Comprehensive Quality Risk Assessment
Comprehensive Quality Risk Assessment
CSE3SMT Assignment 1
Dr Tafline Ramos
System Description:
PaperBag is a company that focuses on selecting a wide variety of products from different Asian
nations. Their new E-Commerce Platform will function as an all-inclusive internet store providing a
variety of products in various categories, such as beauty products, snacks, home appliances, and
more. The goal of the platform is to offer a smooth shopping experience like that of an Asian
grocery store, meeting the needs of customers searching for genuine and unique products.
System Feature:
Impact (Consequence)
Customer Account
Product Catalogue Management Very Low Low High Very High
Shopping Cart and Checkout
Payment Processing Insignificant Minor Major Catastrophic
Order Tracking
Out-of-Stock Notification Very High Almost Certain Medium High High Critical
Product Enquiry
Likelihood
Quality Sub-
Risk Impact Risk Level Risk Mitigations
Characteristic Characteristic
Functional Functional The platform's order Customers may feel Medium Meet with stakeholders to ensure all
Suitability Completeness tracking feature does not frustrated if they cannot product features are captured.
include real-time shipment track their shipments Testing to ensure all necessary features
updates, which many accurately, leading to are functioning correctly.
customers expect to have. dissatisfaction and a higher
volume of customer support
inquiries
Functional Product search returns Customers may struggle to High Create and evaluate search algorithms in
Correctness inaccurate results find products, leading to collaboration with relevant parties.
frustration and decreased Test the search functionality by using
sales different input data.
Functional The checkout process Increased cart abandonment Medium Designing user experiences and
Appropriateness requires users to create an rates and reduced user conducting studies on usability.
account before purchasing, satisfaction Implement a guest checkout option to
even though many users reduce unnecessary steps and improve
may prefer a guest the user experience.
checkout option.
Performance Time Behaviour The system experiences Users may experience High Conducting performance testing, including
Efficiency slow response times during delays, potentially causing load and stress tests, in order to evaluate
peak shopping periods. frustration and loss of sales page load speeds.
Implement scalable cloud infrastructure to
handle traffic spikes by adding resources
dynamically.
Resource Excessive CPU usage Reduced system Medium Improve algorithms and optimize
Utilisation leading to server performance and increased database queries.
slowdowns operational costs
Monitoring and profiling resource usage
while conducting tests.
Capacity The e-commerce platform The platform exceeds its High Planning for scalability and designing
cannot handle the capacity, users may infrastructure.
expected surge in experience slow response Analyse historical data from previous sales
concurrent users during a times or outages, preventing events to estimate expected user loads
promotional event when them from accessing the site and prepare the infrastructure
new stock is launched. or completing purchases. accordingly.
Compatibility Co-existence The platform conflicts with Potential application crashes Medium Test the platform in a staging
other applications running or performance issues environment that mimics the production
on the same server setup.
Interoperability The platform fails to Users cannot complete High Implement standard APIs and conduct
integrate with third-party purchases, leading to loss of integration design reviews and integration
payment systems sales testing with third-party systems.
Interaction Appropriateness Users do not recognize Decreased user satisfaction Medium Design user interfaces based on user
Capability recognisability how to request new items and potential for users not research and feedback.
(Usability) on the platform due to fully utilizing the platform Ensure that the "Request New Item"
unclear navigation. feature is prominently displayed within
the user interface.
Learnability New users find it difficult Increased training costs and Medium Provide user guides and interactive
to learn how to navigate reduced user adoption tutorials.
the platform Conduct user testing with new users.
Operability The platform is not Users may have a poor Medium Design responsive interfaces and test
intuitive to operate on experience and abandon the across devices.
different devices. platform
User error The platform does not Increased user errors, Medium Implement input validation and error-
protection prevent invalid inputs or potential data corruption, handling mechanisms in the design.
actions by users and poor user experience Conduct user testing with invalid input
scenarios to identify error handling issues.
User The platform's interface is Reduced user activity and Medium Design with engaging visuals, interactive
engagement not engaging or lower customer retention elements, and gamification techniques
motivating, leading to low rates based on user research.
user interaction
Inclusivity The platform does not Exclusion of potential users High Adhere to accessibility guidelines by
support diverse user and legal or ethical issues implementing features such as screen
backgrounds, including related to accessibility reader compatibility and customizable
accessibility for users with text sizes.
disabilities
User assistance The platform lacks Increased user frustration Medium Investigate user assistance features by
adequate help and support and reduced ability to use testing them with actual users to
features for users the platform effectively guarantee they fulfil requirements and
can be readily accessed.
Self- The platform’s features Users may struggle to Medium Design with clear labels, tooltips, and
descriptiveness and functions are not understand how to use the context-sensitive help to make features
immediately obvious or platform, leading to a poor self-explanatory.
intuitive to users. user experience. Perform usability testing to ensure users
can understand and navigate features.
Reliability Faultlessness The platform has frequent User frustration and High Conduct thorough code reviews and unit
bugs or crashes potential data loss testing.
Perform defect tracking and analysis
during testing.
Availability The platform experiences Users cannot access the High Implement redundancy and failover
downtime or unavailability platform, leading to loss of mechanisms.
sales and reputation damage Monitor uptime and perform regular
system health checks
Fault tolerance The system is unable to System outages or crashes, High Design the system with redundancy to
continue operating leading to loss of service and handle faults.
correctly in the presence of user dissatisfaction Conduct fault tolerance testing to ensure
faults or errors the system can handle errors without
significant impact
Recoverability The system fails to recover Extended downtime, loss of Medium Implement automatic backup and
quickly and effectively data, and disruption to user recovery processes and ensure the system
from failures or crashes activities can restore to a stable state after failure.
Security Confidentiality Unauthorized access to Data breaches and loss of High Deploy robust authentication and
user data customer trust encryption protocols.
Carry out security assessments and
penetration tests.
Integrity Data corruption or Loss of data accuracy and High Carry out validation of data and ensure its
unauthorized reliability integrity.
modifications Conduct testing and audits to ensure data
integrity.
Non-repudiation Users can deny their Difficulty in identifying the High Consistently check logs and audit trails to
actions within the system, malicious actions or errors verify that all activities are accurately
leading to disputes or documented and can be linked back to the
issues with accountability accountable user.
Accountability The system does not track Difficulty in enforcing Medium Design user roles and permissions
and attribute user actions policies, and inability to audit carefully, ensuring that all actions are
and system changes system activity logged and traceable.
Authenticity The system cannot verify Unauthorized access to Critical Conduct security evaluations and
the identity of users sensitive data and cause penetration testing to uncover potential
data breaches vulnerabilities in authentication and data
integrity measures.
Resistance System is vulnerable to Security breaches, data loss, High Employ modern security measures like
malware and cyber attack and unauthorized access to encryption and anti-malware tools to
system resources safeguard the system from potential
threats.
Maintainability Modularity The lack of modularity in Increased cost and time to Medium Follow to coding guidelines and
the codebase presents implement updates or fixes methodologies.
difficulties in maintaining Perform code reviews and analyse
components. refactoring.
Reusability Components are not Increases development Low Create a shared component library to be
reusable across different inconsistency across the used across multiple features.
parts of the platform platform
Analysability Poor error logging and Slow response to issues, High Implement comprehensive logging
monitoring, making it longer downtimes, reduced practices and monitoring systems and set
difficult to identify the root customer satisfaction. up real-time alerts for errors to catch
causes of issues potential issues
Modifiability Parts of the system are Risk of breaking other parts Medium Gradually update the code to make each
difficult to modify because of the system when making part more independent. Keep
components are too updates documentation of how parts are
dependent on each other connected
Testability Difficulty in testing due to Increased difficulty in Medium Create a design that is easily testable by
lack of testability features identifying and fixing defects incorporating clear interfaces and logging.
in the system Conduct assessments of testability and
test functions.
Flexibility Adaptability System is not easily Loss of competitive edge, Medium Use a modular, service-oriented
adaptable to new features failure to meet market architecture to enable easy feature
demands additions and updates.
Scalability The platform cannot scale Performance degradation High Design for scalability and use scalable
to handle increased load and potential outages during cloud infrastructure.
peak times Perform load and stress testing.
Installability Difficulties during the Delays in deployment and Low Offer comprehensive installation
installation and setup user frustration instructions and automatic setup scripts.
process Perform test installations and collect
feedback.
Replaceability Difficulty in replacing or Increased downtime and Medium Design for modularity and ease of
upgrading the system with operational impact replacement.
minimal disruption Perform replacement and upgrade testing.
Safety Operational The platform operates Data breaches and loss of Critical Deploy robust authentication and
constraint outside safe operational customer trust encryption protocols.
limits Carry out security assessments and
penetration tests.
Risk Data corruption or Loss of data accuracy and High Carry out validation of data and ensure its
identification unauthorized reliability integrity.
modifications Conduct testing and audits to ensure data
integrity.
Fail safe Users can deny their Difficulty in identifying the High Consistently check logs and audit trails to
actions within the system, malicious actions or errors verify that all activities are accurately
leading to disputes or documented and can be linked back to the
issues with accountability accountable user.
Hazard warning The system does not track Difficulty in enforcing Medium Design user roles and permissions
and attribute user actions policies, and inability to audit carefully, ensuring that all actions are
and system changes system activity logged and traceable.
Safe integration The system cannot verify Unauthorized access to Critical Conduct security evaluations and
the identity of users sensitive data and cause penetration testing to uncover potential
data breaches vulnerabilities in authentication and data
integrity measures.
Project Risk Register:
Reputation Risk Frequent downtimes or Loss of customer loyalty, High Execute thorough testing and quality assurance
security vulnerabilities, negative reviews, and procedures.
leading to a damaged reduced sales. Create and implement a strategy for handling and
reputation. communicating during a crisis.
Resourcing Risk Testing staff may not Poor quality of testing Low Offer essential training and guarantee that personnel
have the required and potentially possess the necessary skills.
capabilities to deliver undetected defects. Administer skill evaluations and offer continuous
the recommended assistance.
testing.
Budget The testing budget may Incomplete testing Medium Create a thorough budget that includes extra funds for
be insufficient to cover leading to potential unforeseen expenses.
all necessary testing defects in the final Continuously assess and modify the budget in accordance
activities. product. with testing requirements.
Schedule The project schedule Reduced testing Medium Develop a comprehensive project timeline with
may not allow enough coverage, leading to designated time for extensive testing.
time for potential undiscovered Keep track of the progress and make changes to the
comprehensive testing. defects. schedule as necessary to meet testing requirements.
Environments The test environment Delays in testing and Medium Develop monitoring and maintenance strategies for the
may become potential disruptions in testing environment.
unavailable the project timeline. Ensure there is a backup system or plan for recovery in
unexpectedly. case of emergencies.
Defects Greater numbers of Increased development Medium Perform thorough testing and validation in order to
defects and lower and maintenance costs, discover and resolve any defects.
initial reliability due to potential user Execute iterative development and incorporate feedback
unproven software. dissatisfaction. loops.
Tools Testing tools are not Ineffective testing due to Medium Obtain required tools at the beginning of the project.
supported by the inadequate tools, leading Make sure that funds and resources are designated for
budget and resource to potential undetected obtaining and upkeeping tools.
capabilities. defects and project
delays.
Regulations & The system fails to Legal issues, fines, and High Recognize and incorporate all applicable rules into the
Compliance meet required project delays. project right at the beginning.
regulatory and Perform routine compliance audits and seek advice from
compliance standards professionals.
2f. Document your assumptions (minimum 5 assumptions).
Ans:
1. Stable Regulatory Environment:
Assumption: The regulatory and compliance requirements for e-commerce platforms remain stable throughout the project. Changes in
regulations are either minimal or managed in a timely manner.
Prompt:
1. I'm doing a risk register for an e-commerce platform name Paperbag that can buy variety products from Asian nations. Please
conduct a quality risk assessment based on the quality characteristics and sub-characteristics in the ISO/IEC 25010 product
quality model.
2. I need it with quality characteristics, sub-characteristics, risk, impact, risk level and risk mitigations (including preventative
and detective testing & QA activities that can mitigate each risk)
3. Now do 8 project risk types (Reputation, Resourcing, Budget, Schedule, Environments, Defects, Tools, Regulations &
Compliances.
4. Generate 3 risk types that you think could be add in to the ISO/IEC 25010 product quality model’s.
AI Risk Register:
Resource Inefficient use of server Excessive server resource Medium Preventative: Optimize code and
Utilisation resources leading to high consumption can increase architecture to ensure efficient use of
operating costs. costs and cause system hardware resources.
slowdowns during heavy Detective: Use monitoring tools to
use. analyse resource usage and adjust
infrastructure as needed.
*Capacity The platform may not Inability to scale can lead High Preventative: Implement cloud-based
scale to handle a large to downtime, missed sales, infrastructure that scales automatically
number of users, and frustrated customers. with demand.
particularly during sales Detective: Perform scalability testing to
or promotional events. evaluate how the platform behaves
under increasing loads.
Compatibility *Co-existence The platform may conflict System failures or service High Preventative: Ensure proper system
with other software or interruptions may occur architecture planning and isolation of
services running on the due to compatibility issues. services.
same infrastructure (e.g., Detective: Conduct integration testing
payment gateways). with all third-party systems.
Interoperability The platform may not Lack of integration can lead Medium Preventative: Use standard APIs and
integrate well with to inefficient workflows or integration protocols.
external systems (e.g., manual processes. Detective: Test interoperability with all
third-party shipping external systems, including API testing.
providers).
Interaction * Users may not Poor usability may lead to Medium Preventative: Implement intuitive
Capability (Usability) Appropriateness understand the purpose low engagement or high design principles and user-cantered
recognisability of certain functions, such abandonment rates. design processes.
as filters or account Detective: Conduct usability testing
features. with target users to ensure clarity of
functionality.
Learnability Users may find it difficult Poor learnability can lead Medium Preventative: Provide clear guidance,
to learn how to use the to high bounce rates and tutorials, or tooltips for new users.
platform quickly. decreased customer Detective: Monitor user behaviour
retention. through heatmaps and session
recordings to identify usability issues.
*Operability The platform may be Poor mobile operability can High Preventative: Follow responsive design
difficult to navigate on result in lost sales from practices and optimize the UI for mobile
mobile devices. mobile users. users.
Detective: Conduct cross-device and
cross-browser testing to ensure
operability across platforms.
User error Users may accidentally This can lead to failed Medium Preventative: Implement validation
protection submit incorrect orders and increased rules for inputs (e.g., address or
information during customer support payment information).
checkout (e.g., wrong demands. Detective: Perform user error testing
shipping address). scenarios to identify common issues
*User The platform's interface Low customer satisfaction, High Preventative: Implement user-cantered
engagement might not be engaging or decreased sales, and design (UCD) principles, focusing on
intuitive enough, reduced repeat customers. intuitive navigation, aesthetic design,
resulting in poor user and user feedback loops.
retention and high Detective: Conduct usability testing,
bounce rates. gather user feedback through surveys,
and analyse user behaviour metrics like
session duration and bounce rates.
Inclusivity The platform may not Excluding users with Medium Preventative: Adhere to WCAG
comply with web disabilities can lead to loss accessibility guidelines during design
accessibility standards, of potential customers and and development.
making it difficult for legal issues. Detective: Conduct accessibility audits
users with disabilities to and use screen readers to test
navigate. compliance.
User Assistance Insufficient or unclear Increased customer Medium Preventative: Implement clear user
guidance for users during support requests, assistance mechanisms such as tooltips,
their interaction with the abandoned carts, and FAQs, help chatbots, and guides for
platform, especially frustrated users who may critical functions (checkout, payment).
during complex tasks like not complete transactions. Detective: Perform heuristic
payment processing or evaluations and A/B testing on the
account creation placement and effectiveness of user
assistance features.
*Self- Users may struggle to Poor user experience, Medium Preventative: Ensure all buttons, forms,
descriptiveness understand the purpose higher error rates, and and navigation elements are clearly
of certain actions or potential cart labelled and use familiar icons and
elements on the abandonment due to terminology.
platform, leading to confusion during checkout Detective: Conduct task analysis and
confusion and errors. or product selection. usability testing to identify areas where
users might be confused and make
improvements based on feedback.
Security *Confidentiality Unauthorized access to Data breaches can result in Critical Preventative: Implement encryption,
customer data (e.g., legal issues, loss of secure authentication (e.g., multi-factor
through weak password customer trust, and authentication).
protection) financial loss. Detective: Conduct regular security
audits and penetration tests to identify
vulnerabilities.
Integrity Data could be tampered Compromised data Critical Preventative: Implement checksum
with during transactions integrity can result in validation and transaction integrity
(e.g., order amounts financial loss and erode checks.
altered). customer confidence. Detective: Test for data integrity
through transactional testing and
validation processes.
*Non- Users may deny placing Lack of non-repudiation Medium Preventative: Implement digital
repudiation orders, leading to can result in legal and signatures and audit trails for all
disputes over financial issues. transactions.
transactions. Detective: Conduct tests to ensure
transaction logs are accurate and
tamper-proof.
Accountability Actions taken on user Lack of accountability could Medium Preventative: Implement detailed
accounts (e.g., order result in disputes or fraud. logging and tracking for all user actions.
cancellations or returns) Detective: Audit system logs to ensure
may not be properly all actions are properly recorded and
attributed. attributed.
Authenticity Users or systems could Impersonation could lead Critical Preventative: Use strong authentication
impersonate other users, to fraudulent transactions protocols (e.g., OAuth, SSL certificates).
leading to unauthorized or data breaches. Detective: Monitor for suspicious login
actions. activity and enforce secure session
management.
Resistance The system may be High. Breaches in security High Preventative: Implement strong
vulnerable to can lead to loss of encryption protocols and firewalls to
unauthorized access, data customer trust, legal resist unauthorized access. Regular
breaches, or denial-of- penalties, and significant security audits and vulnerability
service (DoS) attacks, financial costs. assessments should be conducted.
compromising user data Detective: Continuously monitor for
or causing system security breaches using intrusion
downtime. detection systems (IDS) and conduct
penetration testing to identify
vulnerabilities.
Maintainability Modularity Poorly designed modules Increased development Medium Preventative: Use proper design
could lead to tightly time, higher maintenance patterns (e.g., modular and decoupled
coupled code, making it costs, and greater risk of architecture) to ensure separation of
difficult to maintain or introducing bugs during concerns.
update specific sections updates. Detective: Perform code reviews and
without affecting others. static code analysis to ensure modules
are properly designed.
*Reusability Code may not be Increased technical debt Medium Preventative: Implement reusable
reusable across different and complexity in components and libraries.
parts of the system, maintaining multiple Detective: Conduct code reviews to
leading to code versions of similar check for duplication and assess code
duplication and functionalities. reusability.
maintenance challenges.
Analysability Difficulty in analysing and Increased time to resolve Medium Preventative: Implement robust logging
identifying the root cause bugs, leading to downtime and documentation practices.
of issues or defects within and potentially lost Detective: Use automated logging
the system due to lack of revenue. analysis tools and perform regular
proper logging or audits of system logs.
documentation.
Modifiability Code may be difficult to High cost of implementing Medium Preventative: Follow SOLID principles in
modify or extend, changes or fixing bugs, code design and development.
especially if not designed leading to slower Detective: Use code analysis tools to
with future updates in development cycles. assess the modifiability of the system
mind. during development.
Testability The system may be Lower test coverage, High Preventative: Implement unit tests and
difficult to test, especially increased likelihood of ensure high test coverage for all
if components are not defects going undetected, modules.
decoupled or unit tests and higher maintenance Detective: Conduct regular test audits
are not implemented. costs. and automate testing processes where
possible.
Flexibility Adaptability The platform may not be Increased costs and time Medium Preventative: Use a flexible
easily adaptable to new required to implement architecture (e.g., microservices) to
business requirements or changes, slowing down the allow for easy changes and updates.
business's ability to Detective: Regularly review system
changes in market trends.
respond to opportunities. architecture to ensure it can
accommodate new requirements.
*Scalability The system may not be Potential system downtime High Preventative: Design for scalability by
able to scale efficiently to during peak traffic, leading using cloud infrastructure with auto-
handle increased traffic, to lost sales and poor user scaling capabilities.
orders, or product experience. Detective: Perform scalability testing
offerings. under simulated peak loads.
Risk Inadequate identification Unidentified risks can High Preventative: Conduct regular risk
identification of potential risks, such as result in serious issues like assessments and threat modelling
vulnerabilities in payment data breaches or financial during system development.
processing or data loss. Detective: Perform security audits and
storage. penetration testing to uncover hidden
risks.
Fail safe The system may not fail Data corruption or loss of Critical Preventative: Implement fail-safe
safely in the event of a financial transactions could mechanisms (e.g., rollback transactions
critical error (e.g., lead to legal issues and in case of failures).
incorrect transactions customer dissatisfaction. Detective: Simulate failure scenarios in
during server crashes). a controlled environment to verify fail-
safe mechanisms.
Hazard warning The system may not Failure to address hazards Medium Preventative: Implement real-time
provide timely hazard early can lead to system monitoring and alert systems to warn
warnings for operational outages or financial operators of potential issues.
risks such as nearing discrepancies. Detective: Test the alert system
system capacity or periodically to ensure it works
payment failures. effectively in real-time.
Safe integration Integration with external Poor integration security High Preventative: Use secure APIs and
systems (e.g., payment could result in data implement strict
gateways, third-party breaches or system authentication/authorization for
APIs) may not be secure, compromises. external system access.
leading to potential Detective: Conduct integration security
vulnerabilities. testing and regularly review third-party
system updates for vulnerabilities.
Quality Risk
Risk Impact Risk Mitigations
Characteristic Level
Reputation Risk System failure could lead Severe impact on the Medium Preventative:
to negative publicity, loss company's reputation, Implement robust security measures (e.g., encryption,
of revenue, and loss of potential loss of market firewalls).
customers. share, and decreased Detective:
customer trust. Utilize real-time monitoring tools for system health.
Conduct post-incident reviews to identify root causes of
issues.
Resourcing Risk Insufficient staff to manage Missed deadlines and Medium Preventative:
testing activities, causing untested components. Ensure adequate staffing and training for test management
delays. roles. Cross train team members to cover for absences.
Detective:
Regularly review resource allocation and adjust as
necessary. Use project management tools to track
workload and progress.
Budget Budget limitations that Critical defects may go High Preventative:
restrict comprehensive undetected, leading to costly Allocate sufficient budget based on thorough risk
testing. fixes later. assessments. Prioritize testing activities in budget
planning.
Detective:
Regularly review budget utilization and adjust allocations
based on testing needs.
Schedule Inadequate time for Defective features may be Medium Preventative:
thorough testing, leading released, affecting customer Include buffer times for testing in the project schedule.
to insufficient test experience. Plan for iterative testing throughout the development
coverage. cycle.
Detective:
Track progress against timelines and adjust plans as
needed.
Environments Incomplete or inaccurate Defects may emerge in High Preventative:
test environments that production that were not Establish early setup of test environments that reflect
don’t mirror production. caught in testing. production settings. Use virtualization to create
production-like test environments.
Detective:
Regularly validate test environments to ensure they
remain accurate. Conduct environment readiness reviews
before testing phases.
Defects High number of defects in Delays due to extended bug High Preventative:
new customizations for the fixing and retesting phases. Implement continuous integration and continuous
platform. deployment (CI/CD) practices. Conduct code reviews and
static analysis during development.
Detective:
Utilize automated testing to catch defects early. Perform
regular defect analysis to identify common issues.
Tools Limited access to Slower releases and more Medium Preventative:
automated testing tools or potential for human error Invest in reliable testing tools and ensure they are user-
inadequate expertise with during manual testing. friendly. Provide comprehensive training on tool usage for
the tools. the team.
Detective:
Monitor tool performance and usage metrics to ensure
effectiveness. Conduct regular reviews to identify areas for
tool optimization.
Regulations & Non-compliance with data Fines, legal actions, and High Preventative:
Compliance privacy regulations like damage to customer trust. Implement strict data handling and security policies.
GDPR, leading to legal Conduct regular training on compliance for the
penalties. development team.
Detective:
Perform audits and assessments to ensure ongoing
compliance. Use compliance tracking tools to monitor
adherence to regulations.
5b. Were any ISO/IEC 25010:2023 product quality sub-characteristics missed by the AI tool?
Ans:
The AI tool did not provide outputs for the following sub-characteristics:
• Usability: User Error, User Engagement, Inclusivity, User Assistance, Self-descriptiveness
• Reliability: Recoverability
• Security: Accountability, Authenticity, Resistance
• Maintainability: Modifiability, Testability
• Flexibility: Replaceability
• Safety: Hazard Warning, Safe Integration
I believe the AI missed these sub-characteristics because my prompts were not specific enough, leading it to generate only
basic information for the initial sub-characteristics. Every sub-characteristic is important for the overall quality of the system. Even if
some risks are considered low, they still exist. However, if I had to point out which one would most impact the system’s quality, I
believe “Security” would be the most critical. In today’s world, where cybercrime is rampant, any aspect of security could have a
significant effect on the system.
5c. Did the AI tool introduce any new risk types that were not included in the ISO/IEC 25010:2023 product
quality model?
Ans:
I was surprised that the AI seemed to already be aware of the risk types in ISO/IEC 25010, and as a result, it did not introduce any
new risk types. However, I did try asking ChatGPT if it could suggest new risk types, and it provided the following:
• Ethical and Legal Risks
o Definition: Risks related to ethical concerns or legal implications of the system’s behaviour. This could include issues
like data privacy violations, biased algorithms, or failure to meet regulatory requirements.
o Examples: Non-compliance with GDPR (General Data Protection Regulation), bias in AI recommendations, or use of
customer data in unethical ways.
• Sustainability Risks
o Definition: Risks associated with the system’s environmental and economic sustainability. These risks could relate to
high resource consumption, lack of adaptability to more sustainable processes, or excessive waste (e.g., energy or
hardware).
o Examples: The system requires too much energy, increasing operational costs and environmental impact, or it
cannot be adapted to greener technologies.
Upon reviewing the suggestions, I found that Ethical and Legal Risks were already mostly covered by the existing quality model,
so I don’t believe they would add much value. However, the Sustainability Risk offers a fresh perspective on project risk,
particularly focusing on environmental sustainability. Therefore, I think sustainability is a valuable point to consider adding,
especially in the context of eco-friendliness and responsible resource management.
5d. Which approach to risk identification do you think could result in a higher-quality system – task 1,
task 2, or a combination?
Ans:
I would recommend a combination approach because my own experience may be limited, and the risks I can think of under the
quality model may not cover all possibilities. By using a combination, the AI tool can analyse the same characteristic from different
angles and reveal risks I might not have considered.
Therefore, combining both approaches is the best option, as the AI can help fill in the gaps in my experience and identify more
potential risks. This will contribute to developing a higher-quality system and prevent risks from occurring.