Stats
Actions
Tags
From qa-manual-testing
Pure-reference catalog of James Bach's CRUSSPIC STMPL heuristic - twelve quality criteria a tester can evaluate a system against. CRUSSPIC: Capability, Reliability, Usability, Security, Scalability, Performance, Installability, Compatibility. STMPL: Supportability, Testability, Maintainability, Portability, Localizability. Use as the quality-criteria checklist for evaluating a product holistically; complementary to ISO/IEC 25010 quality model.
How this skill is triggered — by the user, by Claude, or both
Slash command
/qa-manual-testing:crusspic-stmpl-heuristicThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
CRUSSPIC STMPL is James Bach's quality-criteria mnemonic - twelve
CRUSSPIC STMPL is James Bach's quality-criteria mnemonic - twelve categories of "what does it mean for this system to be good?" Published in James Bach's testing-curriculum materials (satisfice.com) and widely taught.
It overlaps with ISO/IEC 25010:2023 (the formal software- quality model) but offers a more practitioner-friendly mnemonic form that fits in an exploratory tester's working memory.
This skill is a pure reference consumed by
exploratory-charter-author
when shaping a session's evaluation lens, and by the
product-risk-register-builder
when categorising risks (see its "Quality characteristic" step).
product-risk-register-builder).qa-vendor-evaluator).Does the system do what's claimed?
Functional correctness - the product performs its stated functions. Maps to ISO/IEC 25010 "Functional suitability."
Test heuristics: HICCUPPS-F's Claims oracle + Coverage from FCC CUTS VIDS.
Does the system work consistently over time?
Maps to ISO 25010 "Reliability."
Can the user figure out how to use it?
Per Nielsen's usability heuristics.
Is the system safe from misuse?
Maps to ISO 25010 "Security." Composes with
qa-sast,
qa-dast,
qa-secrets,
qa-test-data-privacy.
Does the system grow with load?
Composes with qa-load-testing.
Is the system fast enough?
Distinct from Scalability - performance is "fast for the user";
scalability is "still fast when load grows." Composes with
qa-load-testing.
Can the user install + configure the system?
Maps to ISO 25010 "Portability - Installability."
Does the system work alongside other things?
Maps to ISO 25010 "Compatibility." Composes with
qa-compatibility.
Can the support team diagnose + fix issues?
A system with terrible logs is hard to support even when it's otherwise high-quality.
Can the testers verify the system?
A system that's hard to test usually has worse quality everywhere else.
Can the team change the system?
Maps to ISO 25010 "Maintainability."
Can the system move between environments?
Maps to ISO 25010 "Portability."
Can the system be adapted to other languages + cultures?
Composes with qa-localization.
ISO 25010 has 8 top-level characteristics:
| ISO 25010 | CRUSSPIC STMPL |
|---|---|
| Functional suitability | C (Capability) |
| Reliability | R (Reliability) |
| Usability | U (Usability) |
| Security | S1 (Security) |
| Performance efficiency | P1 (Performance), S2 (Scalability) |
| Compatibility | C2 (Compatibility) |
| Maintainability | M (Maintainability), T (Testability), S3 (Supportability) |
| Portability | I (Installability), P2 (Portability), L (Localizability) |
CRUSSPIC STMPL is more granular; ISO 25010 is more formal. The two are complementary, not substitutable. Per ISO/IEC 25010:2023 (cite by stable ID).
Pre-release review:
## Release v3.0 quality-criteria walkthrough
- **C — Capability:** Functional acceptance tests 98% pass. ✓
- **R — Reliability:** Last 30 days uptime 99.94% (SLA: 99.9%). ✓
- **U — Usability:** User research session N=8; 7/8 completed
signup without help (target: 6/8). ✓
- **S — Security:** Last pen-test 2026-03; all critical findings
fixed; SAST + DAST clean. ✓
- **S — Scalability:** k6 load test at 10x expected peak passed
with p99 < 800ms. ✓
- **P — Performance:** p95 latency 220ms (target 300ms). ✓
- **I — Installability:** New install flow 5 steps; user testing
4/5 completed. ✓
- **C — Compatibility:** Browser matrix Chrome / Firefox / Safari
all current + N-1 tested. ✓
- **S — Supportability:** All log lines structured; trace IDs
end-to-end. ✓
- **T — Testability:** E2E suite runs in 18 min; deterministic
mode available. ✓
- **M — Maintainability:** Sonar tech-debt rating A. ✓
- **P — Portability:** Cloud-portable (Terraform); no AWS-specific
primitives. ✓
- **L — Localizability:** All UI strings extracted to ICU
messages; 7 locales supported. ✓
Verdict: cleared for release.
| Anti-pattern | Why it fails | Fix |
|---|---|---|
| Treating CRUSSPIC STMPL as flat | Some criteria matter much more for some products (Security for fintech, Localizability for global B2C) | Weight per product context |
| Confusing Performance with Scalability | "Fast" doesn't mean "stays fast under load" | Test both independently |
| Treating Maintainability + Testability as "developer concerns" | They're quality criteria the tester evaluates | Include in release walkthrough |
| Skipping Supportability | Released system unmaintainable in production | Always walk S |
| One person evaluates all 12 | Inter-criterion expertise differs | Distribute walkthrough across team |
| Walkthrough at release time only | Quality criteria degrade silently between releases | Continuous monitoring per criterion |
hiccupps-f-heuristic,
sfdpot-heuristic,
fcc-cuts-vids-heuristic,
sbtm-reference.exploratory-charter-author,
product-risk-register-builder.npx claudepluginhub testland/qa --plugin qa-manual-testingProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.