Information Technology Standards Summary - October 2025

Looking back at October 2025, the Information Technology sector saw the publication of five notable standards that collectively advanced the industry’s approach to privacy, security, accuracy of digital models, and digital media innovation. Spanning domains from financial services security to high-efficiency media coding and privacy management systems, these internationally recognized standards reflect dynamic priorities in the IT landscape. For professionals involved in compliance, procurement, engineering, and quality management, this overview distills key takeaways and patterns from October's publications—helping ensure no critical update remains overlooked.

Monthly Overview: October 2025

October 2025 was a prolific month for Information Technology and Office Equipment standards, marked by publications that both deepen established frameworks—like PIN security and privacy information management—and introduce forward-looking tools and methodologies such as new 3D audio reference software and accuracy evaluation for 3D scanning workflows. Notably, the month’s releases included:

• Two significant privacy and compliance standards (EN ISO/IEC 27701:2025 and EN ISO/IEC 27706:2025), reflecting the rising complexity and importance of data protection and audit mechanisms.
• A revision to a foundational financial security standard (ISO 9564-5:2025), refining cryptographic methods for managing PINs in the context of modern digital finance.
• Advancements in digital media and modeling technologies (ISO/IEC 23008-6:2025 and ISO/IEC 8803:2025), supporting innovation in immersive audio and digital manufacturing.

Comparing these releases to recent years, there’s a clear intensification of focus on privacy regulation alignment, accuracy in 3D workflows, and cryptographic robustness in digital transactions. This trend signals a maturing landscape where IT systems must be not only secure and efficient but also reliably auditable and compliant on a global scale.

Standards Published This Month

ISO 9564-5:2025 - Financial Services – PIN Management and Security: Methods for Generation, Change, and Verification

Financial services - Personal identification number (PIN) management and security - Part 5: Methods for the generation, change, and verification of PINs

ISO 9564-5:2025 addresses the growing need for robust cryptographic handling of Personal Identification Numbers (PINs) in financial services. Building on foundational principles laid out in ISO 9564-1, this standard goes further to specify detailed methods for the generation, reference change, and transaction verification of PINs. Covered methods include encryption via approved algorithms, use of CMAC (Cipher-based Message Authentication Code) with block ciphers, and HMAC (Hash-based Message Authentication Code) with hash algorithms—all adhering to industry best practices for cryptographic strength.

Its scope encompasses technical requirements for key management, PIN generation keys (PGK), PIN verification values (PVV), and supporting mechanisms for reference and offset PIN management in various card-based and digital transaction systems. The standard is essential for banks, payment processors, fintechs, and any institutions deploying card-based authentication or remote PIN verification. It interfaces with standards for key management (ISO 11568) and message authentication (ISO/IEC 9797), promoting system interoperability and regulatory compliance in financial IT environments.

Key highlights:

• Specifies cryptographic methods for secure PIN generation, change, and transaction verification
• Integrates CMAC/HMAC and AES-based methods for modern cryptographic strength
• Clarifies handling of customer-selected vs institution-assigned PINs, with clear terminology for PAN, PVV, and offsets

Access the full standard:View ISO 9564-5:2025 on iTeh Standards

ISO/IEC 23008-6:2025 - High Efficiency Coding and Media Delivery: 3D Audio Reference Software

Information technology - High efficiency coding and media delivery in heterogeneous environments - Part 6: 3D audio reference software

ISO/IEC 23008-6:2025 is the fourth edition in the MPEG-H 3D audio reference software family. This release includes simulation software linked to the MPEG-H 3D audio standard (as defined in ISO/IEC 23008-3), which underlies many next-generation immersive media applications. Software modules provided in the standard offer developers, integrators, and manufacturers validated tools for bitstream decoding and 3D audio processing, supporting end-to-end verification and prototyping in heterogeneous environments.

By specifying both decoding and (in annexes) encoding utilities, the standard supports designers in achieving consistent implementation worldwide. It is vital for companies active in streaming, broadcasting, audio equipment design, and media content production, and harmonizes with evolving user demands for spatial audio—whether in gaming, VR/AR, or advanced consumer entertainment.

Key highlights:

• Provides validated simulation/reference software for MPEG-H 3D audio
• Ensures interoperability and correctness for audio coding implementations
• Supports adoption in diverse use cases including streaming, VR/AR, and broadcasting

Access the full standard:View ISO/IEC 23008-6:2025 on iTeh Standards

ISO/IEC 8803:2025 - 3D Printing and Scanning: Accuracy and Precision Evaluation Process

Information technology - 3D Printing and scanning - Accuracy and precision evaluation process for modelling from 3D scanned data

With the expanding role of 3D scanning and printing in manufacturing, engineering, and healthcare, ISO/IEC 8803:2025 fills a crucial gap by standardizing how organizations assess the accuracy and precision of digital models created from 3D scanned data. The standard sets out a stepwise evaluation process, quality assessment methods, and reporting requirements—explicitly focusing on the modeling stage (and not on the final printed product itself).

Applicable to stakeholders including 3D scanning solution providers, producers, customers, and policymakers, this standard is highly relevant for quality managers and service providers needing to evaluate or certify digital twin or additive manufacturing workflows. It interacts with the SQuaRE standards for software quality evaluation, providing complementary approaches for digital modeling.

Key highlights:

• Outlines a standardized process for evaluating the accuracy/precision of 3D scanned data models
• Covers evaluation planning, measurement, reporting, and quality criteria
• Facilitates trust and comparability across 3D scanning, modeling, and digital manufacturing supply chains

Access the full standard:View ISO/IEC 8803:2025 on iTeh Standards

EN ISO/IEC 27701:2025 - Privacy Information Management Systems (PIMS): Requirements and Guidance

Information security, cybersecurity and privacy protection - Privacy information management systems - Requirements and guidance (ISO/IEC 27701:2025)

EN ISO/IEC 27701:2025 is a cornerstone for privacy compliance in today’s data-driven organizations. As a European-adopted International Standard, it specifies the framework for establishing, operating, and continually improving a privacy information management system (PIMS), extending the ISO/IEC 27001/27002 standards to address privacy-specific risks and controls.

Its detailed guidance helps both data controllers and processors (from private companies to government entities) to operationalize GDPR-level privacy requirements, with annexes mapping controls to major privacy frameworks (including ISO/IEC 29100, GDPR, ISO/IEC 27018, ISO/IEC 29151). The standard is essential reading for any organization handling personally identifiable information (PII), offering documented pathways for risk assessment, privacy by design, and compliance auditing.

Key highlights:

• Defines requirements and implementation guidance for PIMS operations
• Supports GDPR alignment and facilitates cross-jurisdictional privacy compliance
• Applies to organizations of all sizes, providing structure for privacy risk management and accountability

Access the full standard:View EN ISO/IEC 27701:2025 on iTeh Standards

EN ISO/IEC 27706:2025 - Auditor and Certification Body Requirements for PIMS

Information security, cybersecurity and privacy protection - Requirements for bodies providing audit and certification of privacy information management systems (ISO/IEC 27706:2025)

Complementing EN ISO/IEC 27701:2025, this standard sets out rigorous requirements for certification bodies that audit and certify privacy information management systems (PIMS). It extends ISO/IEC 17021-1 principles with privacy-specific competence criteria, impartiality controls, and documentation protocols. The guidance ensures that third-party certifications for PIMS are meaningful, credible, and reliable, reinforcing trust in formal privacy compliance declarations.

EN ISO/IEC 27706:2025 is instrumental for accreditation bodies, certification schemes, and any organization seeking or offering PIMS certification. Its adoption underpins the integrity of personal data handling certifications across sectors and markets.

Key highlights:

• Specifies credentialing criteria and audit process requirements for PIMS certifying bodies
• Establishes mandatory elements for audit team competence, evaluation procedures, and reporting
• Enables robust, consistent recognition of PIMS certifications world-wide

Access the full standard:View EN ISO/IEC 27706:2025 on iTeh Standards

Common Themes and Industry Trends

October’s Information Technology standards showcase sustained innovation and a maturing compliance landscape:

• Strengthened privacy frameworks: With dual releases focusing on privacy management systems and the certification of same, the sector continues to gear up for an environment of heightened regulatory and consumer trust demands. GDPR compatibility and alignment with international privacy frameworks remain central.
• Digital trust and auditability: The formalization of criteria for PIMS certification bodies (EN ISO/IEC 27706:2025) reflects a drive for verifiable, independently-audited privacy compliance—echoing trends in other areas like cybersecurity and financial audits.
• Precision and reliability in digital manufacturing: The standard for 3D scanned data quality assurance (ISO/IEC 8803:2025) supports the growth of digital twins, additive manufacturing, and industrial automation, ensuring organizations can deliver on the promise of precision-driven design.
• Immersive and intelligent media technologies: The reference software for 3D audio (ISO/IEC 23008-6:2025) aligns with continued investment in immersive entertainment and XR (extended reality), bolstering interoperability and reliable deployment across platforms.
• Financial sector security: The updated cryptographic requirements for PIN management signal ongoing vigilance against evolving fraud practices and cyber threats, especially relevant in the context of digital and mobile banking.

These themes indicate that the IT sector is prioritizing trustworthiness—for data, systems, and the organizations that manage them.

Compliance and Implementation Considerations

For organizations covered by these standards, several practical steps are recommended:

• PIN Security (ISO 9564-5:2025):

  • Review internal cryptographic processes and ensure alignment with the new PIN generation, change, and verification requirements.
  • Verify key management and rotation procedures, especially if using the offset or PVV methods.
  • Train operational and compliance teams on updated terminology and reporting expectations.

• Privacy Management Systems (EN ISO/IEC 27701:2025, EN ISO/IEC 27706:2025):

  • Assess current privacy frameworks against the new PIMS requirements—prioritize risk assessment, documentation, and continual improvement.
  • If seeking certification, engage accredited bodies that now must comply with EN ISO/IEC 27706:2025 and demonstrate enhanced auditor competence.
  • Map internal policies to the annexes relating to GDPR, ISO/IEC 29100, and other referenced regulations.

• 3D Data Quality (ISO/IEC 8803:2025):

  • Implement the standard’s evaluation workflow in 3D scanning and modeling projects.
  • Use the process as a procurement or vendor evaluation requirement for digital manufacturing partners.

• 3D Audio and Media Innovation (ISO/IEC 23008-6:2025):

  • Integrate reference software to test or validate MPEG-H 3D audio implementations.
  • For solution providers, cite the standard in product claims or RFPs to demonstrate conformance/futureproofing.

Timelines vary; while some standards (notably privacy frameworks) have a natural implementation cycle tied to audit or recertification, technical requirements (such as PIN security changes) should be adopted as part of active risk management and IT upgrade cycles.

Organizations can jumpstart compliance by accessing normative standards on iTeh Standards, leveraging implementation guides, and involving cross-functional teams for gap analysis and action planning.

Conclusion: Key Takeaways from October 2025

The release cycle in October 2025 provided critical updates and new tools for professionals in the Information Technology space:

• Enhanced privacy and audit standards support regulatory alignment and independent verification of compliance
• Updated cryptographic methods strengthen financial transaction integrity and consumer protection
• Standardized tools for 3D data quality and immersive audio foster innovation and cross-industry reliability

For quality managers, IT engineers, compliance leaders, and researchers, reviewing and aligning with these standards is vital for competitive, secure, and compliant operations.

Staying current with these evolving standards ensures organizations can demonstrate due diligence, maintain customer trust, and participate confidently in global digital ecosystems.

Explore all October 2025 Information Technology standards in depth at iTeh Standards.