Information Technology Standards Summary – September 2025

Looking back at September 2025, the Information Technology sector witnessed the publication of five notable standards, each reflecting the evolving priorities of software engineering, security, privacy protection, interoperability, and health informatics. This retrospective overview distills the most salient developments, offering a consolidated resource for industry professionals striving to maintain current, robust compliance postures and to leverage best practices across diverse operational domains. With agile guidance for very small entities, test protocols for RFID security, object resolution governance, privacy engineering models, and international patient summaries, this month’s output showcases the sector’s commitment to advancing both innovation and stewardship. This roundup helps quality managers, engineers, compliance leaders, and researchers catch up on key updates and their significance within the broader IT standards landscape.

Monthly Overview: September 2025

September 2025 was characterized by a balanced standardization momentum across Information Technology and Office Equipment. There is an evident trend toward operationalizing agile and privacy best practices, formalizing trust and security in digital identifiers, and achieving cross-border healthcare information portability. Of particular note, the month’s publication set included a significant update for agile methodologies tailored to very small entities (VSEs), detailed conformance frameworks for RFID security, and impactful advancements in privacy and health data interoperability. Comparatively, this set provided broader coverage than prior summer months, which leaned more heavily on cloud and cybersecurity topics. September’s mix indicates the sector is responding in real time to the increasing demand for more adaptable, privacy-centric, and interoperable solutions – a sign of maturing digital ecosystems and regulatory pressure for transparency and user empowerment.

Standards Published This Month

ISO/IEC 29110-5-4:2025 – Agile Software Development Guidelines for Very Small Entities

Systems and software engineering – Life cycle profiles for very small entities (VSEs) – Part 5-4: Agile software development guidelines

This standard provides detailed process and practice guidance for very small entities (VSEs) wishing to implement agile software development aligned with the broader ISO/IEC 29110 framework. VSEs are defined here as organizations or teams with up to 25 members not engaged in business- or safety-critical products. ISO/IEC 29110-5-4 offers VSEs a scalable, standardized approach to organize, govern, and execute agile projects—from project vision to retrospectives—integrated within a recognized lifecycle profile. The standard helps bridge a longstanding gap for organizations too small to efficiently tailor high-level international standards, by delivering explicit, stepwise, and role-defined agile recommendations within a familiar quality-oriented ecosystem.

Key new content includes:

• Mapping agile ceremonies (vision meeting, estimation, sprint planning, daily scrum, reviews, retrospectives) to defined project outcomes
• Clarifying roles, work products, and templates for lightweight process documentation
• Integration tips for organizations seeking ISO/IEC 29110 audit recognition
• References to popular agile methods with practical adaptation examples

Target audience: Very small software organizations, consulting firms, IT departments, and assessment bodies supporting VSEs. This standard fits seamlessly into certification and improvement programs for micro and small enterprises, addressing unique scaling, documentation, and resource constraints in agile adoption.

Key highlights:

• Specific lifecycle tailoring for teams under 25, including process templates
• Event-driven guidance harmonized with ISO/IEC 29110 process outcomes
• Practical documentation and assessment models for VSEs seeking compliance

Access the full standard:View ISO/IEC 29110-5-4:2025 on iTeh Standards

ISO/IEC 19823-11:2025 – Conformance Test Methods for Security Service Crypto Suite: PRESENT-80

Information technology – Conformance test methods for security service crypto suites – Part 11: Crypto suite PRESENT-80

This publication formalizes test procedures for the PRESENT-80 crypto suite, as specified in ISO/IEC 29167-11. Focused on RFID tags and interrogators operating within ISO/IEC 18000 protocols, this part of the series harmonizes with RFID device test methods and closes gaps for manufacturers, integrators, and testing labs needing consistent, auditable criteria for evaluating conformance to the PRESENT-80 security profile.

The standard delineates both "by demonstration" and "by design" verification frameworks for mandatory and optional protocol features—such as tag/interrogator authentication, handling of RFU fields, support for different key lengths, and cryptographic response validation. Laboratories performing testing must comply with ISO/IEC 17025 to ensure reliability and traceability. Key updates in the 2025 edition include alignment with updates to the over-the-air protocol and clarification of requirements for mutual authentication scenarios.

Target audience: RFID chip manufacturers, device integrators, certification labs, and organizations requiring formally validated security for RFID-based item management solutions. The standard is critical for industries with supply chains relying on secure product authentication, such as retail, logistics, and pharmaceuticals.

Key highlights:

• Mandatory and optional test cases for PRESENT-80 algorithm implementation
• Bridging functional gaps between ISO/IEC 18000, 18047, and 29167 for RFID security
• Updated procedure reflecting protocol enhancements for conformance

Access the full standard:View ISO/IEC 19823-11:2025 on iTeh Standards

ISO/IEC 29168-2:2025 – Object Identifier Resolution System: Operational Agency Procedures

Information technology – Open systems interconnection – Part 2: Procedures for the object identifier resolution system operational agency

This second edition updates the operational playbook for entities responsible for managing the Object Identifier Resolution System (ORS). OIDs underpin secure, universal identification mechanisms in global communications, digital certificates, and many interoperability schemas. The 2025 revision introduces the concept of a secondary operational agency to complement the primary agent, adds explicit nominee requirements, and details enhanced procedures for DNS-based OID support, charging models, and operational reporting.

The standard defines steps for appointment and transition, criteria for agency selection (including technical and jurisdictional requirements), obligations for DNSSEC/NSEC3 support, and mechanisms to extend ORS services to subordinate OID nodes (class A, B, or C) for varying levels of public or commercial access. It embeds robust continuity and audit obligations alongside new requirements for accessibility to up-to-date OID root zone files.

Target audience: Authorities, registrars, root zone operators, national or regional standards agencies, and any party managing or integrating OID-based systems (such as digital identity providers, certificate authorities, and network infrastructure firms). Its adoption signifies commitment to trustworthy, scalable, global identifier governance.

Key highlights:

• Formal dual-agency model for resilient OID management
• Comprehensive, transparent procedures for selection, operation, and transition
• Clear protocols for DNS root zone management and support levels

Access the full standard:View ISO/IEC 29168-2:2025 on iTeh Standards

ISO/IEC TS 27564:2025 – Privacy Engineering: Guidance on the Use of Models

Privacy protection – Guidance on the use of models for privacy engineering

This technical specification marks a strategic advance in the privacy-by-design conversation, offering comprehensive guidance on model-based systems and software engineering (MBSSE) as applied to privacy engineering. By describing categories of privacy models, high-level use cases, and synergies with related international standards, ISO/IEC TS 27564 fosters a common language for architects, developers, and compliance teams working to embed privacy controls at every stage of the digital system lifecycle.

Notable inclusions are:

• Framework for modeling privacy objectives, processes, and risk factors
• Guidance on selecting, representing, storing, and reusing privacy models
• Practical alignment with related standards and privacy risk management approaches (e.g., threat modeling, DPIAs)
• Use cases highlighting model-driven privacy engineering activities and interoperability

The standard’s emphasis on consistency, single source of truth (SSOT), and context-based abstraction supports complex system-of-systems and multi-organizational environments. Adoption of MBSSE as described in this specification can enhance privacy risk identification and mitigation—and bridge the communication gap between interdisciplinary teams.

Target audience: Privacy engineers, security architects, system designers, risk and compliance teams in sectors such as financial services, healthcare, public sector, and technology vendors.

Key highlights:

• End-to-end modeling guidance for privacy controls in engineered systems
• Integration with model-based engineering tools and standards
• Practical examples for model operationalization in privacy risk management

Access the full standard:View ISO/IEC TS 27564:2025 on iTeh Standards

EN ISO 27269:2025 – Health Informatics: International Patient Summary

Health informatics – International patient summary (ISO 27269:2025)

This European and international standard sets out the normative requirements for the International Patient Summary (IPS)—a minimal, standardized dataset for the exchange and coordination of essential healthcare information across borders. EN ISO 27269:2025 formalizes the abstract definition and data blocks that enable scalable implementation of interoperable patient summaries worldwide.

Key provisions establish the core data structure, ensuring that crucial patient information (such as demographics, clinical conditions, medications, allergies, and procedures) is communicated efficiently in support of continuity and quality of care. The document is deliberately abstracted to remain neutral with respect to specific workflows, technical architectures, or coding systems, focusing instead on universal data concepts to drive global adoption.

While implementation details (technical interfaces, coding schemes, workflow integration) are outside its direct scope, the standard’s model-centric approach guides conformance for vendors, health IT implementers, and regulatory agencies.

Target audience: Healthcare providers, EHR/EMR vendors, health IT interoperability consortia, government health agencies, and international health informatics programs.

Key highlights:

• Unified, minimal dataset for international health information portability
• Clear framework for core data blocks (demographics, conditions, treatments)
• Reduced ambiguity for implementers building cross-border health data systems

Access the full standard:View EN ISO 27269:2025 on iTeh Standards

Common Themes and Industry Trends

September’s publications reflected several prominent industry directions:

• Tailoring for organizational size and sector: Both the VSE-focused agile guidance and the health informatics patient summary typify the move towards context-aware, scalable standards adaptable to organizational scale and cross-border needs.
• Operational trust and security: Rigorous conformance and procedural standards in RFID crypto suites and OID resolution confirm a heightened focus on supply chain integrity and identity trust frameworks—key in digital transformation.
• Privacy by design and engineering discipline: Technical specifications for privacy modeling further evidence a trend where privacy is seen not as compliance overhead but as an engineering domain, supported by formal modeling and lifecycle integration.
• Interoperability and data portability: The International Patient Summary unambiguously stakes out the sector’s need for seamless, secure health data flow—foundational for telemedicine, international coordination, and patient-centric care.

Especially notable is the convergence between security, privacy, and interoperability: ensuring trust and usability while maintaining compliance with emerging regulatory and operational demands. The expanded attention to VSEs and the model-driven approach to privacy also signal growing inclusivity and maturity in IT standardization.

Compliance and Implementation Considerations

Organizational priorities and steps:

1. Gap analysis: Determine whether existing processes and systems deviate from new lifecycle guidance (ISO/IEC 29110-5-4 for VSEs), crypto suite compliance (ISO/IEC 19823-11), or updated privacy modeling practices (ISO/IEC TS 27564).
2. Stakeholder engagement: Form cross-functional teams, bringing in privacy, security, engineering, and, where relevant, healthcare domain experts to interpret and operationalize requirements.
3. Training and documentation: Invest in targeted training (particularly for small teams or new technology adopters) to embed agile ceremonies, privacy modeling, and robust test procedures.
4. Implementation pilots: Consider phased or pilot deployments—especially for new agile frameworks or privacy engineering methodologies—to calibrate resource requirements and deliver measurable value quickly.
5. Certification and monitoring: Initiate or update compliance assessment cycles in line with formal conformance test requirements or audit programs enabled by these standards.

Timeframes:

• Smaller organizations should plan for a 6–12-month window to fully integrate new VSE-specific agile practices.
• Security and identity infrastructure changes may require more thorough test and certification cycles, especially where certification labs or third-party assessments are required.
• For privacy engineering and health informatics, success hinges on multi-stakeholder alignment and layered rollout.

Key resources:

• Official documentation and process templates from the standards
• Toolkits and model repositories aligned with privacy or software engineering best practices
• Ongoing engagement with iTeh Standards for current versions, interpretations, and expert resources

Conclusion: Key Takeaways from September 2025

September 2025’s Information Technology and Office Equipment standards underscore the sector’s movement toward practical, scalable, and secure solutions across software development, supply chain security, privacy, and healthcare interoperability. For professionals, these publications form a blueprint for:

• Enabling smaller organizations to compete and comply via fit-for-purpose agile methods
• Ensuring conformance to RFID security protocols for traceability and authentication
• Securing digital identity and object resolution services across global networks
• Embedding privacy thinking in engineering via proven modeling frameworks
• Advancing safe, readily accessible patient information exchange in health services

For those responsible for compliance, system engineering, or strategic IT purchasing, now is the time to perform a focused review, align organizational practices with these standards, and leverage iTeh Standards as your authoritative resource for ongoing updates and implementation support.

Stay ahead—

Explore all September 2025 Information Technology standards on iTeh Standards