What Is ISO 25010 Software Quality Model?

Quality means something different to every person on a software team. Developers think about clean code. Testers think about bugs. Product managers think about user complaints. ISO 25010 is the international standard that gets everyone on the same page by defining exactly what software product quality looks like.

So what is the ISO 25010 software quality model, and why does it matter for your project?

This article breaks down the full standard, covering its nine product quality characteristics, the quality in use model, the differences between the 2011 and 2023 revisions, and how to actually apply it during software development. No fluff. Just the parts you need to evaluate and improve your product.

What is ISO 25010

ISO/IEC 25010 is an international standard that defines a structured quality model for evaluating software products and ICT systems. It belongs to the ISO/IEC 25000 SQuaRE (Systems and Software Quality Requirements and Evaluation) series, published by the International Organization for Standardization and the International Electrotechnical Commission.

The standard breaks software quality into clearly defined characteristics and sub-characteristics. These give teams a shared vocabulary for specifying, measuring, and evaluating how good a software system actually is.

ISO 25010 was first released in 2011 as a direct replacement for the older ISO/IEC 9126 standard. The 2023 revision (ISO/IEC 25010:2023) expanded the model from eight product quality characteristics to nine, adding safety as a top-level concern.

Two models live inside this standard. The Product Quality Model looks at the software itself. The Quality in Use Model looks at what happens when real people interact with it in real contexts.

Teams across the entire software development process use ISO 25010. Developers reference it during design. QA engineers build test plans around it. Acquirers use it to set quality requirements before signing contracts.

It is not a checklist you pass or fail. It is a reference framework that helps everyone involved agree on what “quality” actually means for a specific product.

How Did ISO 25010 Replace ISO 9126

ISO/IEC 9126 was the previous international standard for software product quality. Originally published in 1991 and revised in 2001, it organized quality into six characteristics: functionality, reliability, usability, efficiency, maintainability, and portability.

It worked fine for its time. But software changed faster than the standard did.

By the late 2000s, two gaps were obvious. Security had become a top concern for nearly every product, yet ISO 9126 buried it as a sub-characteristic under functionality. Compatibility between systems, APIs, and shared environments also needed its own space. The old model did not give either topic the weight it deserved.

ISO/IEC 25010:2011 pulled both security and compatibility out as standalone characteristics. That brought the count from six to eight. The standard also introduced a clearer separation between the Product Quality Model and the Quality in Use Model, something ISO 9126 handled loosely.

Then the 2023 revision pushed further. Safety got added as a ninth top-level characteristic, which mattered a lot for teams building medical devices, automotive systems, and other safety-critical software. Several sub-characteristics were renamed or replaced to better match how the industry actually talks about quality.

“Usability” became “interaction capability.” “Portability” became “flexibility.” These are not just label swaps. The scope of what each characteristic covers shifted too.

The SQuaRE series (ISO/IEC 25000 family) wrapped ISO 25010 into a larger ecosystem. ISO 25012 handles data quality. ISO 25020 through 25024 cover measurement. ISO 25040 addresses evaluation processes. ISO 25010 is specifically the quality model portion, the part that defines what you should measure.

What Are the Two Quality Models in ISO 25010

ISO 25010 contains two distinct models that look at quality from different angles. One focuses on the product. The other focuses on the people using it.

Both matter. A product can score well on internal quality metrics and still frustrate users in practice. The reverse happens too: a product with rough code can deliver a satisfying experience if it hits the right functional marks.

These two models work together to give a complete picture of software quality, covering both what the product is and what it does for people.

What is the Product Quality Model

The Product Quality Model evaluates the static and dynamic properties of the software itself. In the 2023 version, it defines nine characteristics: functional suitability, performance efficiency, compatibility, interaction capability, reliability, security, maintainability, flexibility, and safety.

Developers, software architects, QA staff, and independent evaluators all reference this model. It applies to any ICT product, including subsystems, firmware, and hardware components.

What is the Quality in Use Model

The Quality in Use Model measures what happens when someone actually uses the product in a specific context. It covers five characteristics: effectiveness, efficiency, satisfaction, freedom from risk, and context coverage.

This model is inherently subjective and context-dependent. The same software might score differently depending on who uses it, where, and for what purpose. Gathering real user feedback is the only way to evaluate it properly.

What Are the Product Quality Characteristics of ISO 25010

The 2023 revision of ISO/IEC 25010 defines nine product quality characteristics. Each one breaks down into sub-characteristics that target specific, measurable aspects of a software system.

Not every characteristic carries the same weight for every project. A banking app will prioritize security and reliability. A game engine cares more about performance efficiency. The standard gives you the full menu. Your project context determines what to order.

Below is each characteristic with its sub-characteristics and what they actually mean in practice.

What is Functional Suitability

Functional suitability measures how well a product delivers functions that meet stated and implied needs. It has three sub-characteristics:

• Functional completeness – do the functions cover all specified tasks and user objectives
• Functional correctness – do they produce accurate results
• Functional appropriateness – do they actually help users accomplish their goals

This characteristic connects directly to requirements engineering. If the requirements are vague, functional suitability scores will reflect that. Teams that write clear software requirement specifications have a much easier time evaluating this characteristic later.

What is Performance Efficiency

Performance efficiency is the relationship between a product’s performance level and the resources it consumes under specified conditions. Three sub-characteristics define it:

• Time behavior – response times and throughput rates
• Resource utilization – CPU, memory, storage, network, and energy consumption
• Capacity – maximum limits the system can handle

Measuring this requires real testing under load. Tools that simulate concurrent users, track memory allocation, and monitor CPU usage during peak conditions give you actual numbers instead of guesses.

What is Compatibility

Compatibility evaluates whether a product can exchange information with other systems and perform its functions while sharing the same environment. Two sub-characteristics:

• Co-existence – performing required functions without hurting other products sharing the same resources
• Interoperability – exchanging information with other systems and mutually using that information

This matters most for products that rely on API integration, shared databases, or cloud-based infrastructure where multiple services run side by side.

What is Interaction Capability

Interaction capability (called “usability” in the 2011 version) measures how well specified users can interact with a product to complete tasks. The 2023 revision expanded this characteristic significantly:

• Appropriateness recognizability – can users tell if the product fits their needs
• Learnability – how quickly can specified users learn to use it
• Operability – ease of operation and control
• User error protection – preventing user mistakes
• User engagement – replaces “user interface aesthetics” from the 2011 version
• Inclusivity – new in 2023, covering usability across diverse user characteristics
• Self-descriptiveness – new in 2023, making the product’s capabilities obvious without external help
• User assistance – degree of built-in help and guidance

Good UI/UX design directly influences almost every sub-characteristic here. Wireframing early in the design process helps teams catch interaction problems before they become expensive to fix.

What is Reliability

Software reliability is the degree to which a system performs specified functions under specified conditions for a specified period. Four sub-characteristics:

• Faultlessness – replaces “maturity” from 2011, measuring how free the system is from faults
• Availability – system is operational and accessible when required
• Fault tolerance – system operates correctly despite hardware or software faults
• Recoverability – ability to recover data and re-establish desired state after interruption

Reliability testing often involves fault injection, where teams deliberately break things to see how the system responds. Regression testing after every change helps prevent reliability from degrading over time.

What is Security

Security is the degree to which a product protects information and data so that persons or other systems have appropriate access consistent with their authorization levels. Six sub-characteristics in the 2023 revision:

• Confidentiality – data accessible only to those authorized
• Integrity – preventing unauthorized modification of data or programs
• Non-repudiation – actions can be proven to have occurred
• Accountability – tracing actions back to their source
• Authenticity – verifying identity of a subject or resource
• Resistance – new in 2023, defending against attack patterns

The addition of resistance as a sub-characteristic reflects how much the threat landscape changed between 2011 and 2023. Teams building web apps or mobile products should treat security evaluation as continuous, not a one-time gate. Using token-based authentication and running regular penetration tests are practical steps that map directly to these sub-characteristics.

What is Maintainability

Maintainability measures how effectively and efficiently a product can be modified after delivery. Five sub-characteristics:

• Modularity – system composed of discrete components so changes to one have minimal impact on others
• Reusability – components can be used in other systems
• Analysability – how easily you can diagnose deficiencies or trace failures
• Modifiability – product can be changed without introducing defects
• Testability – how well test criteria can be established and tests executed

Poor maintainability is where technical debt lives. Code refactoring improves modularity and analysability. A solid code review process catches modifiability problems before they compound.

What is Flexibility

Flexibility (called “portability” in the 2011 version) covers how well a product can be transferred, adapted, or scaled across different environments. Four sub-characteristics:

• Adaptability – handling different hardware, software, or usage environments
• Installability – successful installation and uninstallation
• Replaceability – ability to replace another product serving the same purpose
• Scalability – new in 2023, handling growing or shrinking workloads

The addition of scalability as a sub-characteristic was overdue. Modern products need to handle traffic spikes without manual intervention. Containerization and load balancing are practical implementations of flexibility at the infrastructure level.

What is Safety

Safety is entirely new in the 2023 revision. It measures the degree to which a product achieves acceptable levels of risk to human life, health, property, or the environment. Four sub-characteristics:

• Operational constraint – system constrains its operation to safe parameters
• Risk identification – identifying potential hazards
• Fail safe – maintaining safe state when failure occurs
• Hazard warning – providing warnings when hazards are detected

This characteristic matters most for embedded systems, medical device software, automotive control systems, and industrial automation. If your product can physically affect people or property, safety sub-characteristics should rank at the top of your evaluation priorities.

What Are the Quality in Use Characteristics of ISO 25010

The Quality in Use Model shifts perspective from the product to the user’s actual experience. Five characteristics measure outcomes when real people interact with software in real contexts.

You cannot evaluate these in a lab alone. They require observation, user feedback, and contextual data from production environments.

What is Effectiveness in Quality in Use

Effectiveness measures the accuracy and completeness with which users achieve specified goals. A task completion rate of 95% tells you more than any code metric about whether your product works for the people using it.

What is Efficiency in Quality in Use

Efficiency is the ratio of resources expended to the accuracy and completeness of goals achieved. Fewer clicks, less time, less cognitive load to reach the same result. Directly influenced by the interaction capability characteristics on the product side.

What is Satisfaction in Quality in Use

Satisfaction covers the user’s subjective response. Four sub-characteristics: usefulness, trust, pleasure, and comfort. These are measured through surveys, interviews, and behavioral data, not code analysis.

What is Freedom from Risk in Quality in Use

Freedom from risk measures how well the product mitigates potential harm. Three sub-characteristics cover economic risk, health and safety risk, and environmental risk. Financial applications and healthcare software score heavily here.

Teams can use a risk assessment matrix to map these sub-characteristics to real project scenarios.

What is Context Coverage in Quality in Use

Context coverage evaluates whether the product works across different contexts of use. Two sub-characteristics: context completeness and flexibility. A product that performs well on desktop Chrome but breaks on mobile Safari has a context coverage problem.

What Changed Between ISO 25010:2011 and ISO 25010:2023

The 2023 revision was not a cosmetic update. The model structure changed in ways that affect how teams plan quality evaluation.

Biggest changes:

• Safety added as a ninth top-level product quality characteristic
• “Usability” renamed to “interaction capability” with expanded scope
• “Portability” renamed to “flexibility”
• New sub-characteristics added: inclusivity, self-descriptiveness, resistance, scalability
• “Maturity” replaced by “faultlessness”
• “User interface aesthetics” replaced by “user engagement”

The characteristic count went from eight to nine. Sub-characteristic count also grew. Teams still using the 2011 framework should review their quality evaluation criteria against the updated model, especially for projects involving safety-critical systems or products that serve diverse user populations.

How is ISO 25010 Used in Software Development

ISO 25010 maps to every phase of the software development lifecycle. How it gets applied depends on who is using it and when.

During planning and requirements: Product managers and business analysts use the characteristics to define functional and non-functional requirements. Reliability targets, security thresholds, and performance benchmarks all come from this model.

During design: Architects make structural decisions based on maintainability, flexibility, and compatibility goals. Choosing between microservices and monolithic architecture, for instance, directly affects modularity and scalability scores.

During testing: Software testers build test plans around specific sub-characteristics. Load tests target performance efficiency. Fault injection targets reliability. Access control tests target security. Each type of software testing connects back to the model.

During deployment and maintenance: Teams track real-world metrics post-launch. Post-deployment maintenance activities like defect tracking and change request management feed back into the quality model. Reliability and maintainability scores evolve as the product ages.

Organizations pursuing software compliance certifications often use ISO 25010 as the backbone of their quality assurance process.

How Does ISO 25010 Relate to ISO 25000 SQuaRE

ISO 25010 does not exist in isolation. It is one part of the ISO/IEC 25000 SQuaRE (Systems and Software Quality Requirements and Evaluation) series, a family of standards that covers the full spectrum of software quality management.

The SQuaRE series is organized into divisions:

• ISO/IEC 25000 – quality management overview and vocabulary
• ISO/IEC 25010 – product quality model (the standard covered in this article)
• ISO/IEC 25012 – data quality model
• ISO/IEC 25020 to 25024 – quality measurement
• ISO/IEC 25040 – quality evaluation process

ISO 25010 defines what to measure. ISO 25020-25024 defines how to measure it. ISO 25040 defines the process for conducting the evaluation. They work as a system.

Teams that only use ISO 25010 without the measurement and evaluation standards often struggle to turn quality characteristics into actual metrics. The full SQuaRE series gives you the complete workflow from model to measurement to evaluation to results.

How to Apply ISO 25010 to Software Quality Evaluation

Start by selecting which characteristics and sub-characteristics matter most for your product. Not all nine carry equal weight for every project.

A medical records system will weight security, reliability, and safety heavily. A consumer mobile app might prioritize interaction capability and performance efficiency instead. Context drives the decision.

Practical steps:

• Identify your product type and stakeholder priorities
• Select relevant characteristics and sub-characteristics
• Define specific quality metrics for each selected sub-characteristic
• Set measurable thresholds (response time under 200ms, availability above 99.9%)
• Map metrics to your testing lifecycle phases
• Evaluate results against thresholds and iterate

A gap analysis can help identify which sub-characteristics your current product falls short on. Pair that with a development plan that targets specific quality improvements across releases.

Keep your documentation updated as quality targets change. What matters at launch is different from what matters two years in. The standard gives you a stable framework, but your priorities within it should shift as your product and users evolve.

Frameworks like CMMI and ITIL complement ISO 25010 by providing process maturity and service management perspectives. Using them together gives both a quality model and a process model to back it up.

FAQ on What Is ISO 25010 Software Quality Model

What is the purpose of ISO 25010?

ISO/IEC 25010 provides a structured quality model for specifying, measuring, and evaluating software product quality. It gives developers, testers, and acquirers a shared framework with defined characteristics and sub-characteristics to assess how well a software system meets stakeholder needs.

How many quality characteristics does ISO 25010 define?

The 2023 revision defines nine product quality characteristics: functional suitability, performance efficiency, compatibility, interaction capability, reliability, security, maintainability, flexibility, and safety. The Quality in Use Model adds five more characteristics focused on user experience outcomes.

What is the difference between ISO 25010 and ISO 9126?

ISO 25010 replaced ISO/IEC 9126 in 2011. It added security and compatibility as standalone characteristics, introduced a clearer separation between product quality and quality in use, and expanded from six to eight (now nine) top-level characteristics.

What changed in the ISO 25010:2023 revision?

Safety was added as a ninth characteristic. “Usability” became “interaction capability” and “portability” became “flexibility.” New sub-characteristics include inclusivity, self-descriptiveness, resistance, and scalability. “Maturity” was replaced by faultlessness.

What is the Quality in Use Model in ISO 25010?

The Quality in Use Model measures outcomes when real users interact with software in specific contexts. It covers five characteristics: effectiveness, efficiency, satisfaction, freedom from risk, and context coverage. It requires actual user feedback to evaluate properly.

Is ISO 25010 a certification or a framework?

ISO 25010 is a reference framework, not a pass/fail certification. Organizations use it to define quality requirements and evaluation criteria for their products. Some companies pursue software audits based on ISO 25010 characteristics to validate compliance.

How does ISO 25010 relate to the SQuaRE series?

ISO 25010 is the quality model component of the ISO/IEC 25000 SQuaRE series. Other standards in the series cover measurement (ISO 25020-25024), data quality (ISO 25012), and evaluation processes (ISO 25040). Together they form a complete quality management system.

Who uses ISO 25010 in software development?

Developers, QA engineers, software architects, product managers, acquirers, and independent evaluators all reference ISO 25010. Each role focuses on different characteristics based on their responsibilities within the software development lifecycle.

Does ISO 25010 apply to mobile and web applications?

Yes. The standard applies to any ICT product, including mobile apps, web applications, desktop software, embedded systems, and firmware. Teams building cross-platform apps use it to evaluate quality across different target environments and user contexts.

How do you apply ISO 25010 to a real project?

Select relevant characteristics based on your product type and stakeholder priorities. Define measurable metrics for each sub-characteristic, set thresholds, map them to your testing phases, and evaluate results. Pair it with software validation practices for best results.

Conclusion

Understanding what is the ISO 25010 software quality model comes down to one thing: having a shared language for quality that every stakeholder can actually use. Without it, teams argue about vague goals and subjective opinions.

The nine product quality characteristics in the 2023 revision, from functional suitability to safety, cover what modern software needs to get right. The Quality in Use Model fills the gap by measuring real user outcomes like effectiveness, satisfaction, and freedom from risk.

Pick the characteristics that match your product context. Set measurable thresholds. Test against them at every phase of the software testing lifecycle.

ISO 25010 does not guarantee quality. But it gives your team a clear, structured way to define it, measure it, and improve it across every release cycle.

• Author
• Recent Posts

Bogdan Sandu

Bogdan Sandu specializes in web design, focusing on creating user-friendly websites, and innovative UI kits.

Many of his resources are available on various design marketplaces and for free on Codepen.

Over the years, he's worked with a range of clients and contributed to design publications like Design Your Way, Designmodo, WebDesignerDepot, WPDean, and Speckyboy, and Slider Revolution among others.

Latest posts by Bogdan Sandu (see all)

• Android App Drawer vs Home Screen: Differences Explained - April 16, 2026
• 7 Things to Know Before Buying Refurbished Servers in 2026 - April 16, 2026
• iPhone Parental Controls: Complete Guide - April 15, 2026