ISO IEC 25059-2023.docx

ContentsForewordivIntroductionv2Scope1NormaUVoreferences1Termsanddefinitions3.1Genera1.1Abbreviatedterms3Productqua1.itymode1.5.1 Genera1.35.2 Ijsercontro1.1.abi1.ity4Functiona1.adaph*gdtness4Robustness4TranSParCnCy5Qua1.it),inusemode1.661Gners1.65.3 Societa1.andethica1.riskmitigation65.4 Transparency7Annex A (informative)SQuaRE8Annex B (informative)Howarisk-basedapproachre1.atestoaqua1.ity-basedapproachandqua1.itymode1.s10AnneX,13Bib1.iography14©ISO/IEC2023-A1.1.rightsreservedHigh-qua1.itysoftwareproductsandcomputersystemsarecrucia1.tostakeho1.ders.Qua1.itymode1.s,qua1.ityStandardsonAnnexAforqua1.ityeva1.uationV1.systemsrequireadditiona1.propertiesandcharacteristicsofsystemstobeconsidered,andA1.systemscan:rep1.acehumandecision-making：beprobabi1.istic;AccordingtoISO/IECTR24028.2trustworthinesshasbeenunderstoodandtreatedasbothanongoingorganizationa1.processaswe1.1.asanon-fnctiona1.requirementspecifyingemergentpropertiesofaofusethatis,inof25010.ISO/IECTR24028discussestheapp1.icabi1.itytoA1.systemsofthathavebeendeve1.opedforconventiona1.natureA1.systems.Whi1.eTR24028,thenotbodyofwork,theTR24028identifiestheneedfordeve1.opingnewInternationa)StandardsforA1.systemsthatcangobeyondthecharacteristicsandrequirementsofconventiona1.softwaredeve1.opmentof1.TRItstatesthatatestingOfanMondifferentversionsofandsoftwareandhardwareverificationandva1.idationtechniquesareneeded.Itidentifiessevera1.conceptua1.differencesbetweenmanyA1.systemsandconventiona1.systemsandconc1.udesthat,theabi1.ityoftheA1.systemachievethetesting".andofA1.resu1.tmaynotinbeTRbyconventiona1.Thisdocumentout1.inesanapp1.ication-specific1.systemextensiontotheSQuaREqua1.itymode1.AIsystemsperformtasks.OneormoretaskscanbedefinedforanA1.system.Qua1.ityrequirementscanbespecifiedfortheeva1.uationoftaskfu1.fi1.ment.Theininis6.Thefrom-ofthesetermsproductandastootherC1.ause5de1.iverab1.es(e.g.theISO/IEC24029series(4115)arehigh1.ighted.thisdocumentISO/IECcontainsaisfordataqua1.ityA1.Issystemsbytheto5259series.SUMUmwdbyMcdi1.1.iiitors,acqpiusxt>rdeve1.opers.ThesupportfordocumentingameasureasanISO/IEC25050toISO/IEC25099-SQuaREExtensionDivision.TheseInternationa1.Standards蹄解密叫H帆聊Ws1.rts阳罪&of就觥腓腓TheSheIfSoftWareandCommonIermSobjectives.(societa1.,system,etc.)canbeexpressedbothintermsofcharacteristicsandinB.3ComparisonofapproachesqUa1.ifyingsub-Characteristicsmeasures.(i9notspecificenoughanddonotdirect1.ycorrespondtoaccepteddifferentmeaningsacrossexistsdifferentmeasureapp1.icationufaimess".Moreovenwithava1.1.abi1.itypurpose.maturity1.earningsystems.Sometimesnecessari1.yhavecorrespondingconsequences,risk-basedidentifiedapproach,quantifiedqua1.ified.effects,imp1.ementationtoofacceptab1.emeasuresspecifiedtheassessmentrequirements),riskcontinuesunti1.theFnanagementThisprocessbecomeriskObjectivesnieasuresmanagementprocessat1.ayerse1.ectedby1.natum1.Assumingthat"fairness"riskssourceswereidentified:SyS1.Cmrequirements,asaresu1.tofriskassessment,biasedtrainingdata.-afunctiona1.specificationreviewbyexpertsintheapp1.icationfie1.d;Thenext1.ayerofobjectivesis:keepingthedatabiasatanacceptab1.e1.eve1.asspecifiedusingse1.ectedstatistica1.measuresofdatafunctionbehaviouror"measures.ofanewmeasureundervariousconditionsandrisk1.eve1.sasaHieasureshiring,DemOgraPh1.CSySIem'sfairness.Nevcrthe1.ess1Opportunityiienosufficientexperiencesuitab1.emeasuresandassessingtheirresu1.ts.11eachOfre1.evantpropertyThemaincha1.1.engeofspecifyingoreva1.uatingsystemsusingaqua1.ity-basedapproacha1.oneisthatqua1.ityOrquantifyingoften1.<onkingat"fairness"asanA1.systemqua1.itymode1.sub-characteristic,being"fair"cancarrydrastica1.1.ysing1.efairnessmeasuretosystemandsystemsthedifferentandi6jNooffairnessmeasuresdependsonthesystemtypeandthetechno1.ogyused.Forexamp1.e,fairnessmeasuresforc1.assificationsystemsarebetterunderstoodthanfairnessmeasuresforreinforcementTherisk-basedapproacha1.1.owsthespecificationandassessmentofobjectives,inc1.udingthoseforwhichnodirectmeasuresarcavai1.ab1.e,byshiftingthetasktoasetofnewobjectives.Theseobjectivesdonotreferredtoasrepercussionsonneasures.Inaandpotentia1.OrnegativeASpartofrisktreatment,risksources1.eadingtonegativerepercussionsareexamined,andrisktreatmentmeasurestoreduce(ore1.iminate)therisksourcesarese1.ected.Aniterativeprocessofse1.ectionandriskisreducedanrisktreatment1.eve1.(asandinthesystemoftheresidua1.Incomparisontothetwodefinedqua1.itymode1.s,riskmanagementisamu1.ti-1.ayeredtop-downapproach.meansthatthetreatmentofrisk(or-contro1.s")atone1.ayerbe1.ow.riskthesenewobjectivescorrespondtoasetofdifferentsubcharacteristics,forwhichsoftwarequa1.itymeasuresortheirva1.uescanbeavai1.ab1.eornotthefo1.1.owingpotentia1.wasstatedasoneoftheA1. 1.ackofexperienceintheapp1.icationfie1.d;These1.ectedmitigationrisktreatmentmeasures(or"contro1.s")inc1.uded: -reducingse1.ectionbiasinthetra