What is ISO/IEC 25010:2023 – Systems and Software Engineering
ISO/IEC 25010 is a key standard in the Systems and Software Quality Requirements and Evaluation (SQuaRE) series, developed to define models for assessing the quality of software and systems. This edition refines the original ISO/IEC 25010:2011 by incorporating modern software development practices, emerging technologies, and broader quality considerations.
The standard introduces a product quality model that guides the specification, measurement, and evaluation of software and system quality. It is intended for use by developers and auditors across all stages of the software lifecycle.
To start ISO/IEC 25010 implementation or certification assistance, contact us at support@pacificcert.com.
Scope and Applicability
ISO/IEC 25010:2023 is applicable to all software products and systems regardless of size, architecture, or domain. The standard can be used to:
- Define internal and external software quality requirements
- Evaluate quality at the design, implementation, or deployment stage
- Support procurement and contractual agreements involving software
It is especially relevant for systems in regulated sectors (e.g., medical, aviation, automotive), enterprise-grade platforms, and software-intensive systems requiring high levels of trust, performance, and user satisfaction.
Certification Process
- Conduct a gap analysis against the ISO/IEC 25010 product quality model
- Identify key stakeholders and define the product’s intended use, users, and operational environment
- Select relevant quality characteristics and sub-characteristics based on project needs
- Define quantifiable quality metrics and thresholds for each characteristic
- Establish a quality assurance framework aligned with ISO/IEC 25010 requirements
- Implement controls, coding standards, and validation protocols across the SDLC
- Conduct internal assessments and third-party evaluation if pursuing formal recognition
Get started with structured implementation by reaching out to us at support@pacificcert.com.
Documentation Required
Organizations using ISO/IEC 25010 should maintain:
- Quality requirements documentation and traceability matrix
- Defined metrics and thresholds for each selected quality characteristic
- Quality assurance policies and procedures
- Validation and verification plans and reports
- Test plans and results mapped to quality characteristics
- Defect tracking logs and resolution reports
- User feedback and quality-in-use monitoring logs
We help you to create ISO/IEC 25010-aligned documentation, contact us at support@pacificcert.com!
Eligibility Criteria
ISO/IEC 25010 is applicable to:
- Software developers and vendors building consumer, enterprise, or embedded systems
- Organizations procuring or commissioning custom software solutions
- Public sector IT initiatives and digital transformation projects
- Product managers and quality assurance teams defining non-functional requirements
ISO/IEC 25010 is widely used to support ISO/IEC 25000-series-based evaluations or software compliance schemes.
Certification Costs
For organizations seeking compliance with broader SQuaRE frameworks or using it for supplier evaluation, costs related to:
- Gap assessment and requirements analysis: Under $5000
- Quality framework development and training: Under $10,000
- External validation or tool integration: Under $15,000 depending on scale
To discuss cost-effective adoption pathways, contact support@pacificcert.com.
Certification Timeline
- Gap Assessment: 2–3 weeks
- Requirements Definition and Metric Selection: 2–4 weeks
- Implementation and Testing: 3–5 weeks
- Evaluation and External Review (if needed): 2 weeks
Overall time estimate: 8–12 weeks depending on the project size and SDLC maturity.
Requirements of ISO/IEC 25010:2023
ISO/IEC 25010 defines two major quality models:
- Product Quality Model
This model includes eight main characteristics and several sub-characteristics:
- Functional Suitability: Functional completeness, correctness, appropriateness
- Performance Efficiency: Time behavior, resource utilization, capacity
- Compatibility: Co-existence, interoperability
- Usability: Learnability, operability, user error protection, accessibility, and aesthetics
- Reliability: Maturity, availability, fault tolerance, recoverability
- Security: Confidentiality, integrity, non-repudiation, accountability, authenticity
- Maintainability: Modularity, reusability, analyzability, modifiability, testability
- Portability: Adaptability, installability, replaceability
These characteristics help evaluate both internal (code-level) and external (user-visible) quality attributes.
- Quality-in-Use Model (Reference: ISO/IEC 25019:2023)
While ISO/IEC 25010 addresses product attributes, ISO/IEC 25019:2023 provides the framework to evaluate quality from the end user’s perspective, including:
- Effectiveness: Ability to achieve goals with accuracy and completeness
- Efficiency: Resource usage to achieve goals
- Satisfaction: User comfort, trust, and acceptance in context
ISO/IEC 25019 complements ISO/IEC 25010 by focusing on actual use in real-world scenarios, making both standards critical for user-centered software quality.
Benefits of ISO/IEC 25010
- Establishes clear and measurable software quality benchmarks
- Supports quality-driven development and agile documentation
- Enhances user satisfaction and stakeholder alignment
- Improves system dependability, usability, and maintainability
- Facilitates compliance with sector-specific software assurance standards
- Reduces lifecycle costs by identifying quality issues early
With the rising demand for secure, user-friendly, and sustainable software, ISO/IEC 25010 has become a benchmark for defining and evaluating non-functional requirements. From digital services to embedded control systems, organizations are using this model to shape robust design practices and QA strategies.
As AI, cloud-native architectures, and agile/DevOps adoption surge, ISO/IEC 25010 provides a consistent way to ensure that system qualities remain traceable and measurable amid evolving technical landscapes.
How Pacific Certifications Can Help
Pacific Certifications enables organizations to align their development and procurement processes with ISO/IEC 25010 through:
- Software quality maturity assessments
- Custom training and NFR specification workshops
- Mapping tools and test strategies to ISO/IEC 25010 characteristics
- Documentation support and verification reviews
- Integrated evaluations using ISO/IEC 25000 family standards
Optimize your software quality, contact us at support@pacificcert.com!
Frequently Asked Questions (FAQs)
Is ISO/IEC 25010 a certifiable standard?
No, but it supports compliance and evaluation frameworks that use quality models.
How does it differ from ISO/IEC 25019?
25010 focuses on software characteristics; 25019 focuses on user experience and impact.
Can ISO/IEC 25010 be applied to AI systems?
Yes, especially for measuring usability, security, reliability, and ethical AI behavior.
Is the standard only for large projects?
No, it scales well for startups, agile teams, and large system integrators alike.
Can it integrate with DevOps?
Yes, quality characteristics can be automated as part of CI/CD quality gates.
Ready to get ISO 25010 certified?
Contact Pacific Certifications to begin your certification journey today!
Suggested Certifications –
Read more: Pacific Blogs
