Monthly Roundup: Information Technology Standards from September 2025

Looking back at September 2025, a transformative wave of standards publication in the Information Technology and Office Equipment sector reflected the industry’s dynamic priorities. Five significant standards, spanning urban mobility governance, data center provisioning, and digital identity management, were released, underscoring the sector’s strategic pivot toward sustainability, resilience, and secure digital transformation. For professionals dedicated to compliance, infrastructure planning, and digital ecosystem management, this retrospective provides valuable synthesis and context, helping organizations grasp the implications of these standards for future projects and regulatory planning.

Monthly Overview: September 2025

September 2025 marked a meaningful moment in the evolution of Information Technology standards. This month’s standards publications not only responded to the sector’s ongoing demand for robust digital infrastructure and secure identity management but also anticipated emerging needs for sustainability and efficient data center operations.

The standards from September 2025 can be broadly grouped into three thematic categories:

• Strategic digital governance for urban mobility and sustainability
• Unified approaches to data center provisioning (both IT equipment and facility infrastructure)
• Modernized frameworks and practices for digital identity management and privacy

Interestingly, this period saw a concerted effort to bridge the traditional silos between operational effectiveness, security, and environmental responsibility. Compared to prior months, the quantity and scope of standards released suggest a shift from point solutions to systemic frameworks that prioritize holistic management—whether of urban services, technological assets, or personal identity data.

Standards Published This Month

ISO 16481:2025 – Sustainable Mobility and Transportation — Digital Governance — Strategic Needs Regarding ISO 37101 Purposes of Sustainability

Sustainable mobility and transportation — Digital governance — Strategic needs regarding ISO 37101 purposes of sustainability

ISO 16481:2025 presents a landmark framework for structuring and articulating the digital governance capabilities required for making urban mobility systems genuinely sustainable. The standard is designed to help city planners, transport authorities, mobility operators, and solution vendors systematically align digital transformations in urban mobility with broader sustainability objectives as outlined in ISO 37101.

The scope of ISO 16481:2025 is ambitious: it applies to the digital governance layer of both passenger and goods transport, encouraging cities to orchestrate mobility solutions—from shared and on-demand options, to data-driven multimodal platforms—so that they deliver on environmental, social, and economic performance goals.

Key requirements include:

• High-level needs analysis and strategic alignment: Enables assessment and definition of mobility projects based on sustainability priorities and local community goals.
• Digital governance for systemic improvement: Specifies frameworks for standardizing data semantics, data services, and exploitation rules to foster interoperability and resilience.
• Operational guidance: Details processes for evaluating political commitment, performing baseline reviews, defining measurable strategies, handling real-time mobility data, and leveraging analytics for decision support.
• Stronger focus on energy efficiency, emissions management, and data privacy: Targeting smart infrastructure, dynamic passenger information, interoperability, and data security.

Who should comply: Urban policy makers, municipal IT managers, smart city consortia, and any stakeholder orchestrating or planning digital mobility services with a sustainability mandate.

Significance: ISO 16481:2025 helps bring cohesion to the otherwise fragmented digital mobility ecosystem, ensuring that investments in smart mobility consistently serve prescribed sustainability outcomes.

Key highlights:

• Provides a unified methodology linking digital governance to local sustainability goals
• Establishes interoperable, data-centric frameworks for urban mobility operations
• Enables real-time, adaptive, and privacy-aware management of complex transport systems

Access the full standard:View ISO 16481:2025 on iTeh Standards

ISO/IEC TS 8236-1:2025 – Information Technology — Provisioning, Forecasting and Management — Part 1: Data Centre IT Equipment

Information technology — Provisioning, forecasting and management – Part 1: Data centre IT equipment

The first part of the ISO/IEC TS 8236 series, this technical specification brought a standardized approach to the perennial challenge of provisioning IT resources within modern data centers. The document defines key performance indicators (KPIs) and methodologies for profiling, forecasting, and optimizing IT equipment deployments—critical for sustaining the explosive growth in digital data, artificial intelligence applications, and the proliferation of cloud and edge computing.

In practice, ISO/IEC TS 8236-1:2025 introduces:

• Standardized KPIs for IT provisioning: Provides tools for data center operations to benchmark existing assets, monitor trends, and project requirements for compute, storage, and network capacity across the full IT life cycle (preparation, commissioning, expansion, and retirement).
• Forecasting frameworks: Enables robust, evidence-driven projections of IT capital and operational expenditures, underpinning strategic decisions for in-house, managed, or colocation data center models.
• Integration with facility provisioning: Establishes a direct link between IT planning and facility infrastructure needs, feeding into standards for facility space, power, and cooling optimization (expanded in Part 2).

Who should comply: Data center IT managers, cloud service architects, IT infrastructure planners, and consultants tasked with long-term resource optimization.

Significance: By unifying methods for IT asset profiling and forecasting, organizations can avoid reactive, ad-hoc expansion—leading to greater cost control, risk mitigation, and operational resilience.

Key highlights:

• Establishes standardized, repeatable metrics for IT provisioning
• Aligns IT planning with longer-term facility management strategies
• Enables more accurate cost and capacity forecasting across IT life cycles

Access the full standard:View ISO/IEC TS 8236-1:2025 on iTeh Standards

ISO/IEC TS 8236-2:2025 – Information Technology — Provisioning, Forecasting and Management — Part 2: Data Centre Facility Infrastructure

Information technology — Provisioning, forecasting and management – Part 2: Data centre facility infrastructure

Building directly on Part 1, ISO/IEC TS 8236-2:2025 addresses the critical challenge of aligning IT provisioning forecasts with the realities of physical data center infrastructure—spanning space allocation, power, and cooling. The document enables data center designers and facility managers to develop facility provisioning profiles using standardized KPIs that mirror the IT platform forecasts.

Key requirements and features:

• Benchmarks and trend analysis for facility provisioning: Facilitates data-driven profiling of facility readiness and life cycle management, including commissioning, expansion, contraction, and retirement phases.
• Harmonization with IT provisioning: Integrates data center facility provisioning (DCfP) with input from IT provisioning profiles (DCitP), ensuring holistic planning rather than disparate, incompatible forecasts.
• Relationship to power usage effectiveness (dPUE): Offers a methodology for modeling, benchmarking, and reporting energy efficiency, directly supporting ISO/IEC 30134-2 requirements.

Who should comply: Data center and facility managers, infrastructure planners, energy efficiency consultants, and organizations owning or leasing mission-critical data centers.

Significance: Standardized facility provisioning supports both operational efficiency and sustainability, helping organizations address increasing regulatory and commercial demands for greener data center operations.

Key highlights:

• Aligns data center physical infrastructure planning with IT forecasting
• Supports benchmarking and improving energy efficiency (PUE)
• Enables better risk mitigation for power, cooling, and space constraints

Access the full standard:View ISO/IEC TS 8236-2:2025 on iTeh Standards

ISO/IEC 24760-2:2025 – Information Security, Cybersecurity and Privacy Protection — A Framework for Identity Management — Part 2: Reference Architecture and Requirements

Information security, cybersecurity and privacy protection — A framework for identity management – Part 2: Reference architecture and requirements

ISO/IEC 24760-2:2025 is a pivotal update in the evolving landscape of identity management. The standard provides foundational guidelines for the implementation of systems managing identity information across any organizational context in which identity data is collected, processed, or stored. Notably, this edition has been technically revised to reflect the proliferation of mobile identities and federated identity management scenarios.

Key features and requirements:

• Reference architecture for identity management systems: Sets out detailed models for managing both internal (employee) and external (customer/citizen/device) identities, emphasizing privacy, integrity, and availability.
• Comprehensive stakeholder identification: Clarifies roles for principals, management and information authorities, auditors, relying parties, and regulatory bodies.
• Processes and requirements: Details mandatory policies for identity information life cycle, access control, quality, interface standards, and compliance mechanisms – providing a robust, auditable baseline for assessing and improving identity management practices.
• Privacy and assurance: Supplies tools to assess privacy-friendliness and assurance mechanisms, responding to increasingly stringent data protection expectations and regulations worldwide.

Who should comply: CIOs, CISOs, IT governance and risk personnel, enterprise architects, public sector organizations, and any technology provider implementing identity solutions.

Significance: This standard serves as a bedrock for compliance with multi-jurisdictional privacy regulations and for the establishment of trustworthy digital identity services at scale.

Key highlights:

• Delivers a reference architecture for all modern identity management use cases
• Puts strong governance and privacy controls at the heart of identity data processes
• Offers horizontally applicable requirements that unify compliance and security efforts

Access the full standard:View ISO/IEC 24760-2:2025 on iTeh Standards

ISO/IEC 24760-3:2025 – Information Security, Cybersecurity and Privacy Protection — A Framework for Identity Management — Part 3: Practice

Information security, cybersecurity and privacy protection — A framework for identity management – Part 3: Practice

Complementing the reference architecture of Part 2, ISO/IEC 24760-3:2025 brings practical guidance to organizations implementing or operating identity management systems. The standard establishes specific practices, controls, and assurance mechanisms designed to ensure the effective, secure, and privacy-conscious use of identity data in any information system.

Highlights include:

• Identity-related risk mitigation: Provides operational practices for risk assessment, identity proofing, credential management, and the establishment of secure identity information access and control.
• Policy and control objectives: Guides organizations through context-sensitive controls for establishing, operating, and continually improving identity management systems in alignment with ISO/IEC 24760-1 and ISO/IEC 24760-2.
• Lifecycle and audit practices: Offers recommendations for auditing identity data handling, managing access, and navigating identity information lifecycle events (creation, modification, suspension, deletion, etc.).
• Integration with privacy frameworks: Supports consistency with international data protection regulations and related standards (e.g., ISO/IEC 29100, 29101, 29115).

Who should comply: IT administrators, identity and access management specialists, system integrators, privacy and compliance officers, service providers.

Significance: By codifying best practices and risk mitigations, ISO/IEC 24760-3:2025 supports not only core security objectives but also builds a foundation for digital trust—essential for interoperable, user-centric digital ecosystems.

Key highlights:

• Translates identity management frameworks into practical, actionable controls
• Addresses operational risk and privacy at every phase of identity data usage
• Provides a template for continual improvement and audit of identity management systems

Access the full standard:View ISO/IEC 24760-3:2025 on iTeh Standards

Common Themes and Industry Trends

Examining the collective substance of these September 2025 publications, several overarching trends emerge:

• Sustainability and digital governance converging in urban infrastructure: ISO 16481:2025 signals a shift towards systemic, data-driven governance as the enabler of sustainable city transport, with digitalization no longer an afterthought but a core driver of public service strategies.

• Holistic data center management: The twin ISO/IEC TS 8236 standards mark a growing industry consensus for integrated, KPI-driven management of both IT and facility assets. This convergence dismantles traditional barriers between IT and facility teams while prioritizing long-term sustainability and scalability.

• Mature identity management, driven by privacy and compliance: The new editions of ISO/IEC 24760-2 and 24760-3 clearly reflect the maturity of global digital identity ecosystems. The emphasis has moved from technical enablement to privacy, regulatory compliance, assurance, and practical controls for risk management, catering to both enterprise and public sector transformations.

Collectively, these standards align with industry challenges such as:

• Managing operational and environmental complexity in smart infrastructure
• Supporting digital transformation without compromising on privacy or compliance
• Scaling data center operations efficiently against increasing digital workloads
• Responding to evolving regulatory and public trust requirements

Compliance and Implementation Considerations

For organizations impacted by these standards, several practical considerations should be prioritized:

• Conduct comprehensive gap analyses against ISO 16481, especially for municipalities and mobility operators planning digital upgrades. Early adoption can help secure funding, reduce risk, and align with future regulatory trends.

• Integrate IT and facility provisioning teams in line with ISO/IEC TS 8236-1 and -2. Joint use of standardized KPIs and reporting will enable data-driven investment and operations, reducing costs and enhancing resilience.

• Upgrade identity management policies and architectures to conform with ISO/IEC 24760-2 and 24760-3. Pay special attention to privacy controls, lifecycle management, and interoperability with external identity providers.

• Audit current systems and procedures against new requirements; prioritize practices that support traceability, risk management, and regulatory defensibility.

• Timeline: Many standards do not carry hard deadlines, but competitive and compliance demands make earlier adoption advantageous. Consider 12–18 months as a realistic window for full alignment, depending on the complexity of existing infrastructure.

• Resources: Leverage iTeh Standards for full documentation, best practice guides, and community forums to support implementation success.

Conclusion: Key Takeaways from September 2025

Looking back, September 2025 proved pivotal for professionals responsible for keeping their organizations aligned with the latest Information Technology standards. The five standards captured here—spanning urban mobility, data center management, and digital identity—provide both high-level frameworks and practical requirements to drive sustainability, resilience, and trust in a fast-evolving digital landscape.

Recommendations:

• Prioritize comprehension and strategic planning around ISO 16481:2025 if involved in smart mobility.
• Initiate or refresh IT and facility provisioning models with the guidance of ISO/IEC TS 8236-1 and TS 8236-2 for future-ready data centers.
• Re-examine identity management strategies and practices against the latest ISO/IEC 24760-2 and 24760-3 updates.

Staying updated with these standards not only eases regulatory compliance but also empowers organizations to lead with secure, sustainable, and efficient practices. We encourage readers to dive deeper into each standard via the provided iTeh Standards links, and to leverage these frameworks to shape resilient digital operations for the years ahead.