Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO 25137-1:2009 — Software Quality Requirements and Evaluation (SQuaRE) Quality Model
A Comprehensive Framework for Software Quality Specification, Measurement, and Evaluation in Systems Engineering
1. The SQuaRE Quality Model Architecture
ISO 25137-1:2009, part of the SQuaRE (Software Quality Requirements and Evaluation) series, defines a comprehensive quality model for software products. While it has been succeeded by ISO 25010 in the latest revisions, ISO 25137-1 was foundational in establishing the modern approach to software quality — shifting the focus from purely product-centric metrics to a holistic view encompassing quality-in-use, external quality, internal quality, and data quality. The standard defines three complementary quality model structures that serve different stakeholder perspectives.
The ISO 25137-1 quality model is particularly valuable for procurement and acceptance scenarios where the buyer needs to specify quality requirements in a contract. By using the standard quality characteristics and sub-characteristics, both parties share a common vocabulary and measurement framework, reducing ambiguity and disputes during acceptance testing.
The quality-in-use model focuses on the user perspective and defines five characteristics: effectiveness (accuracy and completeness with which users achieve specified goals), productivity (resources expended relative to effectiveness), safety (acceptable level of risk), satisfaction (user attitudes and perceptions), and usability (ease of use and learnability). These characteristics are measured in the context of specific use scenarios, making them particularly relevant for user experience engineering and human-computer interaction design.
| Quality Model | Perspective | Key Characteristics | Measurement Context |
|---|---|---|---|
| Quality-in-use | End user | Effectiveness, productivity, safety, satisfaction | Real or simulated use scenarios |
| External quality | System behavior | Functionality, reliability, usability, efficiency, maintainability, portability | Executing the software in test environment |
| Internal quality | Developer | Same six characteristics as external quality | Static analysis of code, architecture, design |
| Data quality | Information | Accuracy, completeness, consistency, currency | Data inspection and integrity analysis |
2. Product Quality Characteristics in Detail
The product quality model — shared between internal and external quality — defines six main characteristics, each decomposed into sub-characteristics. Functionality includes suitability, accuracy, interoperability, security, and functional compliance. Reliability encompasses maturity, fault tolerance, recoverability, and reliability compliance. Usability covers understandability, learnability, operability, attractiveness, and usability compliance. Efficiency includes time behavior and resource utilization. Maintainability comprises analyzability, changeability, stability, testability, and maintainability compliance. Portability covers adaptability, installability, co-existence, replaceability, and portability compliance.
A common misapplication of the quality model is attempting to maximize all characteristics simultaneously. In practice, trade-offs are inevitable — for example, security measures often reduce usability; portability may limit performance optimization; and maintainability investments can increase development time. ISO 25137-1 encourages explicit prioritization of quality characteristics based on the software purpose and context of use.
For each sub-characteristic, the standard provides guidance on measurement — recommending metric types including ratio scales, ordinal scales, and nominal classifications. For example, reliability can be measured by mean time between failures (MTBF), defect density, or fault resolution time. The standard emphasizes that measurements should be validated for their context and that no single metric perfectly captures a quality characteristic.
3. Practical Application in Quality Engineering
Applying ISO 25137-1 effectively requires organizations to tailor the quality model to their specific domain and project context. The standard provides a framework for: defining quality requirements using the quality model as a checklist; specifying quality measures with target values; planning quality evaluation activities throughout the development lifecycle; and interpreting evaluation results in the context of stakeholder needs.
Leading organizations integrate the SQuaRE quality model with their agile development practices by defining quality acceptance criteria for each user story in terms of relevant quality characteristics. For example, a story about user login might have quality criteria covering security (password encryption), usability (login completes in under 3 seconds), and reliability (99.9% availability of the authentication service). This embeds quality thinking directly into the development workflow.
In regulated industries such as medical devices, automotive safety, or financial systems, ISO 25137-1 is often used alongside domain-specific standards. The quality model provides the overarching framework for software quality, while domain standards add specific requirements for safety, security, or regulatory compliance. For example, a medical device software team might use ISO 25137-1 for overall quality management while also following IEC 62304 for software lifecycle processes and ISO 14971 for risk management.
Organizations new to systematic quality engineering often make the mistake of collecting quality metrics without a clear link to decision-making. The standard emphasizes that quality measurement should drive action: if metrics are collected but do not influence design decisions, resource allocation, or process improvement, the measurement program becomes an overhead without benefits.
4. Frequently Asked Questions
Q: How does ISO 25137-1 relate to ISO 25010?
A: ISO 25137-1 was the original quality model standard in the SQuaRE series. ISO 25010:2011 superseded it with updated quality models, including the addition of security as a separate characteristic and compatibility as a new characteristic. However, the fundamental structure and approach remain consistent.
A: ISO 25137-1 was the original quality model standard in the SQuaRE series. ISO 25010:2011 superseded it with updated quality models, including the addition of security as a separate characteristic and compatibility as a new characteristic. However, the fundamental structure and approach remain consistent.
Q: Can the quality model be applied to non-software systems or services?
A: While designed for software, the quality-in-use model has been successfully applied to IT services, business processes, and even physical products with embedded software. The key adaptation is reinterpreting the characteristics for the specific system type.
A: While designed for software, the quality-in-use model has been successfully applied to IT services, business processes, and even physical products with embedded software. The key adaptation is reinterpreting the characteristics for the specific system type.
Q: How should quality characteristics be prioritized in practice?
A: Prioritization should be based on: stakeholder needs (what users and customers value most), regulatory requirements (mandatory characteristics for compliance), business goals (characteristics that drive competitive advantage), and risk assessment (characteristics where failure causes the most harm).
A: Prioritization should be based on: stakeholder needs (what users and customers value most), regulatory requirements (mandatory characteristics for compliance), business goals (characteristics that drive competitive advantage), and risk assessment (characteristics where failure causes the most harm).
