ISO Standards Annoucements

Project Committee (PC) 302 was commissioned by ISO to revise ISO 19011:2018 Guidelines for Auditing Management Systems. Post-COVID, there is more emphasis on remote auditing, to include content from the new ISO 17012:2024 Guidelines for the Use of Remote Auditing Methods in Auditing Management Systems. ISO hopes to published the official update by or near the end of 2025.

May 2025 - ISO 42005:2025 AI System Impact Assessment is officially published. While ISO 42001 was published in December 2023, it has taken several months to get guidance published on how to create an AI System Impact Assessment. There are many key points, to include the recommendation that the system engineering staff complete the analysis and not the GRC staff.

June 2025 - ISO is developing a collection of standards for AI testing, designated as the ISO 42119-series. This will include ISO 42119-2 Overview of  Testing AI Systems; ISO 42119-3 Verification and Validation Analysis of AI Systems; ISO 42119-7 Red Teaming. 

July 2026 - ISO 42006, the audit and certification standard for ISO 42001 will be officially released shortly. While the American National Accreditation Board (ANAB), part of ANSI, has authorized a limited number of certification bodies (CBs) in the U.S. to issue formal ISO 42001 certifications, many of the international accreditation bodies (ABs) have restricted their national CBs. The publication of this standard will open up the flood gates on ISO 42001 certifications, which has been limited to approximately 30 entities to date. 

June 2025 - ISO Technical Committee 302 has completed the initial Working Draft (WD) for ISO 25126 Information Security Controls Based on ISO/IEC 27002 for Distributed Ledger Services. This new standard, when completed, will provide guidance on how to protect data contained in distributed ledger technologies (DLT). 

June 2025 - A new working draft (WD) is under development as ISO 24876 Privacy Protection when Involving Trust Anchors in DLT-Based Identity Management. The intent of this new standard will identify the various types of trust anchors and analyzes the personally identifiable information (PII) of a data subject, processed by trust anchors. It examines the complete cycle of PII processing by trust anchors within a DLT-based identity management system. Additionally, it outlines privacy considerations, detailing both technical and organizational controls to protect the PII of data subjects managed by trust anchors. Furthermore, the document provides examples of PII protection measures within a DLT-based identity management system.

April 2025 - ISO 27017, the standard for cloud security controls based on ISO 27002, has reached the Draft International Standard (DIS) phase. After almost three years, the market has substantial interest in seeing this standard updated. Hopefully the follow on Final Draft International Standard (FDIS) phase, and official publication is not too far away now. 

May 2025 - ISO 27008, which defines how to audit the ISO 27001, Annex A controls is currently in the 3rd round of the Committee Draft (CD) process. The updated publication will align the Annex A controls with the current 2022 version of ISO 27001.

May 2025 - ISO 27701, which defines a Privacy Information Management System (PIMS), has reached the Final Draft International Standard (FDIS) stage. This revision has several significant attributed: (1) it becomes a stand-alone management system; (2) it aligns with the 2022 version of ISO 27001 Information Security Management Systems - Requirements; it aligns with the 2024 update to ISO 29100 Privacy Framework. 

MAY 2025 - ISO Technical Committee 279 on Innovation Management has begun the process to create ISO 56013 Innovation Portfolio Management - Guidance, which provides details on the intent of ISO 56001, Clause 6.4 Innovation Portfolio. Organizations can have one or more portfolios, which then track initiatives through the innovation life cycle. 

JUNE 2025 - The process to create the first edition of ISO 17021-16 Audit and Certification of Innovation Management Systems has begun. ISO 56001 Innovation Management Systems - Requirements was just published for the first time in 2024. Now it's time to create the audit and certification standard.

JULY 2025 - ISO Technical Committee 279 on Innovation Management has started the process to create ISO 56012 Innovation Ecosystem Management. This will be an exciting addition to the ISO 56000-series of publications. 

March 2025 - ISO Technical Committee 258 has registered a new approved work item (AWI) to create ISO 21514 Project, Programs and Portfolio Management - Requirements. The implied intent is to create a management system standard that will allow companies to become certified for their ability to demonstrate that they can control their projects, programs, and portfolios utilizing the ISO 21500-series related to this domain. Expected publication may be in 2027.

May 2025 - An approved work item (AWI) has been approved by ISO Technical Committee 258 for the creation of ISO 21520 Artificial Intelligence - Concepts, Applications, and Implications. This publication will provide practitioners with AI-related guidance and consideration in the areas of security, privacy, transparency, and bias, as well as related data governance, ethical and risk considerations.

June 2025 - ISO 9001, the standard for Quality Management Systems (QMS) is currently being updated, with an official publication date expected in 2026. The Committee Draft (CD) was approved and now moved to the Draft International Standard (DIS) stage. There are more entities certified to the ISO 9001 standard than any other ISO management system standard. 

February 2025 - Last updated in 2018, ISO 31000, which sets the process model for risk management across all domains, is currently being revised. The first Working Draft (WD) has been completed, and ISO Technical Committee 262 is considering the next steps for this foundational standard.