ISO/IEC 25040:2024

International
Standard
ISO/IEC 25040
Second edition
Systems and software
2024-09
engineering — Systems and
software Quality Requirements
and Evaluation (SQuaRE) — Quality
evaluation framework
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Concepts of quality evaluation . 2
4.1 Quality evaluation definition .2
4.2 Quality model and quality measures for quality evaluation .2
4.3 Measurement source .4
4.4 Tasks of quality evaluation .4
4.5 Quality rating module .4
4.6 Assessment using evaluation . .5
5 Quality evaluation process reference model . 5
5.1 Overview .5
5.2 Define the evaluation .7
5.2.1 Purpose .7
5.2.2 Outcomes .7
5.2.3 Activities .7
5.3 Design the evaluation .10
5.3.1 Purpose .10
5.3.2 Outcomes .10
5.3.3 Activities .11
5.4 Plan the evaluation . 12
5.4.1 Purpose . 12
5.4.2 Outcomes . 12
5.4.3 Activities . 13
5.5 Execute the evaluation .14
5.5.1 Purpose .14
5.5.2 Outcomes .14
5.5.3 Activities .14
5.6 Conclude the evaluation .14
5.6.1 Purpose .14
5.6.2 Outcomes .14
5.6.3 Activities . 15
Annex A (informative) Measurement source . 17
Annex B (informative) Examples of four types of quality evaluations .20
Annex C (informative) Quality evaluation process implementation through system/software
life cycle processes .24
Bibliography .29

© ISO/IEC 2024 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This second edition cancels and replaces the first edition (ISO/IEC 25040:2011), which has been technically
revised.
The main changes are as follows:
— alignment with the other SQuaRE divisions: quality management, model, measurement, and requirements;
— alignment with other standards for system/software life cycle processes and requirements engineering
processes;
— expansion of its target entities from software to ICT products, data, and IT services;
— expansion of types of quality evaluation from only requirements conformity to four types: quality
evaluation for suitability to a specific use, for qualification to quality standard, for conformity checking
to requirements, and for suitability to the market;
— clarification of concepts relating to quality evaluation;
— provision of more practical guidelines for planning a quality evaluation.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
iv
Introduction
Many systems and services are now deeply embedded into social infrastructures used in daily life. This
requires them to achieve much higher quality; for example, connected systems need to be interoperable,
secure, reliable, maintainable, and usable. Therefore, quality evaluation becomes ever more important.
The result of quality evaluation is used to objectively judge the value of the target entity in various business
situations, including:
— outsourcers judging whether the target entity satisfies their quality requirements, in the case of
outsourcing it;
— consumers or acquirers determining which product or service to be selected for their application, in the
case of acquisition.
This document provides requirements and recommendations for quality evaluation, as well as guidance for
its tasks.
Target entities for quality evaluation include ICT (information and communication technology) products
(systems, software products, etc.), data, and IT services. The quality model defined by ISO/IEC 2501n
provides comprehensive quality characteristics and subcharacteristics according to the types of target
entities. ISO/IEC 2502n defines quality measures corresponding to those quality models.
This document is one of the standards on SQuaRE developed by ISO/IEC JTC 1/SC 7 (ISO/IEC 25000 to
ISO/IEC 25099). Figure 1 (adapted from ISO/IEC 25000) illustrates the organization of the standards on
SQuaRE developed by ISO/IEC JTC 1/SC 7. Similar standards are grouped into divisions. Each division
provides guidance and resources for performing a different function in ensuring system and software
product quality.
— ISO/IEC 2500n - quality management division. The International Standards that form this division define
all common models, terms, and definitions referred to by all other International Standards on SQuaRE
developed by ISO/IEC JTC 1/SC 7. This division also provides requirements and guidance for a supporting
function that is responsible for the management of the requirements, specification, and evaluation of
software product quality. Practical guidance on the use of th
...