A Look Back: Information Technology Standards Published in May 2025

Looking back at May 2025 in the Information Technology and Office Equipment sector, the month stood out for its robust standardization activity, reflecting the rapid pace of digital transformation across industries. Five notable standards were published, each targeting a vital subdomain—from health informatics to cloud management, from public-key infrastructure to digital terminology harmonization. This comprehensive monthly overview explores the core features, industry implications, and compliance considerations for each standard, helping technology professionals, compliance officers, and engineers catch up on developments that may impact their strategies and operations.

Monthly Overview: May 2025

In May 2025, the Information Technology sector demonstrated its commitment to advancing secure, interoperable, and user-centric systems. The diversity of standards released during this period hints at several underlying industry trends: a heightened awareness of cybersecurity in business continuity planning, a push for more robust data governance in health informatics, increased attention to interoperability in cloud and public-key environments, and a growing recognition of the need for terminological clarity in digital construction and geospatial modeling.

Compared to typical months, May 2025 revealed a balance between forward-thinking innovation (such as cloud multi-management and post-quantum PKI) and the practical needs of clarity, resilience, and data protection within complex digital infrastructures. The standards published signal that industry players are preparing not just for current challenges but are also establishing the groundwork for future technological advances and cross-domain harmonization.

Standards Published This Month

ISO/TS 9166:2025 - Health Informatics – Guidelines for Self-Assessment Questionnaire Systems

Health informatics – Guidelines for self-assessment questionnaire systems

ISO/TS 9166:2025 addresses the growing adoption and sophistication of self-assessment questionnaire systems (SAQS) used in health informatics. Recognizing the pivotal role that such systems played during the COVID-19 pandemic, the standard sets out comprehensive guidelines for structuring, administering, and managing these IT-enabled systems. It details the framework for basic data elements, user interaction, data repository structures, and management components, but deliberately leaves the domain-specific questionnaire content to context-specific implementations.

The standard identifies users—including patients, family members, and caregivers—and supports their engagement outside clinical settings, such as at home or in the workplace. By standardizing data elements and functional interfaces, ISO/TS 9166:2025 aims to facilitate the integration of subjective (self-reported) and objective health data, promoting electronic health record (EHR) interoperability and enhancing preventive healthcare.

For health IT developers, hospitals, digital health platform providers, and public health authorities, compliance with this standard ensures that SAQS implementations are robust, interoperable, and privacy-aware.

Key highlights:

• Defines system architecture for health-focused self-assessment questionnaire platforms
• Establishes recommended data elements and interoperability features
• Facilitates aggregation of population health data and supports public health monitoring

Access the full standard:View ISO/TS 9166:2025 on iTeh Standards

ISO/TR 16214:2025 - Review of Geospatial and Building Information Modelling (BIM) Terminological Entries

Review of geospatial and building information modelling (BIM) terminological entries

ISO/TR 16214:2025 provides a systematic comparison and cataloging of key terminological entries across two paramount information modeling domains: building information modelling (BIM) and geographic information systems (GIS, or geomatics). By identifying identical, equivalent (synonymous), and homonymous terms between these two ecosystems—as well as concepts unique to each—the technical report addresses a fundamental interoperability challenge for digital construction, civil engineering, and smart city projects.

Without asserting normative recommendations, ISO/TR 16214:2025 offers an in-depth mapping that is indispensable for developers, data modelers, architects, and digital twin practitioners who must ensure semantic clarity across platforms. It surfaces where terminological ambiguity or overlap could cause integration issues, promoting better communication and shared understanding across industry boundaries.

Relevant for practitioners working with BIM, GIS, or combined digital built environment projects, this report establishes a terminological foundation for future harmonization efforts.

Key highlights:

• Systematically reviews identical, equivalent, and homonymous terms between BIM and GIS standards
• Groups terminology under data structures, digital representations, documentation, and data processing subdomains
• Supports interoperability, reducing misinterpretation in cross-domain data exchanges

Access the full standard:View ISO/TR 16214:2025 on iTeh Standards

ISO/IEC 27031:2025 - Cybersecurity – Information and Communication Technology Readiness for Business Continuity

Cybersecurity – Information and communication technology readiness for business continuity

ISO/IEC 27031:2025 is an essential revision that redefines best practices for ensuring information and communication technology (ICT) resilience as an integral part of enterprise business continuity. Emphasizing preparedness for disruption—whether caused by cyberattacks, natural disasters, or technical failures—the standard articulates a comprehensive framework for ICT readiness for business continuity (IRBC).

The document covers risk analysis, objective-setting (MBCO, RPO, RTO), incident management, alignment with organizational continuity plans, and practical strategies for recovery and resilience. Applicability spans all organization sizes and sectors, from multinational enterprises to small businesses managing critical infrastructure.

By aligning with this standard, ICT teams, information security managers, disaster recovery planners, and compliance departments can formalize ICT strategies, conduct effective continuity planning, and support robust enterprise risk postures. ISO/IEC 27031:2025 signals industry-wide recognition that business continuity is inseparable from cybersecurity and resilient digital operations.

Key highlights:

• Defines a structured framework for ICT readiness supporting business continuity
• Specifies objectives for ICT business continuity such as RTO (Recovery Time Objective) and RPO (Recovery Point Objective)
• Integrates ICT, governance, risk management, and incident response within business continuity management

Access the full standard:View ISO/IEC 27031:2025 on iTeh Standards

ISO/IEC 9594-12:2025 - Information Technology – Open Systems Interconnection – Part 12: The Directory: Key Management and Public-Key Infrastructure Establishment and Maintenance

Information technology – Open systems interconnection – Part 12: The Directory: Key management and public-key infrastructure establishment and maintenance

ISO/IEC 9594-12:2025 significantly extends the foundational directory and security standards by offering in-depth guidance on the establishment and ongoing maintenance of public-key infrastructure (PKI). Sitting alongside ISO/IEC 9594-8 and 9594-11, this part focuses on the implementation and operational best practices for PKI, with a special eye toward emerging application areas such as the Internet of Things (IoT), smart grids, and machine-to-machine (M2M) communications.

The standard details algorithms for authentication, encryption, and digital signature management, including migration considerations toward post-quantum cryptographic techniques. It addresses the procedural nuances and technical requirements necessary for PKI to operate securely in distributed digital environments, including PKI adaptation for intelligent electricity networks and industrial IoT scenarios.

IT security architects, PKI administrators, IoT solution integrators, utility companies, and vendors in regulated sectors benefit from this guidance, ensuring their PKI deployments meet evolving security, interoperability, and compliance demands.

Key highlights:

• Prescribes best practices for PKI setup and lifecycle management, supporting IoT, smart grid, and M2M contexts
• Covers the use and migration of cryptographic algorithms, including considerations for quantum-resilience
• Supplements foundational directory standards for advanced authentication and data protection

Access the full standard:View ISO/IEC 9594-12:2025 on iTeh Standards

ISO/IEC TR 10822-1:2025 - Cloud Computing – Multi-Cloud Management – Part 1: Overview and Use Cases

Cloud computing – Multi-cloud management – Part 1: Overview and use cases

ISO/IEC TR 10822-1:2025 marks a turning point in standardizing how organizations manage increasingly diverse and distributed cloud environments. Based solidly on prior standards—such as ISO/IEC 22123 and ISO/IEC 5140—this technical report synthesizes the management challenges and solutions for organizations running workloads across two or more cloud service providers (CSPs).

It provides both user and functional perspectives, mapping the major activities: service discovery, resource and identity management, deployment orchestration, policy enforcement, and cost optimization. A series of industry use cases drives home practical approaches to managing interfaces, ensuring consistent security postures, resolving billing and reporting disparities, and maintaining service-level agreements in heterogeneous multi-cloud landscapes.

This report offers cloud architects, DevOps leaders, IT service managers, and procurement officers a centralized body of knowledge for developing multi-cloud strategies, reducing vendor lock-in, and improving cloud service governance.

Key highlights:

• Presents a high-level functional and user view of multi-cloud management
• Details typical management challenges and maps representative use cases across industry verticals
• Guides integration, resource allocation, cost optimization, and governance in complex cloud ecosystems

Access the full standard:View ISO/IEC TR 10822-1:2025 on iTeh Standards

Common Themes and Industry Trends

A review of May 2025's standards in the Information Technology sector reveals several converging trends:

• Security and Resilience as Top Priorities: Business continuity (ISO/IEC 27031:2025) and PKI (ISO/IEC 9594-12:2025) standards stress the need for resilient ICT operations, capable of withstanding threats from both common disruptions and advanced, quantum-enabled attacks.
• Interoperability and Data Governance: Both multi-cloud management (ISO/IEC TR 10822-1:2025) and SAQS guidelines (ISO/TS 9166:2025) underscore the importance of seamless data flows, system integration, and interface standardization. Clarity in technical terminology (ISO/TR 16214:2025) further supports cross-domain collaboration.
• Digital Health and Remote Engagement: The evolution of self-assessment and remote health solutions, as captured in ISO/TS 9166:2025, affirms continued investment in patient-centric, digital-first care models.
• Cloud as the New Normal: The prevalence of multi-cloud management approaches recognizes that critical workloads, data, and services are increasingly distributed and must be coordinated, secured, and governed at scale.

Certain sectors—such as healthcare, construction/engineering (via BIM/GIS), and critical infrastructure (smart grid, IoT)—were especially targeted with new or updated standards this month, offering them improved frameworks for security, interoperability, and operational efficiency.

Compliance and Implementation Considerations

Organizations affected by these standards should consider the following actions:

• Gap Assessment: Benchmark current practices against relevant standards and identify shortfalls in compliance, especially in cybersecurity, PKI deployment, business continuity planning, and data integration.
• Prioritized Implementation: For mission-critical domains (e.g., business continuity, healthcare IT, or regulated cloud services), prioritize the adoption of ISO/IEC 27031:2025, ISO/TS 9166:2025, and ISO/IEC 9594-12:2025, given their potential compliance and operational impact.
• Timeline and Resources: Review timelines for internal adoption, understanding that some standards (such as those concerning ICT business continuity and PKI) may imply phased implementation, training, or technical upgrades.
• Engage Stakeholders: Involve IT, security, legal, and business leadership in interpreting new requirements and deploying necessary controls. Provide targeted training, especially for staff on the front lines of business continuity, PKI administration, or multi-cloud operations.
• Utilize Support Materials: Many standards provide annexes, use cases, and practical methodologies—leverage these to accelerate deployment and ensure consensus across teams.

Conclusion: Key Takeaways from May 2025

May 2025 delivered a diverse set of Information Technology standards that will shape industry best practices for years to come. Whether driven by ongoing digitalization, the growing importance of cybersecurity and business continuity, the complexity of multi-cloud operations, or the demand for clear semantic standards in digital construction, these publications support the sector's push toward secure, interoperable, and scalable solutions.

Professionals are encouraged to:

• Review the details of relevant standards via the provided links
• Assess current compliance and prepare implementation plans
• Monitor updates and revisions, as these standards will likely drive further harmonization and innovation
• Stay engaged—the ongoing evolution of information technology means that these and future standards will continue to emerge at a rapid pace

Staying abreast of these developments is not just a regulatory or compliance need, but a strategic imperative for maintaining a secure, efficient, and future-proof digital ecosystem. Explore the full standards on iTeh Standards for deeper insights and actionable guidance.