the requirements specification, quality measurement and evaluation execution
purposes ISO/IEC 25010 and ISO/IEC 25020 to ISO/IEC 25024 shall be applied.
The Quality Evaluation Project Plan (template example: Annex A) for an evaluation project shall identify
and describe activities applicable in the steps below:
— specifying systems and software quality requirements,
— defining the objectives of the systems and software quality evaluation,
— establishing evaluation requirements
— specifying the evaluation,
— designing the evaluation,
— executing the evaluation,
— analysing results.
The systems or software quality evaluation shall satisfy pre-defined criteria, including the following:
— conformance to international, national or internal standards (if applicable),
— ability to quantify and clearly present traceable results,
— use of suitable and effective technology and best practices.
6.2 Organisation level activities
Any organisation that develops, acquires or evaluates systems and/or software shall identify the
associated systems and/or software quality evaluation responsibilities and incorporate them into an
organisation policy.
6.2.1 O
...