Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO/IEC 25023:2016 — SQuaRE — Measurement of System and Software Product Quality
A comprehensive guide to quality measures for system and software product quality characteristics
1. Understanding the ISO/IEC 25023 Quality Measurement Framework
ISO/IEC 25023:2016 is a cornerstone standard within the SQuaRE (Systems and software Quality Requirements and Evaluation) series, specifically belonging to the 2502n Quality Measurement Division. It defines a comprehensive set of quality measures for system and software product quality, organized according to the quality characteristics and subcharacteristics defined in ISO/IEC 25010. This standard replaces and significantly extends the earlier ISO/IEC TR 9126-2 and ISO/IEC TR 9126-3, consolidating internal and external measures into a simplified, unified tabular format.
The standard covers nine major quality characteristics: functional suitability, performance efficiency, compatibility, usability, reliability, security, maintainability, and portability. Each characteristic is further decomposed into subcharacteristics, and for each, specific quality measures (QMs) are provided with associated measurement functions, enabling objective quantification of software quality attributes throughout the development lifecycle.
For engineering teams adopting ISO/IEC 25023, start by mapping your existing quality assurance metrics to the standard’s quality measure framework. This alignment not only improves traceability but also facilitates benchmarking across projects and organizations.
| Quality Characteristic | Subcharacteristics | Example Quality Measure | Measurement Function |
|---|---|---|---|
| Functional Suitability | Functional completeness, Functional correctness, Functional appropriateness | Functional implementation coverage | X = A / B (A=implemented functions, B=required functions) |
| Performance Efficiency | Time behaviour, Resource utilization, Capacity | Response time ratio | X = T_actual / T_required |
| Reliability | Maturity, Availability, Fault tolerance, Recoverability | Mean time between failures (MTBF) | X = Operating_time / Number_of_failures |
| Security | Confidentiality, Integrity, Non-repudiation, Accountability, Authenticity | Access control correctness | X = A / B (A=correctly controlled accesses, B=total accesses) |
| Maintainability | Modularity, Reusability, Analysability, Modifiability, Testability | Change cycle efficiency | X = T_delivered / T_requested |
2. Practical Application of Quality Measures in Engineering Projects
The true value of ISO/IEC 25023 lies in its practical application during software development and procurement. Quality measures defined in the standard are categorized into two reliability levels: highly recommendable (HR) and recommendable (R). This tiered approach acknowledges that not all measures have equal empirical validation, allowing engineers to select the most appropriate and proven metrics for their specific context.
For example, the “Functional implementation coverage” measure (X = number of correctly implemented functions / total number of required functions) provides a straightforward yet powerful indicator of requirements traceability. This measure can be automated using requirements management tools that link test cases to functional specifications, providing real-time coverage dashboards during development sprints.
When selecting quality measures from ISO/IEC 25023, avoid the temptation to measure everything. Focus on measures that directly align with your project’s critical quality goals and stakeholder concerns. Over-measurement leads to data noise and analysis paralysis.
The standard also specifies Quality Measure Elements (QMEs) — foundational building blocks that can be combined to create composite quality measures. This modular approach enables organizations to customize their quality measurement framework while maintaining compatibility with the standard’s structure. For embedded systems, for instance, engineers might combine resource utilization QMEs (CPU load, memory footprint) with reliability QMEs (fault detection coverage) to create a domain-specific quality indicator.
3. Engineering Design Insights and Integration Strategies
Integrating ISO/IEC 25023 measures into a DevOps or continuous integration pipeline requires thoughtful automation architecture. Key quality measures such as code coverage (for testability), cyclomatic complexity (for analysability), and module coupling (for modularity) can be computed automatically at each build. The challenge lies not in the computation but in establishing meaningful thresholds and trend analysis.
Organizations that successfully implement ISO/IEC 25023 report 30-40% improvement in defect detection during early development phases, primarily because quantitative quality gates replace subjective manual reviews with objective, automated measurements.
For system integrators and acquirers, the standard provides an invaluable tool for supplier evaluation. By specifying quality requirements in terms of ISO/IEC 25023 measures with defined target values and acceptable ranges, procurement contracts become objectively verifiable. The evaluation process follows the framework defined in ISO/IEC 25040, creating a seamless quality ecosystem from requirements through evaluation.
A critical insight for engineering leaders: the standard explicitly acknowledges that its measure set is not exhaustive. Organizations are encouraged to refine and extend measures based on domain-specific needs. For safety-critical applications (automotive, medical devices), supplementary measures addressing functional safety and integrity levels should be integrated alongside the standard measures.
Q1: How does ISO/IEC 25023 differ from ISO/IEC 9126?
A: ISO/IEC 25023 replaces ISO/IEC TR 9126-2 and 9126-3, aggregating internal and external measures into a simplified format. It aligns with the updated quality model in ISO/IEC 25010 and introduces a reliability tier system (HR/R) for measures based on practical usefulness.
A: ISO/IEC 25023 replaces ISO/IEC TR 9126-2 and 9126-3, aggregating internal and external measures into a simplified format. It aligns with the updated quality model in ISO/IEC 25010 and introduces a reliability tier system (HR/R) for measures based on practical usefulness.
Q2: Can ISO/IEC 25023 measures be automated?
A: Yes, many measures (time behaviour, resource utilization, test coverage) can be automated through CI/CD pipelines. However, some measures require manual inspection, particularly those involving user interface aesthetics or appropriateness recognizability.
A: Yes, many measures (time behaviour, resource utilization, test coverage) can be automated through CI/CD pipelines. However, some measures require manual inspection, particularly those involving user interface aesthetics or appropriateness recognizability.
Q3: What is the relationship between ISO/IEC 25023 and ISO/IEC 25030?
A: ISO/IEC 25030 defines the quality requirements framework, while ISO/IEC 25023 provides the specific measures to quantify those requirements. Together, they form a complete requirements-to-measurement lifecycle.
A: ISO/IEC 25030 defines the quality requirements framework, while ISO/IEC 25023 provides the specific measures to quantify those requirements. Together, they form a complete requirements-to-measurement lifecycle.
Q4: How many quality measures does ISO/IEC 25023 define?
A: The standard defines several dozen measures across all nine quality characteristics, each categorized by reliability level and accompanied by explicit measurement functions and interpretation guidance.
A: The standard defines several dozen measures across all nine quality characteristics, each categorized by reliability level and accompanied by explicit measurement functions and interpretation guidance.
📥 Standard Documents Download
No download files available yet