IT:AD:ISO 25010


ISO/IEC 25010:2011 was issued in 2011 and replaces IT:AD:ISO 9126, which in turn was derived from earlier work on IT:AD:FURPS on defining and classifying Requirements for software.


Part of IT:AD:SQuaRE, it has 8 characteristics, compared to IT:AD:ISO 9126's 6, and IT:AD:FURPS's 5:

  • Functional: (used to be Functionality in IT:AD:ISO 9126).
    • Completeness:
      • Stakeholder Functionality:
        • Public User functionality: functionality required by clients
        • Business functionality: functionality required by Business Users to provide services to clients (Read/Write/Approve/Logical Delete)
        • Business support functionality: functionality required by Business Support Specialists (Business Role allocation)
        • Application support functionality: functionality required by Support Specialists (System role allocation, Backup management).
        • Infrastructure support functionality: functionality required by Infrastructure Specialists, monitoring the platform
      • Obligations:
        • Legal:
          • Openness: adhering to open data directives
          • Security: adhering to data classification requirements
          • Privacy: adhering to national privacy laws
          • Archiving: adhering to archiving directives
        • Standards:
          • Security: adhering to national recommendations
          • Accessibility: by all members of the public, including the by visually impaired
          • Usability: by all members of the public, from the devices they most use
          • API Interfaces: adhering to web API standards
    • Correctness ← renamed from Accuracy in IT:AD:ISO 9126
    • Appropriateness ← renamed from Functional appropriateness in IT:AD:ISO 9126. Ref: ISO 9241-110
    • Validation:
    • Documentation:
  • Performance efficiency ← renamed from Efficiency, in IT:AD:ISO 9126 and IT:AD:FURPS
    • Time behavior
    • Resource Utilization
    • Capacity ←- new
  • Compatibility ← new
  • Usability
    • Appropriateness recognizability ← renamed from Understandability
    • Learnability
    • Operability
    • User Error Protection ← new
    • User Interface Aesthetics ← renamed from Attractiveness
    • Accessibility ← new
  • Reliability
    • Maturity
    • Availability ← new
    • Fault Tolerance
    • [Recoverability]
  • Security ← new
    • Confidentiality ← new
    • Integrity ← new
    • Non-Repudiation ← new
    • Accountability ← new
    • Authenticity ← new (identity can be proved to be the one claimed)
  • Maintainability
    • Modularity ← new
    • Reusability ← new
    • Analysability
    • Modifiability ← new amalgamation of older Reusability, Changeability, Stability in IT:AD:ISO 9126
    • Testability
  • Portability
    • Adaptability
    • Installability
    • Replaceability


Classifying Requirements has always been hard. Although we're closer with this system, the system still has issues.

  • where's Recoverability? I'll put it under Reliability for now. But maybe it was intended for being under Maintainability. Or was it Stability?
  • Where should one put Diagnostic Tracing?
  • Most security requirements combine Integrity and Confidentiality. It's hard to know which one to put a requirement in.
  • Where does Compliance go? Or was it intended to go under System Functional? (But Web Standards is Interoperability…)
  • Where does Documentation go? SAD? Operations Manual? Deployment Manual? etc.
  • Where does Validation go? It's the basis of Conformance/Normalization/Data-Quality…all of which I can't place in the above categories.
  • Where should requirements such as “Use UTC” and “Use Data Conventions” go? Is that Maintainability? Or other?