November 2025 was a defining month for ISO and IEC, with significant movement across environmental management, AI governance, cybersecurity and privacy, quality, competence, resilience, and the circular economy. What’s notable is how clearly the month’s portfolio connects the dots between management systems and real-world outcomes: decarbonization, SDG implementation, trustworthy supply chains, privacy assurance, and human capability development.
For top management, this month’s developments send a strong signal: standards are rapidly becoming the operational language of credible sustainability, digital trust, and organizational resilience — and the leaders who act early will shape how these frameworks land in regulation, procurement, and market expectations.
Newly published standards
ISO/IEC TS 42119-2:2025 – AI testing — Part 2: Overview of testing AI systems
A practical entry point into AI testing, clarifying what “testing” means in AI contexts and how organizations can build capability.
ISO 22300:2025 (4th edition) – Security and resilience — Vocabulary
Updates the shared language of resilience, strengthening consistency across business continuity, crisis, and emergency management.
ISO 13659:2025 – Chain of custody — Book and claim
Enables credible sustainability claims in complex value chains where physical segregation isn’t feasible, using controlled “book and claim” accounting.
ISO/IEC 12792:2025 – AI transparency taxonomy
Creates a structured way to classify and communicate transparency features of AI systems — crucial for governance, assurance, and responsible deployment.
ISO/PAS 45007:2025 – OH&S — Climate change risks and climate action
Guidance for integrating climate-related risks into occupational health and safety management.
ISO 22373:2025 – Trustworthy supply and value chains framework
A framework for authenticity, integrity, and trust in products and documents — directly relevant to anti-fraud, compliance, and cross-border trade.
ISO 22372:2025 – Community resilience — Infrastructure resilience guidelines
Strengthens resilience thinking at the infrastructure level, with strong relevance for critical services and public-private ecosystems.
ISO/IEC 19896-1:2025 (2nd edition) – Competence of IT security conformance assessment personnel
Reinforces competence requirements for those assessing cybersecurity conformance — supporting credibility in certification and assurance.
ISO/TR 59031:2025 – Circular economy — Performance-based approach (case studies)
Shows how circular economy performance approaches work in practice, giving leaders concrete examples and patterns to learn from.
ISO 22366:2025 – Energy resilience framework and principles
A community resilience standard focused on energy systems — increasingly critical given volatility, electrification, and security concerns.
Final Draft International Standards (FDIS): Editorials before publication
ISO/FDIS 14001 (4th edition) – Environmental management systems
A flagship update to one of the world’s most used management system standards, reinforcing environmental governance as mainstream management practice.
ISO/FDIS 30201 (2nd edition) – Human resources management systems
Brings structure and auditability to HR management systems, aligning people practices with organizational performance and accountability.
ISO/FDIS 50100 – Energy management and energy savings — Decarbonization
A high-impact decarbonization requirements standard: positioning energy and emissions reduction as a systematic management discipline.
ISO/IEC/IEEE FDIS 23612 – Incident management
A cross-domain incident management standard that supports consistent response across IT, software, and organizational operations.
ISO/IEC FDIS 17020 (3rd edition) – Inspection bodies requirements
Modernizes the baseline for inspection bodies, supporting confidence in inspection outcomes.
ISO/IEC FDIS 17024 (3rd edition) – Certification of persons requirements
Strengthens global consistency in professional and personal certifications — relevant to competence-based assurance models.
ISO/IEC FDIS 27565 – Privacy preservation using zero-knowledge proofs
A significant signal of where privacy engineering is going: enabling verification without exposing sensitive data.
ISO/IEC FDIS 29151 (2nd edition) – PII protection controls
A pivotal privacy-controls standard supporting organizations handling personally identifiable information across systems and supply chains.
Draft International Standards (DIS): Nearing publication
ISO/DIS 9001 (6th edition) – Quality management systems — Requirements
A pivotal revision to the world’s most adopted management system standard. The focus is shifting toward relevance in sustainability, resilience, digital operations, and stakeholder expectations.
ISO/UNDP DIS 53001 – SDG management systems — Requirements
A landmark step toward operationalizing the UN SDGs through auditable management systems — highly relevant for ESG strategy, reporting, and impact credibility.
ISO/DIS 14002-3 – ISO 14001 guidance on climate
Provides structured guidance for addressing climate aspects within environmental management systems.
ISO/IEC DIS 42105 – Human oversight of AI systems
Brings human accountability back to the center of AI governance, guiding organizations on scalable oversight models.
ISO/IEC DIS 38501-1 – Governance of IT implementation guidance
Moves from principles to practical implementation, supporting boards and executives in governing IT as a strategic asset.
ISO/DIS 44001 (2nd edition) – Collaborative business relationship management systems
Formalizes collaboration as a management system: governance, roles, value-sharing, and performance in partnerships.
ISO/DIS 42503 – Sharing economy implementation framework
Supports organizations and ecosystems in building models that leverage shared resources and value creation.
Supply chain interoperability and integration (ISO/DIS 25500 series)
A substantial series covering: principles, vocabulary, identity verification, certificate verification, supply chain data verification, and sourcing data requirements — foundational for trusted digital trade.
ISO/DIS 30440 – Strategic and ethical integration of technology in HR
Addresses the governance of HR tech, balancing digital transformation with ethics and workforce well-being.
ISO/DIS 30441 – Workplace well-being guidelines
Frames well-being as a system-level management concern, not a “benefits program.”
ISO/DIS 29501 & ISO/DIS 29502 – Operating management systems
Expands structured management system thinking into operational contexts with conformity assessment guidance.
ISO/DIS 24644-1 – Mass customization value chain management
Responds to the shift toward flexible, individualized production models with a standardized management approach.
ISO/DIS 18983 – Hybrid meeting service guidelines
Standardizes best practices for hybrid meeting services — reflecting the new normal of work.
ISO/DIS 41002 – Facility management organization development
Develops the organizational capability dimension of facility management.
ISO/IEC DTS 20125 – Digital services ecodesign
Moves sustainability “upstream” into digital service design and lifecycle practices.
ISO/DTS 19384 – Service excellence through digital approaches
Connects service excellence methods with digital transformation and customer experience operations.
ISO/DTS 44005 – Leadership for collaborative working
Turns collaboration into a leadership discipline, supporting multi-stakeholder ecosystems and joint value creation.
Committee Drafts (CD): Key Standards in Progress
ISO/CD 30401 (2nd edition) – Knowledge management systems
Positions knowledge as an (governable) asset — critical for resilience, AI adoption, and capability retention.
ISO/IEC CD 42102 – AI capability characterization framework
Supports consistent descriptions of AI methods and capabilities — necessary for governance, assurance, and procurement.
ISO/IEC CD 27003 (ed.3) – ISMS guidance
A key implementation companion for ISO/IEC 27001 programs, supporting practical and scalable security management systems.
ISO/CD 56011 – Innovation management competency framework
Reinforces that innovation performance depends on defined competence — not just culture and ideas.
ISO/CD 37202 – Safeguarding for organizations
A governance and responsibility standard: setting expectations for safeguarding people in organizational contexts.
ISO/CD 41001 (2nd edition) – Facility management systems
Strengthens facility management as a discipline that is measured, governed, and aligned to strategy.
ISO/CD PAS 25535 – Sustainability integration in asset management systems
Signals rising expectations for embedding sustainability directly into asset management governance and decision-making.
ISO/CD TR 24962 – Sampling-based conformity assessment
Supports more innovative assurance models, improving efficiency while maintaining confidence.
ISO/CD TR 22957-1 / -2 – Document management environments
Provides structure for technology functionality and project phases in information/records environments — necessary for governance and compliance.
ISO/IEC CD TR 38509 – Responsible governance of IT for digital inclusion
Positions inclusion as a governance responsibility, not only a policy aspiration.
Working Drafts (WD): Early-stage developments
ISO/WD 59004 (2nd edition) – Circular economy vocabulary and implementation guidance
Builds a common language and implementation backbone for circular transition.
ISO/WD TR 20194 – Digital trade principles and initiatives
A strategic framing standard: helping align trade modernization, interoperability, and cross-border trust.
New work items (AWI, PWI, NP): New proposals to watch
ISO/AWI 37013 – Anti-money laundering (AML) guidance
Adds practical depth to integrity and compliance programs, with growing relevance across supply chains and digital finance.
ISO/IEC AWI 25022 – Quality-in-use measurement (SQuaRE)
Shifts attention to user-centric quality: usefulness, satisfaction, effectiveness, and real-world outcomes.
ISO/NP 25534-1 – Digital Product Passport — Overview and principles
A crucial foundational project for product transparency, traceability, and regulatory alignment — especially relevant for EU-driven DPP programs and global interoperability.
ISO/NP 45009 – OH&S leadership and governance (top management guidance)
Explicitly targets executives: clarifying leadership behaviors, governance structures, and accountability in OH&S systems.
ISO/NP 30447 – Sustainable HRM guidance
Connects people strategy with sustainability outcomes — a growing area where reporting expectations and employee experience converge.
ISO/NP 21515 – Competency framework for project/programme/portfolio professionals
Treats transformation delivery as a competence system — aligning capability with execution reliability.
ISO/NP TS 26333 – Cross-cultural collaboration guidelines
A timely standard for global ecosystems and partnerships, strengthening collaboration effectiveness across cultures.
ISO/NP 41020 – Facility management performance management framework
Pushes FM toward measurable performance and strategic contribution.
ISO/NP 30404 – Applying HR metrics
A practical move toward evidence-based HR governance.
ISO/IEC NP 26160 – Evaluating AI functionality under Common Criteria (15408/18045)
A strong signal that AI assurance is moving into formal evaluation schemes — a step toward auditable trust in AI functionality.
ISO/IEC NP TS 25864 – Resilience assessment of AI systems
Brings resilience engineering into AI: robustness, continuity, and failure modes as governance requirements.
ISO/PWI TR 39009 – ISO 39000 series implementation survey
A learning-oriented initiative: capturing implementation experiences and lessons learned to improve real-world effectiveness.
ISO/IEC PWI TR 26374 – Cybersecurity competence study
Reinforces that cybersecurity maturity is increasingly about skills, roles, and capability systems.
ISO/IEC PWI TR 26373 – SME guidelines for ISO/IEC 27002
A high-value direction: translating security controls into practical guidance for smaller organizations.
Looking Ahead
November 2025 shows ISO and IEC accelerating toward a management-system future where sustainability claims must be verifiable, AI must be governable, collaboration must be systematic, and digital trust must be auditable. The standout signals are hard to miss:
- ISO 14001 and SDG management systems are moving sustainability into operational governance.
- ISO 9001 (DIS) remains the year’s biggest management system event, shaping how “quality” will look in the next decade.
- AI governance is maturing rapidly through transparency taxonomies, human oversight guidance, resilience assessment, and formal evaluation alignment.
- Cybersecurity and privacy are shifting into more advanced assurance models (e.g., zero-knowledge proofs, updated PII controls, stronger ISMS guidance, and SME-specific implementation).
At StandardsHero, we’ll keep translating these developments into practical leadership insights — helping top management connect standards to strategy, governance, and measurable outcomes across sustainability, digital trust, and resilience.