ISO/IEC 25002:2024 — SQuaRE Quality Model Overview and Usage

Introduction to ISO/IEC 25002

ISO/IEC 25002 serves as the essential bridge between the abstract concepts of software quality and their practical application. This standard, part of the Quality Management Division of SQuaRE, provides the foundational framework for defining, interpreting, and using quality models across the entire SQuaRE ecosystem. It establishes the common language and structural conventions that make quality models consistent, comparable, and extensible across different domains and application contexts.

ISO/IEC 25002:2024 is the first edition of this standard, extracted and expanded from the original ISO/IEC 25010:2011 to provide dedicated guidance on quality model overview and usage separate from the product quality model itself.

The standard explains that a quality model is a defined set of characteristics and sub-characteristics that are quantified by quality measures, enabling organizations to specify requirements and evaluate the quality properties of target entities. These models apply to all types of ICT products, data, IT services, and the quality-in-use experienced by stakeholders. A key contribution of this standard is the formal ontology it establishes — showing how stakeholder needs flow into quality requirements, map to quality characteristics, and are ultimately quantified by quality measures applied to target entities.

The Quality Model Framework

ISO/IEC 25002 defines a rigorous structure for quality models. Each SQuaRE quality model must exhibit several key structural attributes that ensure consistency and comprehensiveness:

Attribute	Description
Focused Target Entity	The model addresses a cohesive domain of artefacts (ICT product, data, IT service)
Quality Characteristics	A set of characteristics collectively covering measurable quality properties
Sub-Characteristics	Partitioned from characteristics when justified by complexity or attribute range
Mutual Exclusivity	Sub-characteristics are associated with measures that are as mutually exclusive as possible
Measure Linkage	Each characteristic or sub-characteristic relates to one or more quality measures

The Four Pillar Quality Models

The SQuaRE family defines four primary quality models under the quality model division (2501n):

Product Quality Model (ISO/IEC 25010) — for ICT products including software, hardware, and communication components
Data Quality Model (ISO/IEC 25012) — for data and the technology managing it
IT Service Quality Model (ISO/IEC TS 25011) — for IT service characteristics
Quality-in-Use Model (ISO/IEC 25019) — for behavioural attributes when the system is in use

These four models work together as a comprehensive framework. The product quality model targets the ICT product itself, the data quality model addresses data characteristics, the IT service model covers service delivery, and the quality-in-use model captures stakeholder experience.

Applying Quality Models Across the Lifecycle

ISO/IEC 25002 describes five critical quality processes where quality models are applied. For each process, the standard provides concrete examples showing how the four quality models contribute to quality assurance throughout the system lifecycle.

Quality Requirements Definition

Stakeholder needs must be translated into quality requirements using quality models as a reference. ICT product requirements might specify measurable attributes like response times under peak load, while data quality requirements document accuracy thresholds or traceability needs. The standard emphasizes that requirements should be defined quantitatively whenever possible to provide objective criteria for verification.

Quality Engineering and Evaluation

Architects and developers use quality models to translate requirements into verifiable system properties. Quality evaluation then employs a combination of functional testing, static and dynamic analysis, penetration testing, user labs, proof of correctness, user acceptance tests, and operational assessment. The standard emphasizes that comprehensive evaluation requires coverage across all applicable quality models — not just functional suitability but also security, reliability, performance efficiency, and interaction capability.

A common pitfall is evaluating only functional requirements while neglecting non-functional quality attributes. Quality models provide the checklist needed to ensure complete coverage — from security and reliability to interaction capability and safety. Teams should systematically trace each quality characteristic to specific test cases.

Quality Management

Quality managers can use quality models to set objectives, make decisions, track quality growth, manage vendors, measure outcomes, assess technical risk, and support other management tasks. Quality information such as ratings, measures, and historical performance can be used to select among alternative systems, decide which systems should be modernized, allocate resources, and perform due diligence during acquisitions.

Engineering Design Insights

From an engineering perspective, ISO/IEC 25002 offers several practical insights. The standard acknowledges that quality models may be customized at the sub-characteristic level (but not at the characteristic level) to fit specific contexts of use, providing flexibility while maintaining a consistent framework. This is particularly valuable when adapting models for domain-specific applications such as medical devices, automotive systems, or financial services platforms.

The standard also introduces guidelines for extending quality models as technologies advance. For cognitive systems, new sub-characteristics like self-learning capability and self-learning speed can be added. For space applications, sub-sub-characteristics for weightless users or extended isolation conditions may be developed. This extensibility ensures the SQuaRE framework remains relevant as technology evolves.

Perhaps most importantly, ISO/IEC 25002 explicitly addresses trade-offs between quality characteristics. For example, increasing security can negatively impact usability, and improving maintainability through modularity can affect performance efficiency. Recognizing and managing these trade-offs through informed prioritization is central to professional quality engineering. The standard provides a structured vocabulary for discussing these trade-offs with stakeholders.

Quality models are not static checklists. As technologies advance — with AI, cloud services, and autonomous systems — quality models must be extended with new characteristics such as self-learning capability, algorithmic fairness, and resilience to novel attack patterns.

Frequently Asked Questions

Q1: What is the difference between ISO/IEC 25002 and ISO/IEC 25010?
A: 25002 provides the overview, framework, and usage guidance for all SQuaRE quality models, while 25010 specifically defines the product quality model with its nine characteristics and sub-characteristics.

Q2: Can I modify a quality model for my specific context?
A: Yes, modifications are permitted at the sub-characteristic level. You can add sub-characteristics or customize definitions to fit your context, but the top-level quality characteristics must remain consistent with the standard definitions.

Q3: How do the four quality models work together?
A: They address different aspects of an information system. The product model targets the ICT product itself, the data model targets data, the IT service model targets service delivery, and the quality-in-use model captures the stakeholder experience.

Q4: Who are the primary stakeholders for quality models?
A: Stakeholders include customers, business analysts, developers, maintainers, quality management professionals, independent evaluators, regulators, product managers, and end users — each with different quality concerns and priorities.