ISO/IEC TS 25011:2017

TECHNICAL ISO/IEC TS
SPECIFICATION 25011
First edition
2017-06
Corrected version
2017-11
Information technology — Systems
and software Quality Requirements
and Evaluation (SQuaRE) — Service
quality models
Technologies de l'information — Exigences de qualité et évaluation
des systèmes et du logiciel (SQuaRE) — Modèle de qualité du service
Reference number
©
ISO/IEC 2017
© ISO/IEC 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
3.1 Quality in use model . 2
3.2 IT service quality model . 2
3.3 General . 6
4 Conformance . 8
5 Quality models framework . 8
5.1 Overview . 8
5.1.1 General. 8
5.1.2 Applying the quality in use model to IT services . 9
5.1.3 IT service quality model .10
5.2 Scope of the quality models .11
5.3 Applying the quality models to IT services .12
Annex A (informative) Context of using the model and different IT service types .13
Annex B (informative) IT service quality life cycle .14
Annex C (informative) Comparison with the quality models in ISO/IEC 25010 and ISO/
IEC 25012 .16
Annex D (informative) Definitions of the quality in use characteristics and sub-
characteristics from ISO/IEC 25010 .18
Annex E (informative) Feedback on this document .20
Bibliography .21
© ISO/IEC 2017 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso.org/iso/foreword.html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
A list of all parts in the ISO/IEC 25000 series is available on the ISO website.
This corrected version of ISO/IEC TS 25011:2017 incorporates the following corrections:
— headers have been corrected and now read “ISO/IEC TS” instead of “ISO/TS”.
iv © ISO/IEC 2017 – All rights reserved

Introduction
Information technology (IT) services are increasingly used to perform a wide variety of business and
personal functions. IT service quality reflects how well an IT service conforms to its given design or
how it compares to competitors in the marketplace.
Specification and evaluation of the quality of an IT service is critical for the IT services to meet the
stakeholders’ goals and objectives and this can be achieved by comprehensively defining the quality
characteristics associated with the stakeholders' goals and objectives for the IT services.
An IT service is provided by an IT service provider using components like people, processes, technology,
facilities and information, and can be orchestrated using an IT service provision system; these
components interact with each other to support the service as a whole. Existing software and data
quality models are not suitable to measure quality of IT service. IT service quality should be defined
and measured by using an IT service quality model and quality measures that take account of these five
components interacting.
This document provides quality models to support the specification and evaluation of the quality of IT
services that makes use of IT systems as tools to provide value to an individual user or a business by
facilitating results the user or business wants to achieve.
The quality models in this document include both objective measures of service quality and measures
of the users' perceptions of quality. That is, the IT service quality is using objective measurement as far
as possible to qualify the service characteristics, and other methods (such as assessment) can be used
to collect objective evidence and qualify intangible features or characteristics of the IT service.
This document is a part of the Quality Model Division (ISO/IEC 2501n) of the SQuaRE series. The
IT service quality models defined in this document are intended to be used in conjunction with the
other SQuaRE series International Standards, which are represented in Figure 1 (adapted from
ISO/IEC 25000).
Quality model
division
2501n
Quality
Quality
Quality management
requirements
evaluation
division
division
division
2500n
2503n
2504n
Quality measurement
division
2502n
Extension division 25050 - 25099
Figure 1 — Organization of SQuaRE series of International Standards
The divisions within the SQuaRE series are as follows.
— ISO/IEC 2500n — Quality Management Division. The International Standards that form
this division define all common models, terms and definitions further referred to by all other
© ISO/IEC 2017 – All rights reserved v

International Standards from the SQuaRE series. The division also provides requirements and
guidance for a supporting function that is responsible for a supporting function which is responsible
for the management of the requirements, specifications and evaluations of software products and
service quality.
— ISO/IEC 2501n — Quality Model Division. The International Standards or Technical Specifications
that form this division present detailed quality models for software, data and service. Furthermore,
in the software and IT service quality model, the internal and external quality characteristics are
decomposed into sub-characteristics. Practical guidance on the use of the quality models is also
provided.
— ISO/IEC 2502n — Quality Measurement Division. The International Standards that form this
division include a software product and service quality measurement reference model, mathematical
definitions of quality measures, and practical guidance for their application. Presented measures
apply to internal software quality, external software quality, data quality, service quality and
quality in use. Quality Measure Elements forming foundations for the latter measures are defined
and presented.
— ISO/IEC 2503n — Quality Requirements Division. The International Standard that forms this
division helps to specify quality requirements. These quality requirements can be used in the
process of quality requirements elicitation for a software product to be developed or as input for
an evaluation process and also used in the process of quality requirements elicitation for a service
to be provided. The requirements definition process is mapped to technical processes defined in
ISO/IEC 15288.
— ISO/IEC 2504n — Quality Evaluation Division. The International Standards that form this
division provide requirements, recommendations and guidelines for software product and service
evaluation, whether performed by evaluators, acquirers/customers or developers/providers. The
support for documenting a measure as an Evaluation Module is also presented.
— ISO/IEC 25050 to ISO/IEC 25099 are reserved for SQuaRE extension International Standards,
Technical Specifications, Publicly Available Specifications (PAS) and/or Technical Reports.
vi © ISO/IEC 2017 – All rights reserved

TECHNICAL SPECIFICATION ISO/IEC TS 25011:2017(E)
Information technology — Systems and software Quality
Requirements and Evaluation (SQuaRE) — Service
quality models
1 Scope
This document is applicable to IT services that support the needs of an individual user or a business.
IT services can be delivered personally or remotely by people, or by an IT application that could be in a
local or remote location (see Annex A).
These include two types of IT services:
a) services completely automated provided by an IT system;
b) services provided by a human using an IT system.
This document describes the use of two quality models for IT services.
a) This document defines an IT service quality model composed of eight characteristics (which are
further subdivided into sub-characteristics) that relate to properties of the IT service made up
from a combination of elements including people, processes, technology, facilities and information.
b) This document describes how the quality in use model in ISO/IEC 25010 which is composed of five
characteristics (some of them are further subdivided into sub-characteristics) can be applied to
the outcome when an IT service is used in a particular context of use. This model is applicable to
the complete service provision system composed of people, processes, technology, facilities and
information.
The characteristics and sub-characteristics provide consistent terminologies and check lists for
specifying, measuring and evaluating IT service quality.
The use of the IT service quality models can help:
— IT service providers to identify service quality requirements, and evaluate and improve the quality
of the service provided;
— customers to specify their requirements for the quality of service, define the acceptance criteria for
service, and evaluate the quality of an IT service; and
— a third party to evaluate the quality of an IT service.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 25010, Systems and software engineering — Systems and software Quality Requirements and
Evaluation (SQuaRE) — System and software quality models
ISO/IEC 25012, Software engineering — Software product Quality Requirements and Evaluation
(SQuaRE) — Data quality model
© ISO/IEC 2017 – All rights reserved 1

3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 25010, ISO/IEC 25012
and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
3.1 Quality in use model
The characteristics and their related sub-characteristics are listed in Table 1.
Table 1 — Quality in use characteristics and subcharacteristics
Effectiveness Freedom from risk
Efficiency    Economic risk mitigation
Satisfaction    Health and safety risk mitigation
Usefulness    Environmental risk mitigation
Trust Context coverage
Pleasure    Context completeness
Comfort    Flexibility
These quality in use characteristics and sub-characteristics are defined in ISO/IEC 25010 and the
specific definitions are provided in Annex D.
When this model is applied to an IT service:
a) context completeness includes SLA coverage: the degree to which an IT service can be used with
effectiveness, efficiency, freedom from risk and satisfaction in the context specified by the SLA;
b) health and safety risk mitigation includes mitigation of risks to security, confidentiality and
privacy.
3.2 IT service quality model
The characteristics and their related sub-characteristics are listed in Table 2.
Table 2 — IT service quality characteristics and subcharacteristics
Suitability IT service reliability
Completeness    Continuity
Correctness    IT service recoverability
Appropriateness    Availability
Consistency Tangibility
Usability    Visibility
Appropriateness recognizability    Professionalism
Learnability    IT service interface appearance
Operability Responsiveness
User error protection    Timeliness
Accessibility    Reactiveness
Courtesy IT service adaptability
Security    Customizability
2 © ISO/IEC 2017 – All rights reserved

Table 2 (continued)
Confidentiality    Initiative
Integrity IT service maintainability
Traceability    Analysability
Modifiability
Testability
3.2.1
suitability
degree to which an IT service (3.3.2) meets stated and implied needs when used in a specified
context of use
[SOURCE: ISO/IEC 25010:2011, 4.2.1, modified — “a product or system” has been replaced by “an IT
service” and “provides functions” has been deleted.]
3.2.1.1
completeness
degree to which an IT service (3.3.2) supports all the specified goals, objectives and data specified by
the user (3.3.4)
3.2.1.2
correctness
degree to which an IT service (3.3.2) uses the correct process and produces the correct results with
accurate data
3.2.1.3
appropriateness
degree to which an IT service (3.3.2) provides results that are appropriate for the user (3.3.4) needs
3.2.1.4
consistency
degree to which repeated or similar related IT services (3.3.2) provided consistent quality
3.2.2
usability
degree to which an IT service (3.3.2) can be used by specified users (3.3.4) to achieve specified goals
with effectiveness, efficiency and satisfaction in a specified context of use
[SOURCE: ISO/IEC 25010:2011, 4.2.4, modified — “a product or system” has been replaced by “an IT
service”.]
3.2.2.1
appropriateness recognizability
degree to which users (3.3.4) can recognize whether an IT service (3.3.2) is appropriate for their needs
Note 1 to entry: Appropriateness recognizability will depend on the ability to recognize the appropriateness
(3.2.1.3) of the service from initial impressions of these services and/or any associated documentation.
Note 2 to entry: The details of the service could be explained to potential means such as documentation,
presentation or promotional materials.
[SOURCE: ISO/IEC 25010:2011, 4.2.4.1, modified — “a product or system” has been replaced by “an IT
service”.]
3.2.2.2
learnability
degree to which an IT service (3.3.2) can be learned by users (3.3.4) to achieve a specified level of
effectiveness, efficiency, freedom from risk and satisfaction within a specified amount of time and
context of use
© ISO/IEC 2017 – All rights reserved 3

3.2.2.3
operability
degree to which an IT service (3.3.2) has attributes that make it easy to operate and control
[SOURCE: ISO/IEC 25010:2011, 4.2.4.2, modified — “a product or system” has been replaced by “an IT
service”.]
3.2.2.4
user error protection
degree to which an IT service (3.3.2) protects users (3.3.4) against making errors
3.2.2.5
accessibility
degree to which an IT service (3.3.2) can be used by people with the widest range of characteristics and
capabilities to achieve a specified goal in a specified context of use
Note 1 to entry: The range of capabilities includes disabilities such as those associated with age, sight, hearing
and physical mobility.
Note 2 to entry: Accessibility for people with disabilities can be specified or measured either as the extent
to which an IT service can be used by users (3.3.4) with specified disabilities to achieve specified goals with
effectiveness, efficiency, freedom from risk and satisfaction in a specified context of use, or by the presence of
product properties that support accessibility.
[SOURCE: ISO/IEC 25010:2011, 4.2.4.6, modified — “a product or system” has been replaced by “an IT
service”.]
3.2.2.6
courtesy
degree to which the IT service (3.3.2) is provided in a polite, respectful and friendly way
3.2.3
security
degree to which an IT service (3.3.2) protects both user’s (3.3.4) assets and access to their information
so that users have the degree of information access appropriate to their levels of authorization
3.2.3.1
confidentiality
degree to which an IT service (3.3.2) ensures that data are accessible only to those authorized to
have access
[SOURCE: ISO/IEC 25010:2011, 4.2.6.1, modified — “a product or system” has been replaced by “an IT
service”.]
3.2.3.2
integrity
degree to which an IT service (3.3.2) prevents unauthorized access to or modification of data whether
accidently or intentionally
[SOURCE: ISO/IEC 25010:2011, 4.2.6.2, modified —“a system, product or component” has been replaced
by “IT service” and “whether accidently or intentionally” has been added.]
3.2.3.3
traceability
degree to which the IT service (3.3.2) outcomes can be traced to or from the user (3.3.4) needs
EXAMPLE 1 The customer (3.3.3) of the online-order room wants to know the progress about the reservation.
In this situation, it expresses “from the customer’s needs”.
EXAMPLE 2 The hotel wants to know the progress of payment about the reservation of the customer. In this
situation, it expresses “to the customer’s needs”.
4 © ISO/IEC 2017 – All rights reserved

3.2.4
IT service reliability
degree to which an IT service (3.3.2) provides consistent and stable IT service outcomes
3.2.4.1
continuity
degree to which the IT service (3.3.2) is provided under all foreseeable circumstances, including
mitigating the risks resulting from interruption to an acceptable level
3.2.4.2
IT service recoverability
degree to which, in the event of an interruption or a failure or disaster, the original IT service (3.3.2) and
its functions and data can be re-established and made accessible
3.2.4.3
availability
degree to which an IT service (3.3.2) is available to users (3.3.4) when needed
3.2.5
tangibility
degree to which the tangible aspects of the IT service (3.3.2) effectively communicate and support
the service
Note 1 to entry: Tangibility aspects typically include website and explanatory material, personnel image, service
facilities, service processes, service tools and service deliverables, etc.
3.2.5.1
visibility
degree to which users (3.3.4) have insight into the capabilities of the IT service (3.3.2), how they will be
delivered, and progress toward their completion during delivery
3.2.5.2
professionalism
degree to which the content of the IT service (3.3.2) is based on appropriate education, skill, expertise
and qualification
Note 1 to entry: Professionalism can be communicated to the potential users as part of tangibility (3.2.5) but is
also a prerequisite for suitability (3.2.1).
3.2.5.3
IT service interface appearance
degree to which the interface of the service has an appearance or other physical properties that are
pleasing and satisfying for the user (3.3.4)
3.2.6
responsiveness
degree to which an IT service (3.3.2) responds and provides outcomes in a prompt and timely way
3.2.6.1
timeliness
degree to which an IT service (3.3.2) delivers outcomes within time limits
Note 1 to entry: In some cases, service timeliness is affected by a combination of multiple services provided by
different service providers (3.3.7). For example, online shopping service is expected to provide not only timely
retrieval of newly added products on sale, but also timely delivery to the user (3.3.4) by the parcel-delivery
service provider.
© ISO/IEC 2017 – All rights reserved 5

3.2.6.2
reactiveness
degree to which the IT service (3.3.2) promptly responds to user (3.3.4) requests
Note 1 to entry: The extent to provide emergency services is also addressed in this quality sub-characteristic. For
example, an emergency rescue request from a patient is expected to be immediately accepted and appropriately
treated through a medical IT service in a hospital.
3.2.7
IT service adaptability
degree to which an IT service (3.3.2) can configure itself or be modified to meet new needs
3.2.7.1
customizability
degree to which the IT service (3.3.2) can be customized at the request of users (3.3.4)
3.2.7.2
initiative
degree to which the IT service (3.3.2) recognizes users’ (3.3.4) goals and service suggests changes to
meet users’ needs
3.2.8
IT service maintainability
degree of effectiveness and efficiency with which the IT service (3.3.2)
...