ISO/IEC 25010:2023

INTERNATIONAL ISO/IEC
STANDARD 25010
Second edition
2023-11
Systems and software engineering —
Systems and software Quality
Requirements and Evaluation
(SQuaRE) — Product quality model
Ingénierie des systèmes et du logiciel — Exigences de qualité et
évaluation des systèmes et du logiciel (SQuaRE) — Modèles de qualité
du produit
Reference number
© ISO/IEC 2023
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved

Contents Page
Foreword .iv
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Product quality model .9
4.1 Product quality model structure . 9
4.2 Targets of the product quality model . 10
5 Relationship to the quality-in-use model .11
Annex A (informative) Comparison with the product quality model in ISO/IEC 25010:2011.13
Annex B (informative) Example of mapping to dependability .15
Annex C (informative) Using the quality model for measurement .17
Annex D (informative) Quality from different stakeholders’ perspectives .19
Bibliography .21
iii
© ISO/IEC 2023 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of
any claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC
had not received notice of (a) patent(s) which may be required to implement this document. However,
implementers are cautioned that this may not represent the latest information, which may be obtained
from the patent database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall
not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This second edition of ISO/IEC 25010, together with the first edition of ISO/IEC 25002 and the first
edition of ISO/IEC 25019, cancels and replaces ISO/IEC 25010:2011, which has been technically revised.
The main changes are as follows:
— This document revises the product quality model part of ISO/IEC 25010:2011. The other parts are
moved to ISO/IEC 25002 on quality models overview and usage and ISO/IEC 25019 on quality-in-
use model. The quality characteristics and subcharacteristics of the product quality model are
revised for the purpose of better understanding and fitting the state of the art of ICT (information
and communication technology).
— The target of the product quality model has been extended to include various types of ICT product
and information system.
— Safety has been added as a quality characteristic with subcharacteristics, i.e. operational constraint,
risk identification, fail safe, hazard warning and safe integration.
— Usability and portability have been replaced with interaction capability and flexibility respectively.
— Inclusivity and self-descriptiveness, resistance, and scalability have been added as subcharacteristics
of interaction capability, security, and flexibility respectively.
— User interface aesthetics and maturity have been replaced with user engagement and faultlessness
respectively.
— Accessibility has been split into inclusivity and user assistance.
iv
© ISO/IEC 2023 – All rights reserved

— Several characteristics and subcharacteristics have been given more accurate names and definitions.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
v
© ISO/IEC 2023 – All rights reserved

Introduction
ICT (information and communication technology) products, including software products, are
increasingly used to perform a wide variety of organizational and personal activities. Realization of
goals and objectives for personal satisfaction, organizational success and/or human safety relies on
high-quality ICT products. High-quality ICT products are essential to providing value and avoiding
potential negative consequences for the stakeholders. The term “product” is used for ICT products which
can include software, data, hardware and communication facilities, and other ICT products throughout
this document. A product has a variety of influences on many classes of stakeholders including those
who develop, acquire, and use the product. Stakeholders also include customers of businesses using the
product, as well as the public under the influence of information systems using the product under real
operation.
A comprehensive specification and evaluation of the target product is a key factor in ensuring value
to stakeholders. This can be achieved by defining the necessary and desired quality characteristics
associated with the stakeholders' goals and objectives for the system. This includes quality
characteristics related to the product and data as well as the impact the system has on its stakeholders.
It is important that the quality characteristics be specified, measured, and evaluated whenever possible
using validated or widely accepted measures and measurement methods. The quality model in this
document can be used to establish requirements, their criteria for satisfaction and the corresponding
measures. A comparison with the product quality model in ISO/IEC 25010:2011 is given in Annex A.
This document is intended to be used in conjunction with the other documents in the SQuaRE family of
International Standards (ISO/IEC 25000 to ISO/IEC 25099).
This document is a part of the SQuaRE family of International Standards. Figure 1 illustrates the
organization of the SQuaRE family of International Standards. Similar standards are grouped into
divisions. Each division provides guidance and resources for performing a different function in
ensuring system and software product quality. This document belongs to the quality model division
and is aligned with ISO/IEC 25002 belonging to the quality management division.
Figure 1 — Organization of SQuaRE family of International Standards
The divisions within the SQuaRE family are;
— ISO/IEC 2500n - quality management division. The International Standards that form this division
define all common models, terms, and definitions referred to by all other International Standards
from the SQuaRE family. This division also provides requirements and guidance for a supporting
vi
© ISO/IEC 2023 – All rights reserved

function that is responsible for the management of the requirements, specification, and evaluation
of software product quality. Practical guidance on the use of the quality models is also provided.
— ISO/IEC 25000: Guide to SQuaRE
— ISO/IEC 25001: Planning and management
— ISO/IEC 25002: Quality models overview and usage
— ISO/IEC 2501n - quality model division. The International Standards that form this division present
detailed quality models for computer systems and software products, data, IT services and quality-
in-use.
— ISO/IEC 25010: Product quality model
— ISO/IEC TS 25011: Service quality models
— ISO/IEC 25012: Data quality model
— ISO/IEC 25019: Quality-in-use model
— ISO/IEC 2502n - quality measurement division. The International Standards that form this division
include a quality measurement framework, mathematical definitions of quality measures, and
practical guidance for their application. Examples are given of quality measures for internal and
external property of product, data, IT services and quality-in-use. Quality measure elements (QME)
forming foundations for quality measures for internal and external property of product are defined
and presented.
— ISO/IEC 2503n - quality requirements division. The International Standards that form this division
help specify quality requirements based on quality models and quality measures. These quality
requirements can be used in the process of eliciting quality requirements for information systems
and IT services to be developed or as input for an evaluation process.
— ISO/IEC 2504n - quality evaluation division. The International Standards that form this division
provide requirements, recommendations and guidelines for software product evaluation, whether
performed by evaluators, acquirers or developers. The guideline for documenting a measure as an
evaluation module is also provided.
— ISO/IEC 25050 to ISO/IEC 25099 - SQuaRE extension division. These International Standards
currently include requirements for quality of ready-to-use software product (RUSP) and instructions
for testing, Common Industry Format (CIF) for usability reports, and quality models and measures
for new technologies such as cloud services and artificial intelligence.
The SQuaRE standards can be used in conjunction with ISO/IEC/IEEE 12207 and ISO/IEC/IEEE 15288,
particularly the processes for the specification and evaluation of quality requirements. ISO/IEC 25030
describes how quality models can be used for systems and software quality requirements; and
ISO/IEC 25040 describes how the quality models can be used for systems and software quality
evaluation.
The SQuaRE standards can also be used in conjunction with ISO/IEC 33000 family of International
Standards which are concerned with software process assessment to provide:
— a framework for software product quality definition in the customer-supplier process;
— support for quality review, verification, and validation, as well as a framework for establishing
quantitative quality characteristics;
— support for setting organizational quality goals in the management process.
The SQuaRE standards can be used in conjunction with ISO 9001 (which is concerned with quality
assurance processes) to provide:
— support for setting quality goals;
vii
© ISO/IEC 2023 – All rights reserved

— support for design review, verification, and validation.
viii
© ISO/IEC 2023 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 25010:2023(E)
Systems and software engineering — Systems and software
Quality Requirements and Evaluation (SQuaRE) — Product
quality model
1 Scope
This document defines a product quality model, which is applicable to ICT (information and
communication technology) products and software products. The product quality model is composed
of nine characteristics (which are further subdivided into subcharacteristics) that relate to quality
properties of the products. The characteristics and subcharacteristics provide a reference model for
the quality of the products to be specified, measured and evaluated.
NOTE 1 In this document, a product refers to an ICT product that is part of an information system. ICT product
components include subsystems, software, firmware, hardware, data, communication infrastructure, and other
elements that are part of the ICT product.
This model can be used for requirements specification and evaluation of the target products’ quality
throughout their lifecycle by several stakeholders, including developers, acquirers, quality assurance
and control staff and independent evaluators. Activities in the product lifecycle that can benefit from
the use of this model include:
— eliciting and defining product and information system requirements;
— validating the comprehensiveness of requirements definition;
— identifying product and information system design objectives, and design necessary process for
achieving quality;
— identifying product and information system testing objectives;
— identifying quality control criteria as the part of quality assurance;
— identifying acceptance criteria for a product and/or an information system;
— establishing measures of product quality characteristics in support of these activities.
NOTE 2 Usage of the quality model for measurement is explained in Annex C.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
© ISO/IEC 2023 – All rights reserved

3.1
functional suitability
capability of a product to provide functions that meet stated and implied needs of intended users when
it is used under specified conditions
Note 1 to entry: Functional suitability is concerned with whether the functions meet not only stated and implied
needs, but also the functional specification (see C.1).
3.1.1
functional completeness
capability of a product to provide a set of functions that covers all the specified tasks and intended
users’ objectives
3.1.2
functional correctness
capability of a product to provide accurate results when used by intended users
Note 1 to entry: Precision is one of the attributes of correctness.
EXAMPLE In case of the products requiring high precision such as scientific software, the product can
provide precise results with the needed degree as well as accurate results.
3.1.3
functional appropriateness
capability of a product to provide functions that facilitate the accomplishment of specified tasks and
objectives
EXAMPLE A product provides the necessary and sufficient steps to complete a task, excluding any
unnecessary steps.
Note 1 to entry: Functional appropriateness corresponds to suitability for the task in ISO 9241-110.
3.2
performance efficiency
capability of a product to perform its functions within specified time and throughput parameters and
be efficient in the use of resources under specified conditions
Note 1 to entry: Resources can be CPU, memory, storage, and network devices.
Note 2 to entry: Resources can include other software products, the software and hardware configuration of the
system, energy, and materials (e.g. print paper, storage media).
3.2.1
time behaviour
capability of a product to perform its specified function under specified conditions so that the response
time and throughput rates meet the requirements
3.2.2
resource utilization
capability of a product to use no more than the specified amount of resources to perform its function
under specified conditions
3.2.3
capacity
capability of a product to meet requirements for the maximum limits of a product parameter
Note 1 to entry: Parameters can include the number of items that can be stored, the number of concurrent users,
the communication bandwidth, the throughput of transactions, and the size of a database.
3.3
compatibility
capability of a product to exchange information with other products, and/or to perform its required
functions while sharing the same common environment and resources
© ISO/IEC 2023 – All rights reserved

3.3.1
co-existence
capability of a product to perform its required functions efficiently while sharing a common
environment and resources with other products, without detrimental impact on any other product
3.3.2
interoperability
capability of a product to exchange information with other products and mutually use the information
that has been exchanged
Note 1 to entry: Information is meaningful data; and information exchange includes transformation of data for
exchange.
3.4
interaction capability
capability of a product to be interacted with by specified users to exchange information between a user
and a system via the user interface to complete the intended task
Note 1 to entry: Interaction capability in the product quality model and its subcharacteristics focus on a set of
attributes that enable interaction by users (or operators) to complete specific tasks in a variety of contexts of use.
On the other hand, usability as defined in the quality-in-use model (ISO/IEC 25019) comprehensively focuses on
outcomes of use to determine whether tasks are achieved by users with effectiveness, efficiency and satisfaction
in a specific context of use.
Note 2 to entry: Interaction capability is a prerequisite for usability.
Note 3 to entry: Interaction itself is defined in ISO TR 25060 as “exchange of information between a user and an
interactive system via the user interface”.
3.4.1
appropriateness recognizability
capability of a product to be recognized by users as appropriate for their needs
Note 1 to entry: Appropriateness recognizability depends on the ability to recognize the appropriateness of the
product functions from initial impressions of the product or system and/or any associated documentation.
Note 2 to entry: The information can be provided by the product to assist users in making decisions about the
adoption, acquisition, or use of products prior to the start of full-scale use, through demonstrations, tutorials,
documentation or, for a website, the information on the home page.
3.4.2
learnability
capability of a product to have specified users learn to use specified product functions within a specified
amount of time
3.4.3
operability
capability of a product to have functions and attributes that make it easy to operate and control
Note 1 to entry: Operability is related to controllability, user error robustness and conformity with user
expectations as defined in ISO 9241-110. It is also related to the effectiveness and efficiency of physical interface
devices (e.g. mouse, touch pen).
3.4.4
user error protection
capability of a product to prevent operation errors
© ISO/IEC 2023 – All rights reserved

3.4.5
user engagement
capability of a product to present functions and information in an inviting and motivating manner
encouraging continued interaction
Note 1 to entry: This refers to properties of the product that increase the pleasure and satisfaction of the user,
such as harmonious colour, intuitive user interface and friendly voice guidance.
3.4.6
inclusivity
capability of a product to be utilised by people of various backgrounds
Note 1 to entry: Backgrounds include (and are not limited to) people of various ages, abilities, cultures, ethnicities,
languages, genders, economic situations, education, geographical locations and life situations.
3.4.7
user assistance
capability of a product to be used by people with the widest range of characteristics and capabilities to
achieve specified goals in a specified context of use
Note 1 to entry: The range of capabilities includes language differences and disabilities associated with age, sight,
hearing, use of hands, arms and legs, etc.
Note 2 to entry: A set of specific rules and methods for software accessibility can be applied to ensure “user
assistance” in this document and in ISO/IEC 25019.
EXAMPLE A system that can interact with users using multiple input/output methods, such as voice, gaze,
and touch, in addition to visual display, in order to accommodate differences in vision, hearing, and body parts
that can be moved, or changes in these areas.
Note 3 to entry: Inconveniences or less effectiveness for users caused by differences or changes in their actual
contexts of use beyond those initially specified in the requirements can be resolved by repeating the quality
improvement cycle to find and resolve problems through iterative evaluation and requirements definition from
this quality characteristic perspective.
Such differences or changes in the context of use can include, for example, the following cases:
— when using the system while driving a car or flying in an airplane;
— when using the system interactively for emergency within short-time use and small screen view due to an
accident or a disaster;
— when a user is a beginner or is changing own task goal of use, usage, or skill and knowledge;
— when a user having different physical capabilities due to the type of injury or illness, or changes in time due
to healing or progression.
Also, other quality (sub)characteristics, typically such as adaptability (3.8.1) or flexibility (3.8), can be
collaboratively applied to improve user assistance and interaction capability (3.4).
3.4.8
self-descriptiveness
capability of a product to present appropriate information, where needed by the user, to make its
capabilities and use immediately obvious to the user without excessive interactions with a product or
other resources
Note 1 to entry: Other resources include user documentation, help desks, other users and other sources of
assistance.
EXAMPLE Instructions for user operation are divided and displayed or talked through step-by-step
interactively at the helpful timing of operation, in order to help users understand easily what is going on with the
system/software and to prevent users from becoming confused by receiving too many instructions at once.
© ISO/IEC 2023 – All rights reserved

3.5
reliability
capability of a product to perform specified functions under specified conditions for a specified period
of time without interruptions and failures
Note 1 to entry: Wear does not occur in software. Limitations in reliability are due to results from faults in
requirements, design and implementation, or from contextual changes.
Note 2 to entry: Dependability is often used as a synonym for reliability. However, dependability has a larger
scope in that it includes security (3.6), performance efficiency (3.2), and continuing support and others in addition
to the subcharacteristics of reliability as discussed in Annex B.
[SOURCE: ISO/IEC/IEEE 24765:2017, 3.3387, modified — "degree to which a system, product or
component performs" has been changed to "capability of a product to perform"; "without interruptions
and failures" has been added; the original note 1 to entry has been replaced by two new notes to entry.]
3.5.1
faultlessness
capability of a product to perform specified functions without fault under normal operation
Note 1 to entry: The concept of faultlessness can also be applied to other quality characteristics to indicate the
degree to which they meet required needs under normal operation.
3.5.2
availability
capability of a product to be operational and accessible when required for use
Note 1 to entry: Externally, availability can be assessed by the proportion of total time during which the system,
product or component is in an up state. Availability is therefore a combination of faultlessness (which governs
the frequency of failure), fault tolerance (3.5.3) and recoverability (3.5.4) (which governs the length of down time
following each failure).
Note 2 to entry: Failover or duplication of systems can be applied to support availability.
[SOURCE: ISO/IEC/IEEE 24765:2017, 3.313, modified — "degree to which a system or component is" has
been changed to "capability of a product to be"; the original note to entry has been replaced by two new
notes to entry.]
3.5.3
fault tolerance
capability of a product to operate as intended despite the presence of hardware or software faults
[SOURCE: ISO/IEC/IEEE 24765:2017, 3.1574, modified — “degree to which a system, product or
component operates” has been changed to “capability of a product to operate”.]
3.5.4
recoverability
capability of a product in the event of an interruption or a failure to recover the data directly affected
and re-establish the desired state of the system
Note 1 to entry: The length of the unavailable period following a failure, during which a product is not available
at the same level of use as before the failure, is determined by its recoverability. However, the recoverability of
a product depends on the recoverability of the computer system on which the product operates or a subset of its
functions.
3.6
security
capability of a product to protect information and data so that persons or other products have the
degree of data access appropriate to their types and levels of authorization, and to defend against attack
patterns by malicious actors
Note 1 to entry: As well as data stored in or by a product or system, security also applies to data in transmission.
© ISO/IEC 2023 – All rights reserved

3.6.1
confidentiality
capability of a product to ensure that data are accessible only to those authorized to have access
3.6.2
integrity
capability of a product to ensure that the state of its system and data are protected from unauthorized
modification or deletion either by malicious action or computer error
3.6.3
non-repudiation
capability of a product to prove that actions or events have taken place, so that the events or actions
cannot be repudiated later
3.6.4
accountability
capability of a product to enable actions of an entity to be traced uniquely to the entity
[SOURCE: ISO 7498-2:1989, 3.3.3, modified — "The property that ensures that" has been changed to
"capability of a product to enable"; "may be" has been changed to "to be".]
3.6.5
authenticity
capability of a product to prove that the identity of a subject or resource is the one claimed
[SOURCE: ISO/IEC/IEEE 24765:2017, 3.302, modified — “degree to which” has been changed to”
capability of a product”; the structure of the sentence has been changed accordingly.]
3.6.6
resistance
capability of a product to sustain operations while under attack from a malicious actor
Note 1 to entry: A malicious attack can include a denial of service attack, a ransomware attack, or other malicious
actions. Then, the following approaches can be applied to improve the capability of a product for the quality
subcharacteristic:
— to continuously protect itself from well-known attacks by removing potential flaws or weaknesses of the
product with the use of security (3.6) tools such as a security weakness diagnostic tool, vulnerability scanner
and static analysis tool;
— to minimize vulnerability of a product with secure software coding and/or by incorporating security
enhancement functions or mechanisms;
— to maintain product updates during its life time for security reasons.
3.7
maintainability
capability of a product to be modified by the intended maintainers with effectiveness and efficiency
Note 1 to entry: Modifications can include corrections, improvements or adaptation of the product to changes
in environment, and in requirements and functional specifications. Modifications include those carried out by
specialized support staff, and those carried out by business or operational staff, or end users.
Note 2 to entry: Maintainability includes installation of updates and upgrades.
Note 3 to entry: Maintainability can be interpreted as either an inherent capability of the product to facilitate
maintenance activities, or the quality-in-use experienced by the maintainers for the goal of maintaining the
product.
© ISO/IEC 2023 – All rights reserved

3.7.1
modularity
capability of
...