ISO/IEC 25010 (often referred to as simply ISO 25010) is an international standard that provides a model for assessing the quality of software products. ISO/IEC 25010 is part of the ISO/IEC 25000 series of standards, also known as Systems and software Quality Requirements and Evaluation (SQuaRE). ISO/IEC 25010 was published in 2011 to replace ISO/IEC 9126. The 25010 standard deals specifically with system and software product quality models.
ISO/IEC 25010 defines a quality model that is composed of two main parts: product quality and quality in use.
The product quality aspect of the ISO 25010 describes various aspects of a software product’s inherent quality. This component is divided into eight quality characteristics, each of which is further divided into sub-characteristics.
The eight characteristics are:
- Functional Suitability: The degree to which a product provides functions that meet stated and implied needs.
- Performance Efficiency: The performance relative to the amount of resources used.
- Compatibility: The degree to which a product can perform its required functions while sharing a common environment and resources with other products, without causing detrimental impact on any other.
- Usability: The degree to which a product or system can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use.
- Reliability: The ability of a system or component to perform its required functions under stated conditions for a specified period of time.
- Security: Protection of information and data so that unauthorized persons or systems cannot read or modify them and authorized persons or systems are not denied access to them.
- Maintainability: The ease with which a product or system can be modified to change or add capabilities, correct faults, improve performance, or other attributes.
- Portability: The ease with which a system or component can be transferred from one hardware or software environment to another.
Quality in Use
This part of the ISO 25010 refers to the extent to which a product used in a specific context meets the requirements of the user. It includes five characteristics:
- Effectiveness: The accuracy and completeness with which users achieve specified goals.
- Efficiency: The resources expended in relation to the results achieved.
- Satisfaction: The degree to which user needs are satisfied when a product or system is used in a specific context of use.
- Freedom from risk: The degree to which a product or system mitigates the risk of economic loss, harm to human life, health, or the environment.
- Context coverage: The degree to which a product or system can be used with effectiveness, efficiency, freedom from risk and satisfaction in both specified and unspecified contexts of use.
This standard is a powerful tool for describing, evaluating, predicting, and improving the quality of software products. It’s widely used in software development processes to ensure a high level of software quality.
How To Grade Your Software Quality Using ISO 25010
Using a Code Quality Framework
Evaluating the quality of your company’s software can be a complicated process, especially in large organizations that make use of many different tech stacks. However, using a framework for evaluating whether your code meets the ISO 25010 makes it much more manageable.
TIOBE, a software quality assessment company based in the Netherlands, has created a framework for evaluating code quality that uses the ISO/IEC 25010 to assess software written in a variety of languages, including some of those listed below.
For each of these supported languages, TIOBE has prepared a list of supported tools. For instance, the image below shows the supported tools for assessing code coverage for C++. Other categories for which TIOBE has a list of recommended technology tools include: abstract interpretation, cyclomatic complexity, compiler warnings, coding standards, code duplication, fan out, security, and dead code.
TIOBE uses these technologies to create a dashboard for customers to see the various aspects of how their software (code and other aspects of their tech stack) fared compared to software quality standards, including ISO/IEC 25010.
ISO 25010 Sample Questionnaire
Below is a simplified example of how one might create a questionnaire for a few of these quality characteristics. Each question should be answered on a scale, for instance from 1 (strongly disagree) to 5 (strongly agree).
For Functional Suitability:
- Does the software provide all the functions you need to complete your tasks?
- Are the functions provided by the software correct and accurate?
- Is the software easy to learn and use?
- Does the software provide useful feedback during use?
- Can you customize the software interface to suit your preferences?
For Performance Efficiency:
- Does the software process tasks and requests quickly?
- Does the software make efficient use of system resources (CPU, memory, disk space, network)?
- Does the software function correctly in your operating environment?
- Does the software interact well with other systems you use?
- Does the software protect your data from unauthorized access?
- Does the software provide mechanisms to backup and recover your data?
Remember, this is a simplified example. In a real assessment, you’d have a more detailed questionnaire that covers all eight product quality characteristics and five quality in use characteristics, and each with several more specific questions.
You’d also want to gather and consider objective metrics and data points alongside the responses to this questionnaire. The specific metrics and data points would depend on the software and context, but they might include things like error rates, performance metrics, utilization statistics, and so on.
What is ISO/IEC?
ISO/IEC stands for the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Together, they form a specialized system for global standardization in the fields of information technology and related technologies, such as electronics and communications.
ISO: The International Organization for Standardization is an independent, non-governmental international organization that develops and publishes standards. It was established in 1947 and is composed of representatives from various national standards organizations. ISO covers a wide range of standards, not just in technology but across many fields such as quality management, environmental management, safety, and services.
IEC: The International Electrotechnical Commission is the leading global organization that publishes consensus-based international standards and manages conformity assessment systems for electric and electronic products, systems, and services, collectively known as electrotechnology.
When you see “ISO/IEC” before a standard number, it means that the standard has been jointly published by ISO and IEC. These standards often relate to information technology, electronics, and communications, because these are areas where the two organizations have agreed to work together to avoid duplication of effort and to ensure consistency and interoperability.
An example of this is the ISO/IEC 27000 series of standards, which are widely recognized and implemented standards for information security management. Similarly, the ISO/IEC 25000 series of standards, also known as SQuaRE (Systems and software Quality Requirements and Evaluation), provide a framework and consistent terminology for specifying and evaluating the quality of software.