Monthly Overview: Information Technology Standards from October 2025

Looking back at October 2025, the field of Information Technology and Office Equipment (ICS 35) witnessed the publication of five highly significant standards. This period was characterized by a blend of advancements in digital health interoperability, robust security guidance for health software, and the ongoing evolution of smart transport and telehealth systems. For industry stakeholders—including quality managers, IT architects, compliance officers, and procurement specialists—understanding these developments is crucial for informed planning and continuous improvement in compliance and system design.

Whether your focus is on health IT security, telehealth device integration, or managing ITS solutions, this retrospective digest delivers a thorough synthesis of the month's critical standards, providing insights into their requirements and relevance for organizations shaping the future of digital technology infrastructures.

Monthly Overview: October 2025

October 2025 emerged as a substantive month for standards development within Information Technology and Office Equipment, emphasizing foundational work in secure healthcare, digital interoperability, and intelligent infrastructure. Published documents from ISO, IEC, and CEN represented:

• A strong focus on secure, transparent exchange of information in health software systems, driven by an urgent need for robust, up-to-date cybersecurity protocols.
• Advances in telehealth device interoperability to ensure fast, accurate, and plug-and-play communication between personal health devices and management applications.
• Ongoing refinement of the architectures underpinning intelligent transport systems, vital for smart cities and digital mobility.

Compared to previous cycles, October 2025 marked a notable integration of security, interoperability, and usability themes, and a shift toward holistic system-of-systems frameworks in both healthcare and transport. This suite of standards not only responded to immediate regulatory demands, but also anticipated long-term requirements for global health management, telemedicine, and smart city operations.

Standards Published This Month

IEC/TS 81001-2-2:2025 - Health software and health IT systems safety, effectiveness and security – Guidance on Security Needs, Risks and Controls

Health software and health IT systems safety, effectiveness and security – Part 2-2: Guidance for the implementation, disclosure and communication of security needs, risks and controls

This technical specification sets out comprehensive guidance for implementing, disclosing, and communicating security requirements, risks, and controls across the lifecycle of health software and health IT systems. It applies to any platform—cloud, on-premise, or hybrid—and is relevant for health software manufacturers (including medical device producers), healthcare delivery organizations (HDOs), IT architects, and compliance managers.

Replacing and integrating the earlier IEC TR 80001-2-2 and IEC TR 80001-2-8, this document broadens the focus from standalone medical devices to cover all health software, aligning content and terminology with recent standards (e.g., ISO 81001-1:2021; IEC 80001-1). This consolidation assists in providing a consistent security posture across diverse technologies and use-cases.

Key regulatory expectations include:

• Clear articulation of roles and shared responsibilities concerning the management of security risks.
• Cataloguing of 17 core security capabilities (e.g., audit controls, incident response, malware detection, authentication, backup/disaster recovery, secure transmission and storage).
• Guidance for communicating security features and configurations, including recommendations for Software Bill of Materials (SBOM) and related disclosures.
• Mapping security controls to current international standards—such as ISO/IEC 27002, NIST 800-53, IEC 62443-4-2—and harmonizing risk management practices.

Stakeholders must note the removal of the Configuration of Security Features (CNFS) as a distinct capability, requiring instead that configuration options be clearly documented and communicated. The inclusion of case-study mappings, scenario guidance, and alignment with regulatory frameworks positions this standard as a foundational reference for both compliance and system procurement.

Key highlights:

• Unifies and updates previous guidance for health IT network security.
• Applies broadly to software in health and medical contexts across all operating environments.
• Introduces detailed, scenario-based guidance and mapping to leading cybersecurity frameworks.

Access the full standard:View IEC/TS 81001-2-2:2025 on iTeh Standards

ISO/TS 24315-3:2025 - Intelligent Transport Systems: METR System of Systems Requirements and Architecture

Intelligent transport systems – Management of electronic traffic regulations (METR) – Part 3: System of systems requirements and architecture (SoSR)

ISO/TS 24315-3:2025 delineates the System of Systems (SoS) architecture for the management of electronic traffic regulations (METR). It is foundational for cities, infrastructure planners, automotive system integrators, and public authorities aiming to implement, scale, or audit next-generation ITS solutions.

The standard introduces a reference architecture supporting end-to-end METR operations. Key components addressed include:

• Definition of information flows for rule promulgation, transaction auditing, coordination services, and traffic control device monitoring.
• Functional, physical, and enterprise views for the overall METR architecture, supporting traceability, modularity, backwards/forwards compatibility, and language neutrality.
• Robust specification of roles for rule makers, system users, implementers, and auditors, highlighting the processes, dependencies, and data management expectations for each.
• System requirements for security credential management, enrolment, distributed registry services, and information exchange constraints for efficiency and reliability.

This part of ISO/TS 24315 series underpins digitized, automated management of traffic regulations—vital for the scaling of autonomous vehicles, dynamic road rule adjustment, and digital mobility applications.

Key highlights:

• Defines a generic, system-agnostic architecture for electronic traffic regulation management.
• Supports integration and scalability in metropolitan and cross-jurisdictional environments.
• Focuses on interoperability, auditability, and role clarity in complex ITS networks.

Access the full standard:View ISO/TS 24315-3:2025 on iTeh Standards

EN ISO/IEEE 11073-10425:2025 - Device Interoperability: Continuous Glucose Monitor (CGM)

Health informatics – Device interoperability – Part 10425: Personal Health Device Communication – Device Specialization- Continuous Glucose Monitor (CGM) (ISO/IEEE 11073-10425:2024)

This European standard delivers a globally harmonized definition for communication between personal health continuous glucose monitoring (CGM) devices and management applications. It is essential for device manufacturers, telehealth platform developers, hospitals, and procurement professionals seeking reliable, interoperable CGM integration.

Key components include:

• A normative set of data exchange profiles, formats, and term codes, designed to eliminate ambiguity and maximize plug-and-play interoperability.
• Continuous, real-time glucose measurement and reporting, enabling actionable data flows every 5 minutes (typical) for telehealth and patient self-monitoring.
• Strategic alignment with the broader ISO/IEEE 11073 family for information models and transport standards, thereby simplifying integration across vendor boundaries.
• Limiting optionality in device behavior to ensure consistent implementation and robust multi-vendor ecosystem support.
• Revision highlights: updates to normative references, explicit compliance requirements, increased clarity in device association and observation processes.

With this standard, healthcare organizations can build scalable remote diabetes management infrastructure, improving patient outcomes and workflow efficiency.

Key highlights:

• Establishes universal requirements for CGM-device to system interoperability.
• Mandates frequent, secure, and seamless exchange of glucose data.
• Fully harmonized with current health informatics and telehealth standards.

Access the full standard:View EN ISO/IEEE 11073-10425:2025 on iTeh Standards

EN ISO/IEEE 11073-10471:2025 - Device Interoperability: Independent Living Activity Hub

Health informatics – Device interoperability – Part 10471: Personal Health Device Communication – Device Specialization – Independent Living Activity Hub (ISO/IEEE 11073-10471:2024)

In an era of aging populations and in-home care, this standard defines the interoperability core for independent living activity hubs, devices that aggregate information from simple environmental and safety sensors (such as fall, motion, occupancy, smoke, or emergency response alerts). Targeted at manufacturers, service integrators, and smart home developers supporting assisted living and telecare, EN ISO/IEEE 11073-10471:2025 mandates:

• Standardized term codes, formats, and interactions for all hub-connected sensors, ensuring consistent plug-and-play performance.
• Normalization and secure transmission of behavioral and environmental data to managers or cloud health platforms.
• Specification of required device behaviors and reduced ambiguity in implementations, streamlining vendor interoperability and system integration.
• Scalable architecture for integration of current and future sensor types (door, bed occupancy, temperature, PERS, etc.), providing extensibility for smart home and clinical use-cases.

The revision supersedes the 2011 standard, introducing up-to-date requirements for secure connectivity, new sensor profiles, and expanded compliance harmonization within the ISO/IEEE 11073 family.

Key highlights:

• Defines common communication frameworks for independent living monitoring hubs.
• Supports seamless, multi-sensor data integration for healthcare and assisted living.
• Expands compliance with current terms, models, and interoperability requirements.

Access the full standard:View EN ISO/IEEE 11073-10471:2025 on iTeh Standards

EN ISO/IEEE 11073-10472:2025 - Device Interoperability: Medication Monitor

Health informatics – Device interoperability – Part 10472: Personal Health Device Communication – Device Specialization – Medication Monitor (ISO/IEEE 11073-10472:2024)

Medication adherence remains a cornerstone challenge in chronic care and remote patient management. This standard defines the interoperable communication requirements for medication monitors: devices capable of automatically tracking and transmitting a patient’s medication intake behavior to management platforms.

Relevant to telehealth equipment manufacturers, health IT integrators, in-home care services, and clinical research organizations, EN ISO/IEEE 11073-10472:2025 provides:

• Normative interaction profiles, secure data transmission formats, and standardized codes for medication event reporting and compliance monitoring.
• Core requirements for seamless communication between medication monitors and health data managers (cell phones, computers, smart appliances).
• Clear reduction of ambiguity and optionality in device implementations, facilitating reliable, multi-vendor interoperability.
• Latest updates: enhanced time-synchronization support, new standard configurations, and broader compliance with the evolving ISO/IEEE 11073 ecosystem.

Key highlights:

• Establishes global best practices for medication adherence device communication.
• Enables scalable remote medication monitoring workflow integration.
• Aligns platforms for consistent device management and improved clinical outcomes.

Access the full standard:View EN ISO/IEEE 11073-10472:2025 on iTeh Standards

Common Themes and Industry Trends

Several industry-driving patterns were evident in October 2025’s standardization activity:

• Unifying Health IT Security Guidance: The consolidation and alignment of security practices for health software—not just standalone medical devices—signals a recognition of integrated, multi-vendor risk in hybrid clinical environments.
• Plug-and-Play Interoperability: All three device-related standards (CGM, Independent Living Hubs, Medication Monitors) stress reduction of ambiguity and mandatory support for defined codes, formats, and behaviors. This facilitates seamless remote monitoring and supports rapid industry deployment.
• Smart Infrastructure Integration: System-of-systems architectures in ITS (via METR) anticipate greater digitization, automation, and cross-system coordination—critical for smart city and digital mobility strategies.
• Lifecycle and Disclosure Focus: Requirements for SBOM, transparency in configuration, and mapping to globally recognized cybersecurity frameworks illustrate a maturing expectation for ongoing lifecycle management and post-deployment security.

These trends mirror a broader industry push toward harmonization, risk-informed design, and technology landscape future-proofing.

Compliance and Implementation Considerations

Organizations impacted by these standards should prioritize implementations as follows:

1. Security and Risk Management Alignment: Health IT manufacturers and healthcare providers must review and update lifecycle processes to document, communicate, and maintain security capabilities in line with IEC/TS 81001-2-2:2025. Leverage provided mappings to ISO/IEC 27002, NIST 800-53, and related security frameworks.
2. Interoperability Testing: Device manufacturers (CGM, medication monitors, independent living activity hubs) should validate communications per the specific code/format requirements and confirm compliance via plug-and-play test environments.
3. ITS Reference Compliance: ITS and city planners should align solution procurement and system design to the modular, extensible requirements of ISO/TS 24315-3:2025.
4. Transparency Documentation: Prepare, update, and make available SBOMs and security guides, and ensure clear documentation of all security and interoperability features.

Timeline and Resources:

• Effective implementation may require cross-functional gap analyses, updated procurement and development documentation, and ongoing workforce training.
• Begin compliance assessments immediately if affected by healthcare interoperability or ITS regulations, adopting a phased approach aligned with device/system upgrade cycles.

Conclusion: Key Takeaways from October 2025

October 2025 saw the publication of five major standards that have set new benchmarks for security, interoperability, and intelligent system design in Information Technology and Office Equipment. The push for harmonized security frameworks (IEC/TS 81001-2-2), the maturing device ecosystem in telehealth (EN ISO/IEEE 11073 series), and comprehensive system architectures for digital transport (ISO/TS 24315-3) are collectively transforming global best practices in digital health and smart infrastructure.

Professionals working in healthcare technology, telehealth, and intelligent transport must prioritize understanding and implementing these standards to ensure resilience, regulatory alignment, and future readiness in a competitive, innovation-driven environment. Reviewing the full documents—available via iTeh Standards—is strongly recommended to ensure comprehensive compliance and to leverage the latest industry insights.

Stay ahead of evolving digital trends, minimize risk, and maximize system value by engaging with the detailed requirements of each of these cornerstone October 2025 standards.