Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO 25086-1:2026 — Software Measurement: Measurement Process
A Systematic Approach to Planning, Performing, and Evaluating Software Quality Measurement
ISO 25086-1:2026 defines a systematic measurement process for software quality, establishing a structured approach to planning, performing, and evaluating software measurement activities. As the first part of the ISO 25086 series, it provides the foundational process model that subsequent parts will extend for specific application domains and measurement technologies. This standard is essential for organizations seeking to institutionalize measurement as a core engineering practice rather than an ad-hoc reporting exercise.
ISO 25086-1 is designed to be used in conjunction with ISO 25020 (measurement reference model) and ISO 25018 (measurement guide). While those standards focus on what to measure, ISO 25086-1 focuses on how to execute the measurement process effectively within an organizational context.
The ISO 25086-1 Measurement Process Model
ISO 25086-1:2026 defines a measurement process model consisting of five major activities: measurement planning, measurement deployment, measurement execution, measurement analysis, and measurement improvement. Each activity encompasses multiple tasks with specified inputs, outputs, roles, and verification criteria. The process model follows the Plan-Do-Check-Act (PDCA) cycle, ensuring that measurement programs are continuously refined based on empirical feedback.
Measurement planning involves defining the measurement objectives, selecting the software entities to be measured, identifying relevant quality characteristics from the quality model, choosing or defining appropriate quality measures, and specifying the data collection and storage mechanisms. The standard emphasizes that measurement objectives must be derived from organizational goals using the Goal-Question-Metric (GQM) paradigm, ensuring traceability from high-level business strategy down to individual data points.
| Process Activity | Key Tasks | Primary Output | Verification Criterion |
|---|---|---|---|
| Measurement Planning | Define objectives, select entities, choose measures, specify collection mechanisms | Measurement Plan document | All objectives traceable to organizational goals via GQM |
| Measurement Deployment | Integrate probes, configure tools, train personnel, establish data pipelines | Deployed measurement infrastructure | Automated data collection verified with test data |
| Measurement Execution | Collect base measures, compute derived measures, generate indicators | Measurement results and indicator reports | Data completeness and timeliness within defined tolerances |
| Measurement Analysis | Analyze results, interpret findings, identify anomalies, prepare recommendations | Analysis report with actionable insights | Statistical validity of analytical methods applied |
| Measurement Improvement | Evaluate process effectiveness, retire obsolete measures, refine collection methods | Updated measurement plan | Measurement program effectiveness metrics show improvement |
Engineering Design Insights for Measurement Process Design
A critical engineering insight from ISO 25086-1:2026 is the principle of measurement process scalability. The standard recognizes that measurement programs must scale with organizational maturity. For a team just starting measurement initiatives, the standard recommends a minimal viable measurement set of three to five base measures covering at least two quality characteristics. As organizational maturity increases, the measurement set can expand systematically, guided by documented decision needs rather than the availability of data.
Organizations that implement ISO 25086-1’s scalable measurement approach typically achieve measurable quality improvements within two to three measurement cycles. The key is starting small with high-impact measures and expanding based on demonstrated value, not theoretical completeness.
The standard introduces the concept of measurement fidelity levels, which categorize the rigor of measurement execution. Level 1 (informal) relies on manually collected, estimated values. Level 2 (defined) uses automated collection with documented procedures. Level 3 (managed) adds statistical process control and anomaly detection. Level 4 (optimized) incorporates predictive analytics and automated remediation triggers. Organizations can target different fidelity levels for different measures based on the criticality of the quality characteristic being measured.
Another important design consideration is measurement non-intrusiveness. ISO 25086-1 emphasizes that measurement activities should minimize disruption to the engineering workflow. It provides guidelines for integrating measurement probes into existing CI/CD pipelines without requiring separate measurement runs, using instrumentation hooks, log analysis, and API monitoring rather than standalone measurement tools. This approach reduces the overhead of measurement from a separate activity to a by-product of normal development operations.
Practical Implementation: Institutionalizing the Measurement Process
Implementing ISO 25086-1 in practice requires organizational commitment across three dimensions: technical infrastructure, process definition, and cultural adoption. On the technical side, organizations need to establish a measurement data warehouse or data lake that can store, process, and serve measurement data from multiple sources. On the process side, the measurement plan must be integrated into the project management framework, with measurement activities appearing in sprint planning, milestone reviews, and phase-gate checklists. On the cultural side, measurement results must be presented as improvement tools rather than performance evaluation weapons — otherwise, teams will game the metrics rather than use them for genuine quality improvement.
The most common failure mode for measurement programs is the “metric tornado” — an uncontrolled proliferation of measures that overwhelms teams with data collection overhead while providing little actionable insight. ISO 25086-1 recommends a strict governance process where new measures are approved only when accompanied by a documented decision need and a plan for retirement of a less valuable existing measure (one-in, one-out policy).
ISO 25086-1 also addresses the critical topic of measurement data governance. As organizations collect increasing volumes of measurement data, they must establish policies for data retention, access control, and privacy protection. The standard recommends classifying measurement data into tiers based on sensitivity and business criticality. Operational measures used for real-time system monitoring may be retained for shorter periods, while strategic measures used for trend analysis and organizational benchmarking should be retained longitudinally with proper versioning. Access to measurement data should follow the principle of least privilege, with role-based access controls ensuring that teams can view measures relevant to their decision-making context but not necessarily those used for organizational performance evaluation.
Q1: How does ISO 25086-1 relate to ISO 25020 and ISO 25018?
A: ISO 25020 provides the measurement reference model (concepts and definitions), ISO 25018 provides the measurement guide (practical how-to for specific measures), and ISO 25086-1 provides the measurement process model (organizational processes and workflows). They form a three-layer framework: conceptual, practical, and process.
A: ISO 25020 provides the measurement reference model (concepts and definitions), ISO 25018 provides the measurement guide (practical how-to for specific measures), and ISO 25086-1 provides the measurement process model (organizational processes and workflows). They form a three-layer framework: conceptual, practical, and process.
Q2: Can ISO 25086-1 be applied in a DevOps environment?
A: Yes. The standard is designed for modern software development practices. Its measurement process activities map naturally to CI/CD pipeline stages, and its emphasis on non-intrusive measurement aligns well with DevOps principles of automation and continuous improvement.
A: Yes. The standard is designed for modern software development practices. Its measurement process activities map naturally to CI/CD pipeline stages, and its emphasis on non-intrusive measurement aligns well with DevOps principles of automation and continuous improvement.
Q3: What is the recommended frequency of measurement?
A: ISO 25086-1 recommends aligning measurement frequency with the development cadence. For agile teams, base measures should be collected per build or per sprint, with indicators reviewed at sprint retrospectives. For operational measures, continuous monitoring with automated alerting is recommended.
A: ISO 25086-1 recommends aligning measurement frequency with the development cadence. For agile teams, base measures should be collected per build or per sprint, with indicators reviewed at sprint retrospectives. For operational measures, continuous monitoring with automated alerting is recommended.