Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO 25113:2010 – Software Quality Characteristics Deep Dive
Detailed definitions, subcharacteristics breakdowns, and measurement guidance for every quality attribute
1. Overview of ISO 25113
ISO 25113 provides an in-depth treatment of software quality characteristics, extending the quality model defined in ISO 25010 with detailed definitions, subcharacteristics breakdowns, and measurement guidance for each quality attribute. The standard is the definitive reference for understanding what each software quality characteristic means, how characteristics interact with each other, and how they should be evaluated in practice. It resolves ambiguities that arise when applying the high-level quality model to specific software systems by providing clear, operational definitions for each characteristic and subcharacteristic, along with practical examples drawn from different application domains.
ISO 25113 introduces the concept of “quality characteristic dependencies” — for example, security often conflicts with usability (more authentication steps reduce ease of use), and performance can trade off against maintainability (manual optimizations reduce code clarity). Understanding these dependencies is essential for making informed engineering trade-offs that balance competing quality objectives according to project priorities.
2. Detailed Quality Characteristics Breakdown
The standard provides a comprehensive decomposition of each quality characteristic into subcharacteristics. For example, “reliability” is broken down into maturity, availability, fault tolerance, and recoverability. Each subcharacteristic receives a formal definition, a set of associated measures, and guidance on interpretation. ISO 25113 also maps each subcharacteristic to typical stakeholder concerns, enabling traceability between quality requirements and stakeholder needs. This decomposition is valuable because it allows organizations to specify quality requirements with precision — instead of stating “the system must be reliable,” engineers can specify quantitative targets for each reliability subcharacteristic: maturity (mean time to failure), availability (uptime percentage), fault tolerance (ability to maintain service despite component failures), and recoverability (time to restore service after failure).
Functional suitability addresses whether the software provides the functions needed by users, and is decomposed into functional completeness (do all required functions exist?), functional correctness (do the functions produce correct results?), and functional appropriateness (are the functions suitable for the intended tasks?). Reliability addresses the software’s ability to maintain a specified level of performance under stated conditions. Performance efficiency relates to the software’s responsiveness and resource consumption. Security encompasses confidentiality, integrity, non-repudiation, accountability, and authenticity. Compatibility considers the software’s ability to exchange information with other systems and perform its required functions while sharing a common environment. Maintainability covers modularity, reusability, analyzability, modifiability, and testability. Portability includes adaptability, installability, and replaceability.
| Quality Characteristic | Subcharacteristics | Typical Stakeholder Concerns |
|---|---|---|
| Functional Suitability | Functional completeness, correctness, appropriateness | Does it do what I need? |
| Reliability | Maturity, availability, fault tolerance, recoverability | Will it work when I need it? |
| Performance Efficiency | Time behavior, resource utilization, capacity | Is it fast enough? |
| Security | Confidentiality, integrity, non-repudiation, accountability, authenticity | Is my data safe? |
| Maintainability | Modularity, reusability, analyzability, modifiability, testability | Can we fix and evolve it? |
| Portability | Adaptability, installability, replaceability | Can it run in my environment? |
Do not treat quality characteristics in isolation. ISO 25113 emphasizes that real-world quality requirements involve complex trade-offs between characteristics. For example, increasing security through encryption adds computational overhead that reduces performance efficiency. The standard provides a trade-off analysis framework to navigate these conflicts systematically, considering stakeholder priorities and contextual factors.
3. Engineering Design Insights
One of the most valuable contributions of ISO 25113 for practicing engineers is the detailed guidance on quality characteristic measurability. Each subcharacteristic is accompanied by one or more candidate measures, along with guidance on which measures are most appropriate for different types of software systems. For example, “fault tolerance” in embedded systems is best measured through fault injection testing, where controlled faults are introduced to verify that the system maintains correct operation. In enterprise applications, fault tolerance may be assessed through chaos engineering experiments that simulate infrastructure failures. In safety-critical systems, formal verification methods may be applied to prove fault tolerance properties mathematically.
The standard also addresses quality characteristic prioritization — a critical concern for projects with limited resources. ISO 25113 recommends using risk-based prioritization, where quality characteristics are weighted according to the consequences of their failure in the specific application context. A banking application would prioritize security and reliability because the consequences of a security breach or system outage are severe. An e-commerce platform would prioritize performance efficiency and availability, as slow response times or downtime directly impact revenue. A medical device would prioritize reliability and safety above all other considerations. By aligning quality priorities with business risks, organizations ensure that their quality assurance investments are directed where they provide the greatest value.
The standard also provides guidance on handling quality characteristic interactions and conflicts. For example, increasing security through stronger authentication typically reduces usability by adding steps to the user workflow. ISO 25113 recommends using trade-off analysis methods such as quality function deployment (QFD) or multi-criteria decision analysis (MCDA) to systematically evaluate alternative design decisions against the full set of quality requirements. The results of these analyses should be documented in a quality trade-off register that captures the rationale for each decision and enables retrospective analysis of whether the trade-off decisions were appropriate.
Engineering teams that systematically apply ISO 25113 quality characteristic definitions and trade-off analysis report 30-45% fewer requirement-related rework cycles, because quality requirements are specified with precision sufficient to prevent misunderstandings between stakeholders and developers, and trade-off decisions are made explicitly rather than implicitly.
4. Frequently Asked Questions
Q: How do I handle quality characteristics that conflict?
A: ISO 25113 provides a trade-off analysis method based on stakeholder preference elicitation and multi-criteria decision analysis. Document the rationale for each trade-off decision in a quality trade-off register for future reference and continuous improvement.
A: ISO 25113 provides a trade-off analysis method based on stakeholder preference elicitation and multi-criteria decision analysis. Document the rationale for each trade-off decision in a quality trade-off register for future reference and continuous improvement.
Q: Are all eight quality characteristics equally important?
A: No. The importance varies by application domain. ISO 25113 recommends using domain-specific weighting profiles — for example, safety-critical systems should heavily weight reliability and security, while consumer applications should weight usability and performance efficiency more highly.
A: No. The importance varies by application domain. ISO 25113 recommends using domain-specific weighting profiles — for example, safety-critical systems should heavily weight reliability and security, while consumer applications should weight usability and performance efficiency more highly.
Q: How often should quality characteristic evaluations be updated?
A: Evaluations should be updated whenever significant changes occur in the system, its operational environment, or stakeholder requirements. The standard recommends at minimum one evaluation per major release, with targeted evaluations for specific characteristics when significant changes affect them.
A: Evaluations should be updated whenever significant changes occur in the system, its operational environment, or stakeholder requirements. The standard recommends at minimum one evaluation per major release, with targeted evaluations for specific characteristics when significant changes affect them.
Q: How do I measure quality characteristics that are difficult to quantify?
A: ISO 25113 provides guidance on using surrogate measures, expert judgment, and ordinal scales for characteristics that resist direct quantification. The key is transparency about measurement limitations and the use of multiple converging indicators to increase confidence.
A: ISO 25113 provides guidance on using surrogate measures, expert judgment, and ordinal scales for characteristics that resist direct quantification. The key is transparency about measurement limitations and the use of multiple converging indicators to increase confidence.
