Systems and software engineering — Systems and software quality requirements and evaluation (SQuaRE) — Quality requirements framework

This document provides the framework for quality requirements for systems, software products and data, which includes concept of the quality requirements, and requirements and recommendations for the processes and methods to elicit, define, use and govern them. Intended readers of this document include, but are not limited to: — acquirers: evaluate if the system/software products/data fulfills their value proposition, i.e., meets the expected quality, — developers: design, implement and test the system/software products/data to ensure that it meets the expected quality, — testers: verify and validate that the system/software products/data meets the expected quality, — project managers: plan, monitor and control the achievement of the expected quality, and — independent evaluators: evaluate the system/software products/data with the objective criteria. This document complies with the technical processes defined in ISO/IEC/IEEE 15288, which are relevant for elicitation of stakeholders' quality needs and for defining, analyzing and maintaining quality requirements. In this document, the quality models in ISO/IEC 25010 and ISO/IEC 25012 are used to categorize quality requirements and to provide a basis for quantifying them in terms of quality measures in the quality measure division of ISO/IEC 2502n. This document does not cover specification of the other requirements (such as functional requirements, process requirements, etc.), and prescribes neither any specific quality measure nor any specific development process.

Titre manque

General Information

Status
Published
Publication Date
27-Aug-2019
Current Stage
6060 - International Standard published
Due Date
09-Dec-2019
Completion Date
28-Aug-2019
Ref Project

Relations

Buy Standard

Standard
ISO/IEC 25030:2019 - Systems and software engineering -- Systems and software quality requirements and evaluation (SQuaRE) -- Quality requirements framework
English language
46 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 25030
Second edition
2019-08
Systems and software engineering —
Systems and software quality
requirements and evaluation
(SQuaRE) — Quality requirements
framework
Reference number
ISO/IEC 25030:2019(E)
©
ISO/IEC 2019

---------------------- Page: 1 ----------------------
ISO/IEC 25030:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2019 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 25030:2019(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 4
5 Conformance . 5
6 Concept of quality requirements . 5
6.1 General . 5
6.2 Types of quality requirements . 5
6.3 Targets for quality requirements . 5
6.4 Quality models and measures for quality requirements . 7
6.5 Important considerations of quality requirements. 7
6.5.1 Sources of quality requirements . 7
6.5.2 Categories of ICT products . 8
6.5.3 Interrelation with functional/data requirements . 8
6.5.4 Derivation of quality requirements . 9
6.5.5 Quality requirements trade-offs . 9
7 Quality requirements processes .10
7.1 General .10
7.2 Overview of quality requirements processes .10
7.3 Elicitation of quality needs .11
7.3.1 Identification of stakeholders .11
7.3.2 Defining stakeholder needs .11
7.4 Steps for defining quality requirements .12
7.4.1 Overall description .12
7.4.2 Definition of steps .14
8 Using and governing quality requirements .16
8.1 Critical success factors for implementing quality requirements .16
8.2 Quality requirements traceability .17
8.3 Critical factors for testing quality requirements .17
Annex A (informative) Recommended process for elicitation of quality needs .18
Annex B (informative) Example for mapping quality needs to quality characteristics .24
Annex C (informative) Example for specifying quality requirements .27
Annex D (informative) Relationship to ISO/IEC/IEEE 15288 (System lifecycle processes) .28
Annex E (informative) Relationship to ISO/IEC/IEEE 29148 (Requirement engineering) .31
Annex F (informative) Derivation from quality in use requirements to product quality
requirements.35
Annex G (informative) Example of relationship between product quality characteristics .37
Annex H (informative) Example of deployment and traceability of quality requirements to
software .39
Annex I (informative) Example of stakeholder-target matrix .40
Annex J (informative) Examples of level of quality required for different ICT products(using
decision table format) .42
Annex K (informative) IT service quality requirements .45
© ISO/IEC 2019 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 25030:2019(E)

Bibliography .46
iv © ISO/IEC 2019 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 25030:2019(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/patents) or the IEC
list of patent declarations received (see http: //patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and Systems Engineering.
This second edition cancels and replaces the first edition (ISO/IEC 25030:2007), which has been
technically revised.
The main changes compared to the previous edition are as follows:
— extension of the view from software to system;
— enhancement and deployment of quality requirements;
— clarification of quality requirements definition steps:
— stating them exhaustively by using the quality models;
— specifying them with the quality measures with criteria for evaluation;
— clarification of how to use quality requirements.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
© ISO/IEC 2019 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 25030:2019(E)

Introduction
It is important to identify and specify quality requirements as part of system, software and data
requirements, because finding the right balance of quality requirements, in addition to well-specified
functional requirements, is a critical success factor to meet the stakeholders' objectives. Quality
requirements are needed for:
— specifying the system, including contractual agreements and call for tender;
— planning the project, including feasibility analysis;
— developing the system, including identification of architecture drivers or potential quality problems
during development; and
— evaluating the system, including objective assessment and certification of quality.
This document focuses on defining, using and governing quality requirements. If not clearly defined,
they can be viewed, interpreted, implemented and evaluated differently by the relevant stakeholders.
This can result in systems that are inconsistent with user expectations and of poor quality; and time
and cost overruns to rework the system. Therefore quality requirements for the system need to be
specified clearly at the earliest stage of the development or acquiring process as possible, to provide a
critical input to the development or acquisition.
This document can be used to improve the quality of quality requirements, by providing requirements
and recommendations for them, and provides guidance for the steps used to define and use them.
Quality requirements can be categorized into characteristics/subcharacteristics by using the
quality models defined in the ISO/IEC 2501n family of standards. Measures of these characteristics/
subcharacteristics, which are defined in the ISO/IEC 2502n family of standards, can be used to specify
quality requirements and evaluate the quality of the target system or data. After ISO/IEC 25030:2007
was published, several international standards which define these models and measures have been
published and so the previous edition has become inconsistent with these standards.
Furthermore many systems are now deeply embedded into social infrastructures used in daily life. This
requires the systems to achieve much higher quality; e.g., connected systems need to be interoperable
and secure, reliable, maintainable and usable.
This revision updates the quality requirements division of SQuaRE series, aligning it with the other
divisions, and furthermore providing more practical guidelines for defining and using quality
requirements.
Figure 1 illustrates the organization of the SQuaRE series representing families of standards, further
called divisions. The SQuaRE series consists of five main divisions and on extension division. The
divisions within the SQuaRE series are:
— ISO/IEC 2500n — Quality Management Division. The standards that form this division define
all common models, terms and definitions used by all other standards in the SQuaRE series. The
division also provides requirements and guidance for the planning and management of a project.
— ISO/IEC 2501n — Quality Model Division. The standards that form this division provide quality
models for system/software products, quality in use (QIU), data, and IT services. Practical guidance
on the use of the quality model is also provided.
— ISO/IEC 2502n — Quality Measurement Division. The standards that form this division include
a system/software product quality measurement reference model, definitions of quality measures,
and practical guidance for their application. This division presents internal measures of software
quality, external measures of software quality, QIU measures and data quality measures. Quality
measure elements forming foundations for the quality measures are defined and presented.
— ISO/IEC 2503n — Quality Requirements Division. The standard that forms this division helps
specifying quality requirements. These quality requirements can be used in the process of quality
vi © ISO/IEC 2019 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/IEC 25030:2019(E)

requirements elicitation for a system/software product to be developed, designing a process for
achieving necessary quality, or as inputs for an evaluation process.
— ISO/IEC 2504n — Quality Evaluation Division. The standards that form this division provide
requirements, recommendations and guidelines for system/software product evaluation, whether
performed by independent evaluators, acquirers or developers. The support for documenting a
measure as an Evaluation Module is also presented.
ISO/IEC 25050 to ISO/IEC 25099 are reserved for SQuaRE extension International Standards, which
currently include in ISO/IEC 25051 requirements for quality of Ready to Use Software Products (RUSP)
and instructions for testing, and in ISO/IEC TR 25060 to ISO/IEC 25069 common industry format for
usability.
Figure 1 — Organization of the SQuaRE series of International Standards
© ISO/IEC 2019 – All rights reserved vii

---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO/IEC 25030:2019(E)
Systems and software engineering — Systems and software
quality requirements and evaluation (SQuaRE) — Quality
requirements framework
1 Scope
This document provides the framework for quality requirements for systems, software products and
data, which includes concept of the quality requirements, and requirements and recommendations for
the processes and methods to elicit, define, use and govern them. Intended readers of this document
include, but are not limited to:
— acquirers: evaluate if the system/software products/data fulfills their value proposition, i.e., meets
the expected quality,
— developers: design, implement and test the system/software products/data to ensure that it meets
the expected quality,
— testers: verify and validate that the system/software products/data meets the expected quality,
— project managers: plan, monitor and control the achievement of the expected quality, and
— independent evaluators: evaluate the system/software products/data with the objective criteria.
This document complies with the technical processes defined in ISO/IEC/IEEE 15288, which are
relevant for elicitation of stakeholders’ quality needs and for defining, analyzing and maintaining
quality requirements. In this document, the quality models in ISO/IEC 25010 and ISO/IEC 25012 are
used to categorize quality requirements and to provide a basis for quantifying them in terms of quality
measures in the quality measure division of ISO/IEC 2502n.
This document does not cover specification of the other requirements (such as functional requirements,
process requirements, etc.), and prescribes neither any specific quality measure nor any specific
development process.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 25000:2014, Systems and software engineering — Systems and software Quality Requirements
and Evaluation (SQuaRE) — Guide to SQuaRE
ISO/IEC 25010:2011, Systems and software engineering — Systems and software Quality Requirements
and Evaluation (SQuaRE) — System and software quality models
ISO/IEC 25012, Software engineering — Software product Quality Requirements and Evaluation
(SQuaRE) — Data quality model
ISO/IEC 25022, Systems and software engineering — Systems and software quality requirements and
evaluation (SQuaRE) — Measurement of quality in use
ISO/IEC 25023, Systems and software engineering — Systems and software Quality Requirements and
Evaluation (SQuaRE) — Measurement of system and software product quality
© ISO/IEC 2019 – All rights reserved 1

---------------------- Page: 8 ----------------------
ISO/IEC 25030:2019(E)

ISO/IEC 25024, Systems and software engineering — Systems and software Quality Requirements and
Evaluation (SQuaRE) — Measurement of data quality
ISO/IEC/IEEE 15288:2015, Systems and software engineering — System life cycle processes
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 25000 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
NOTE The essential definitions from ISO/IEC 25000 and the other ISO standards are reproduced here.
3.1
classification axis
total range of a mapping of systems and software for categorizing them from a particular perspective
[SOURCE: ISO/IEC TR 12182:2015, 3.7]
3.2
context of use
conditions and constraints under which ICT products (3.8) are used by specific users (3.20) in a specific
environment to achieve specific goals as part of the larger information system (3.10)
Note 1 to entry: Environment includes physical aspects such as equipment and resources as well as social aspects
such as demographics and culture.
3.3
deployment
deployment of requirements
assignment of requirements (3.16) along with the system decomposition
3.4
derivation
derivation of requirements
translation and elaboration of requirements (3.16) from one type of requirements to another in the
same system level
Note 1 to entry: Types of requirements include quality in use (3.13) requirements, product quality requirements
(3.15) and data requirements.
3.5
domain-based requirement
requirement (3.16) originated from its application domain
3.6
functional requirement
requirement (3.16) that specifies a function that a system or system component shall perform
[SOURCE: IEEE 730:2014, 3.2]
3.7
ICT requirement
requirement (3.16) resulting from adoption of some information and communication technologies (ICTs)
technical solutions in the design process
Note 1 to entry: ICT technical solutions include web-based technologies, cloud servers, and so on.
2 © ISO/IEC 2019 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 25030:2019(E)

3.8
ICT product
product (3.12) which uses information and communication technologies (ICTs) and can be a part of
information system (3.10)
Note 1 to entry: Figure 3 describes what ICT product consists of and the relationship to information system.
3.9
indirect user
person who receives output from a system, but does not interact with the system
EXAMPLE Executive manager, service acquirer.
[SOURCE: ISO/IEC 25010:2011, 4.3.6, modified — EXAMPLE has been added.]
3.10
information system
system that comprises of software, hardware, communication facility, data and the people who use it in
a given environment to satisfy their information processing needs
Note 1 to entry: Figure 3 describes what information system consists of.
3.11
primary user
user (3.20) who interacts with the system to achieve the primary goals
Note 1 to entry: The definition is adapted from ISO/IEC 25010:2011, 3.6.
3.12
product
artifact that is produced, is quantifiable and is deliverable to the user (3.20) as either an end item in
itself or a component item
Note 1 to entry: This definition is adapted from A Guide to the Project Management Body of Knowledge (PMBOK)
Fifth Edition.
Note 2 to entry: Product includes ICT products (3.8), software, and software components.
3.13
quality in use
extent to which the behavioral and attitudinal outcomes and consequences of use of a product (3.12),
system or service meets the needs of users (3.20) or other stakeholders (3.18) in specific contexts of
use (3.2)
3.14
quality measure
measure that is defined as a measurement function of two or more values of quality measure elements
[SOURCE: ISO/IEC 25010:2011, 4.3.10]
3.15
quality requirement
requirement (3.16) for quality properties or attributes of an ICT product (3.8), data or service that satisfy
needs which ensue from the purpose for which that ICT product, data or service is to be used
Note 1 to entry: Quality requirements in this document do not cover quality requirements for service.
3.16
requirement
statement which translates or expresses a need and its associated constraints and conditions
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.37]
© ISO/IEC 2019 – All rights reserved 3

---------------------- Page: 10 ----------------------
ISO/IEC 25030:2019(E)

3.17
secondary user
user (3.20) who interacts with the product (3.12) to support the primary users (3.11)
EXAMPLE Content provider, system manager, administrator, security manager, maintainer, installer.
[SOURCE: ISO/IEC/IEEE 24765:2017, 3.3651, modified — The word "person" has been replaced with
"user"; EXAMPLE has been added.]
3.18
stakeholder
individual or organization having a right, share, claim or interest in a system or in its possession of
characteristics that meet their needs and expectations
Note 1 to entry: Stakeholders include users (3.20), developers, testers, project managers, acquirers, independent
evaluators, data owners, supporters, trainers, regulatory bodies and other people influenced by the system.
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.44, modified — The original EXAMPLE and Note 1 to entry
have been replaced with a new Note 1 to entry.]
3.19
technical product quality requirement
product (3.12) quality requirement (3.15) on its technically identified properties which are used in its
development and maintenance processes
3.20
user
individual or group that interacts with a system or benefits from a system during its utilization
[SOURCE: ISO/IEC 25010:2011, 4.3.16, modified — NOTE has been removed.]
3.21
validation
confirmation, through the provision of objective evidence, that the requirements (3.16) for a specific
intended use or application have been fulfilled
[SOURCE: ISO/IEC 25000:2014, 4.41, modified — Note 1 to entry has been removed.]
3.22
verification
confirmation, through the provision of objective evidence, that specified requirements (3.16) have been
fulfilled
[SOURCE: ISO/IEC 25000:2014, 4.43, modified — Note 1 to entry has been removed.]
4 Abbreviated terms
ICT information and communication technology
PQR product quality requirement
QIUR quality in use requirement
DQR data quality requirement
SRS software requirements specification
StRS stakeholder requirements specification
SyRS system requirements specification
4 © ISO/IEC 2019 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC 25030:2019(E)

5 Conformance
Any quality requirements specification that conforms to this document shall meet all the requirements
described in Clauses 6, 7 and 8.
6 Concept of quality requirements
6.1 General
This clause describes the concept of quality requirements, including their target entities for which the
quality requirements are to be defined, and important considerations on them.
6.2 Types of quality requirements
Quality in use requirements (QIURs) specify the required levels of quality from the stakeholders' point
of view. These requirements are derived from the needs of various stakeholders. QIURs relate to the
outcome when the product is used in a particular context of use, and QIURs can be used as the target for
validation of the product.
Product quality requirements (PQRs) specify levels of quality required from the viewpoint of the ICT
product. Most of them are derived from stakeholder quality requirements including QIURs, which can
be used as targets for verification and validation of the target ICT product. Technical product quality
requirements are requirements for technically identified attributes (targeting specifications, source
code, etc.) to meet the other PQRs. Technical product quality requirements can be used as targets for
verification at various stages of development and maintenance.
NOTE 1 PQRs can also be used to specify attributes of deliverable, non-executable software products such as
documentation and manuals.
The data quality requirements (DQRs) specify levels of quality required for the data associated with
the product. These include requirements derived from QIURs and PQRs of input and output products.
DQRs can be used for verification and validation from the data side.
NOTE 2 Many DQRs can be derived from PQRs for the target product, while some DQRs such as data integrity
can be derived directly from QIURs.
6.3 Targets for quality requirements
The scope of the three types of quality requirements is shown in Figure 2. QIURs are defined on the
information system, which includes not only an ICT product but also its users and relevant environments
(e.g., mechanicals monitored/controlled by the ICT product and business processes in which the ICT
product is used). PQRs are defined on the ICT product or its constituents (including sub-ICT products,
hardware, communication facilities, software and, in some cases, software components), and DQRs are
defined on the data inside the ICT product.
© ISO/IEC 2019 – All rights reserved 5

---------------------- Page: 12 ----------------------
ISO/IEC 25030:2019(E)

Figure 2 — Scope of quality requirements
Figure 2 describes only the scope of each type of quality requirements, not describing the system
hierarchy, which is formally defined in Figure 3.
NOTE 1 Annex K describes how IT service quality requirements are to be treated.
Figure 3 — System hierarchy used in Figure 2
NOTE 2 Users include primary users, secondary users and indirect users. See Table 2.
NOTE 3 A “system of systems” can be considered an information system, which recursively includes some
subsidiary information systems.
6 © ISO/IEC 2019 – All rights reserved

---------------------- Page: 13 ------------------
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.