ISO 25010:2023 Guide to Software Product Quality Standards

Pacific Certifications
5 min read

ISO 25010 Software Product Quality Model

Introduction

In software development, the idea of “quality” often means different things to different stakeholders. For users, it may be about ease of use or reliability but for developers, it may involve maintainability and security; for business leaders, it can mean cost-effectiveness and market competitiveness. To unify these perspectives, ISO/IEC 25010:2023 provides a structured quality model that defines the characteristics and sub-characteristics of software product quality.

Originally published in 2011, ISO/IEC 25010 remains the global reference for evaluating software quality. By applying this model, organizations can systematically align requirements, testing, and evaluation with internationally accepted standards, improving consistency and confidence in their software products.

Good software is not defined only by its functionality, but by how well it performs, adapts, and supports user needs over time

ISO/IEC 25010 defines a clear and structured model for assessing and ensuring software quality throughout the development lifecycle. Whether you're developing enterprise applications, consumer apps, or SaaS platforms, ISO/IEC 25010 provides a shared language and metrics for developers, testers, quality analysts and business stakeholders.

What are the eight product quality characteristics according to ISO/IEC 25010?

The latest version ISO/IEC 25010:2023 defines eight main characteristics, each broken down into sub-characteristics:

Functional suitability – Completeness, correctness, and appropriateness of functions.

Performance efficiency – Time behavior, resource utilization, and capacity under defined conditions.

Compatibility – Interoperability and coexistence with other systems or software.

Usability – Learnability, accessibility, and user interface quality.

Reliability – Availability, fault tolerance, and recoverability after failures.

Security – Confidentiality, integrity, authenticity, accountability, and non-repudiation.

Maintainability – Modularity, reusability, analyzability, and modifiability of code.

Portability – Installability, adaptability, and replaceability across platforms.

ISO/IEC 25010 Quality characteristics and sub-characteristics

Characteristic
Sub-Characteristics
Description
Functional suitability
- Functional completeness - Functional correctness - Functional appropriateness
Ability of the software to provide functions that meet stated and implied needs.
Performance efficiency
- Time behavior - Resource utilization - Capacity
How well the system uses resources and performs under specified conditions.
Compatibility
- Coexistence - Interoperability
Ability to work with other systems without negative impact.
Usability
- Appropriateness recognizability - Learnability - Operability - User error protection - User interface aesthetics - Accessibility
Degree to which the software is easy to use and learn, and protects users from errors.
Reliability
- Maturity - Availability - Fault tolerance - Recoverability
Consistency of performance and ability to recover from failures.
Security
- Confidentiality - Integrity - Non-repudiation - Accountability - Authenticity
Protection of information and systems from unauthorized access or modification.
Maintainability
- Modularity - Reusability - Analyzability - Modifiability - Testability
How easily the software can be maintained, adapted, and tested.
Portability
- Adaptability - Installability - Replaceability
Ability of the software to be transferred from one environment to another.

How to embed  ISO/IEC 25010 into the Software Development Lifecycle (SDLC)?

Software development follows phases like planning, design, coding, testing, deployment, and maintenance. Integrating ISO/IEC 25010 across these phases ensures you build quality in, not bolt it on later:

  • During planning & requirements, map features to quality factors (e.g. usability, security, reliability).

  • In design & architecture, use compatibility and maintainability goals to guide modular structure, APIs, and interface design.

  • During development & coding, follow secure-by-design practices and measure resource usage (performance efficiency).

  • In testing, validate each characteristic: load tests for performance, fault injection for reliability, access controls for security.

  • During deployment & maintenance, track real usage, monitor reliability, handle patches, and measure portability for new environments.

Looking to align your SDLC with ISO/IEC 25010 for better software governance? Pacific Certifications can guide your development teams through ISO-aligned audits and quality model integration. Contact us at [email protected].

Functional suitability to maintainability: A deep dive into ISO 25010

ISO 25010 defines software product quality using eight primary characteristics, each with its own sub-characteristics. Here's an overview of these dimensions and what they mean in practice:

ISO 25010

Functional Suitability

Measures whether the software provides functions that meet stated and implied needs when used under specified conditions. Includes functional completeness, correctness, and appropriateness.

Performance Efficiency

Evaluates system response times, resource usage, and throughput. This is essential in applications where performance is business-critical, such as financial systems or real-time platforms.

Compatibility

Refers to the ability of the software to operate with other products or systems, including co-existence and interoperability—vital for SaaS, API-driven services, or hybrid ecosystems.

Usability

Focuses on user experience, learnability, operability, and user interface design. Usability affects adoption, engagement, and overall satisfaction.

Reliability

Ensures the system performs consistently and predictably, including availability, fault tolerance, and recoverability. Especially critical for healthcare, aviation, and security-based software.

Security

Covers aspects like confidentiality, integrity, non-repudiation, and vulnerability handling. In an age of data breaches and compliance, this cannot be overlooked.

Maintainability

Determines how easily a software product can be modified. Includes testability, modularity, and reusability—important for long-term development and DevOps success.

Portability

Refers to how well the software can be transferred from one environment to another. Includes adaptability, installability, and replaceability.

Applying ISO/IEC 25010 in software projects allows organizations to define quality goals tied to business impact—for example, minimizing service downtime, reducing helpdesk tickets, or ensuring faster time to market with each release.

To conduct an ISO/IEC 25010 quality audit or integrate these metrics into your QA strategy, reach out to [email protected].

ISO 25010 vs ISO 9001:2015 which standard applies to your software?

One common question among quality managers and CTOs is whether to adopt ISO 25010 or ISO 9001 when building or evaluating software products. While both standards relate to quality, they serve different purposes.

ISO 25010 vs ISO 9001:2015

ISO 25010 is specifically designed to evaluate the internal and external quality of a software product. It focuses on attributes like usability, maintainability, and security—providing precise guidance for software architecture, development, and testing teams.

ISO 9001:2015, on the other hand, is a general quality management system (QMS) standard applicable to any industry. It sets the foundation for consistent product or service delivery, customer satisfaction, and process control but doesn’t provide product-specific metrics or guidance.

If you’re looking to certify your software development processes and outputs, ISO 25010 is the right fit. If your focus is broader, like ensuring quality across your entire organization’s operations, including HR, procurement, and customer support, ISO 9001 may be more appropriate.

In many cases, companies pursue both: ISO 9001 for organizational governance and ISO 25010 as a technical framework within software projects.

Need help deciding which ISO standard suits your software business best? Schedule a call with Pacific Certifications via [email protected].

Creating High-Quality Software Products with ISO 25010 Metrics

ISO 25010 helps organizations move beyond vague statements like “make the software faster” or “improve user experience” by offering concrete, measurable criteria for software quality.

By mapping each software feature to relevant ISO 25010 characteristics during the requirement-gathering phase, teams can define precise quality goals. For example:

  • Response times under 1 second for key tasks (Performance Efficiency)
  • Recovery from system failure within 30 seconds (Reliability)
  • Successful user onboarding within 3 minutes (Usability)
  • Modular components reused across 3+ projects (Maintainability)

These metrics also serve as benchmarks during code reviews, automated testing, and stakeholder reporting—ensuring teams remain aligned and accountable.

Moreover, using ISO 25010 metrics enhances communication between business and technical teams, ensuring that quality becomes a shared objective, not an isolated function of the QA team.

We at Pacific Certifications can support your software teams in creating custom quality dashboards, audit templates, and metric frameworks based on ISO 25010. To learn more, write to us at [email protected].

Conclusion

To sum up, ISO 25010 provides a universal framework for assessing and improving software product quality, empowering organizations to build high-performing, secure, and user-friendly applications that meet both business and end-user expectations.

From planning to post-deployment, ISO 25010 ensures that quality is built into your SDLC—not bolted on at the end. Whether you're launching a new app or managing an enterprise software platform, applying this standard will significantly reduce risk, streamline development, and boost customer satisfaction.

Ready to get ISO 25010 certified?

Pacific Certifications, an accredited ISO body, can assist software companies, IT departments, and DevOps teams in aligning their development workflows with ISO 25010, conducting quality audits, and integrating best practices into every sprint.

Contact Pacific Certifications to begin your certification journey today!

Suggested Certifications –

  1. ISO 9001:2015
  2. ISO 14001:2015
  3. ISO 45001:2018
  4. ISO 22000:2018
  5. ISO 27001:2022
  6. ISO 13485:2016
  7. ISO 50001:2018


Read more: Pacific Blogs


Pacific Certifications

ISO STANDARDS
ISO 25010
​ISO 9001:2015
ISO CERTIFICATION

Frequently Asked Questions

What is ISO/IEC 25010?

It’s an international model defining eight quality characteristics to evaluate and improve software products. Pacific Certifications can guide your implementation.


Does ISO 25010 overlap with ISO 9001?

Yes—ISO 9001 covers quality management; ISO 25010 drills into software-specific metrics. Integrating both drives product excellence.

How does the model help with security?

It defines security sub-attributes (confidentiality, integrity, non-repudiation, accountability, authenticity) to build secure‐by‐design products.

Can ISO 25010 improve customer satisfaction?

Absolutely. By scoring usability and reliability, you fix pain points early, boosting user trust and retention.

Is training available for ISO 25010 adoption?

Yes—Pacific Certifications offers workshops on mapping the model to real-world test plans, KPIs, and audit requirements.


What quality characteristics does ISO 25010 set out?

ISO 25010 lists eight product-quality characteristics: Functional Suitability, Reliability, Performance Efficiency, Usability, Security, Compatibility, Maintainability and Portability.

How is ISO 25010 different from the older ISO 9126 model?

The 25010 model kept the six ISO 9126 characteristics and added two new ones—Security and Compatibility—giving teams a clearer way to judge non-functional qualities such as protection and co-existence.

Has ISO 25010 been updated since the 2011 release?

Yes. A revised edition appeared in late 2023, adding fresh sub-characteristics such as scalability and inclusivity while keeping the core eight-factor structure.

Is ISO 25010 itself a certifiable standard?

ISO 25010 is a quality model rather than a management-system standard, so there is no single global accreditation scheme. Some specialist labs—AQCLab working with AENOR, for example—issue product certificates after evaluating software against selected 25010 attributes like Maintainability.

How can a development team use ISO 25010 in an agile or DevOps workflow?

Teams map user stories to the eight characteristics, set measurable targets, and review each sprint or release against those targets. Practitioners note that running a quick checklist of the 25010 factors during backlog grooming and after automated tests helps catch gaps early without slowing delivery.

Pacific Certifications

Looking for ISO Certification? Get in touch now!

Pacific Certifications

Management system certification body for ISO certifications like ISO 9001, ISO 14001, ISO 45001, ISO 27001 etc and product certifications like CE Mark, HACCP, GMP etc

Visit Site

Previous Post

ISO 22301:2016 Business Continuity for SaaS and Cloud Providers

Next Post

ISO/IEC 27701:2019: The Gold Standard for Privacy Information Management

Pacific Certifications

Looking for ISO Certifications? Get in touch now!