ISO/IEC 25010:2023 — SQuaRE Product Quality Model

Introduction to ISO/IEC 25010

ISO/IEC 25010 is arguably the most widely recognized standard in the SQuaRE family. It defines the product quality model — a comprehensive framework of nine quality characteristics and their sub-characteristics that together describe what “quality” means for ICT products and software systems. The 2023 edition represents a significant evolution from the 2011 version, reflecting two decades of practical experience and the dramatic changes in the technology landscape including cloud computing, mobile platforms, AI systems, and the Internet of Things.

The 2023 edition brings major changes: safety is added as a new ninth characteristic, usability is replaced by interaction capability, and portability is replaced by flexibility — better reflecting modern ICT product realities.

The product quality model applies to ICT products including software, hardware, data, and communication infrastructure. It serves multiple purposes throughout the product lifecycle: eliciting and defining requirements, validating the comprehensiveness of requirements definitions, identifying design objectives, establishing testing objectives, setting acceptance criteria for product release, and defining quality measures to support these activities. The model is designed to be used by multiple stakeholders including developers, acquirers, quality assurance staff, and independent evaluators.

The Nine Quality Characteristics

The 2023 edition organizes product quality into nine characteristics, each with its own sub-characteristics. These characteristics collectively describe all relevant aspects of ICT product quality and serve as a comprehensive checklist for requirements specification and evaluation. The table below summarizes all nine and highlights key changes from the 2011 edition.

Quality Characteristic	Sub-Characteristics	Key Changes from 2011
Functional Suitability	Functional completeness, correctness, appropriateness	Refined definitions
Performance Efficiency	Time behaviour, resource utilization, capacity	Unchanged
Compatibility	Co-existence, interoperability	Unchanged
Interaction Capability	Appropriateness recognizability, learnability, operability, user error protection, user engagement, inclusivity, user assistance, self-descriptiveness	Replaces “Usability” — broader scope
Reliability	Faultlessness, availability, fault tolerance, recoverability	“Maturity” replaced by “Faultlessness”
Security	Confidentiality, integrity, non-repudiation, accountability, authenticity, resistance	New “Resistance” sub-characteristic
Maintainability	Modularity, reusability, analysability, modifiability, testability	Refined definitions
Flexibility	Adaptability, scalability, installability, replaceability	Replaces “Portability” — includes scalability
Safety	Operational constraint, risk identification, fail safe, hazard warning, safe integration	New characteristic in 2023

Interaction Capability: A Modern View of Usability

The replacement of “Usability” with “Interaction Capability” marks a philosophical shift in how we think about user-facing quality. Where usability traditionally focused on ease of use for specified users in specified contexts, interaction capability encompasses a broader set of attributes including inclusivity (accommodating users of diverse ages, abilities, cultures, ethnicities, languages, and genders), self-descriptiveness (making capabilities immediately obvious without excessive interactions), and user assistance (supporting users with disabilities through multiple input/output methods such as voice, gaze, and touch). This reflects the modern reality that software must serve a globally diverse user base across an unprecedented range of devices and usage scenarios.

The addition of “Inclusivity” as a sub-characteristic is particularly significant — it requires products to be utilizable by people of various backgrounds, moving accessibility from a niche concern to a core quality attribute that must be designed for from the outset.

Relationship Between Product Quality and Quality-in-Use

ISO/IEC 25010 clarifies that product quality characteristics directly influence quality-in-use outcomes. For primary users who interact directly with the system, characteristics like functional suitability, performance efficiency, interaction capability, reliability, and security are paramount. For secondary users such as maintainers and system administrators, maintainability and flexibility take higher priority. For indirect users who receive system outputs, reliability and security are most critical. The standard provides a detailed mapping table showing which characteristics influence which stakeholder groups, enabling targeted quality improvement efforts.

Engineering Design Insights

From an engineering perspective, the 2023 revision offers several critical insights for modern software and systems engineering. The new Safety characteristic is a direct response to the growing prevalence of software in safety-critical and autonomous systems including autonomous vehicles, medical devices, and industrial control systems. Its five sub-characteristics — operational constraint, risk identification, fail safe, hazard warning, and safe integration — provide a structured vocabulary for engineers to specify and evaluate safety requirements that were previously addressed only through domain-specific standards like IEC 61508 or ISO 26262. This unification within the SQuaRE framework allows organizations to apply a consistent quality approach across all their products regardless of domain, reducing duplication of effort and improving cross-team communication about quality objectives.

Engineers should note that safety (3.9) is defined in ISO/IEC 25010 as the capability to avoid endangering human life, health, property, or the environment — a narrower definition than “functional safety” in IEC 61508, but specifically tailored for product quality assessment within the SQuaRE framework.

The Resistance sub-characteristic under Security addresses a critical modern concern: the capability of a product to sustain operations while under attack from malicious actors. This goes beyond traditional security properties (confidentiality, integrity) to include denial-of-service resilience, ransomware protection, and the ability to maintain operations during active cyberattacks — increasingly essential for connected products and critical infrastructure.

The Scalability sub-characteristic under Flexibility acknowledges that modern systems must dynamically handle growing or shrinking workloads, a capability poorly captured by the older “Portability” concept. Combined with the new emphasis on interaction capability over mere usability, the 2023 edition of ISO/IEC 25010 provides a quality model that is far better aligned with the realities of modern ICT product development.

Frequently Asked Questions

Q1: What are the main changes in ISO/IEC 25010:2023 compared to 2011?
A: Safety is added as a new characteristic; usability is replaced by interaction capability; portability is replaced by flexibility; inclusivity, self-descriptiveness, resistance, and scalability are added as new sub-characteristics.

Q2: Does the product quality model apply only to software?
A: No, it applies to all ICT products including software, hardware, firmware, data, and communication infrastructure as components of an information system.

Q3: How is safety addressed in the quality model?
A: Safety is a new quality characteristic with five sub-characteristics: operational constraint, risk identification, fail safe, hazard warning, and safe integration — covering the full safety lifecycle.

Q4: What is the difference between interaction capability and usability?
A: Interaction capability is broader, focusing on enabling interaction across diverse users and contexts, while usability traditionally emphasized ease of use for specified users in specified contexts.