1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 25389-2025

ISO IEC 25389-2025 PDF

St ISO IEC 25389-2025

Name in English:
St ISO IEC 25389-2025

Name in Russian:
Ст ISO IEC 25389-2025

Description in English:

Original standard ISO IEC 25389-2025 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 25389-2025 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso25918
Choose Document Language:
€25

Full title and description

Information technology — The safe framework (ISO/IEC 25389:2025). This international standard defines a framework of recommendations for organisations that provide public-facing digital products or services and that carry out trust and safety operations to identify, control and manage content- and conduct-related risks.

Abstract

The standard sets out a high-level, adaptable set of aims and recommended practices for managing content- and conduct-related risks in digital products and services, and includes guidance for assessing the implementation and maturity of those practices. It is intended to support consistent approaches to trust and safety operations across diverse platforms and service types.

General information

  • Status: Published (International Standard).
  • Publication date: June 2025 (approved 25 June 2025).
  • Publisher: International Organization for Standardization (ISO) / IEC JTC 1 (Information technology).
  • ICS / categories: 35.030 (IT security).
  • Edition / version: Edition 1 (2025).
  • Number of pages: 26 pages.

Scope

ISO/IEC 25389:2025 provides a framework of recommendations for organisations that offer public-facing digital products or services and that operate trust and safety functions to address content- and conduct-related risks. The scope includes both guidance for designing and operating controls and recommendations for assessing how well those practices have been implemented within an organisation. The standard is deliberately flexible so it can be mapped to platform-specific policies and operational models.

Key topics and requirements

  • A framework of aims and recommended practices for trust and safety operations (policy, detection, enforcement, remediation, transparency).
  • Guidance for identifying and categorising content- and conduct-related risks across services and user journeys.
  • Recommendations for operational controls, roles and responsibilities within organisations that manage digital safety.
  • Assessment criteria and a method for evaluating the implementation and maturity of trust and safety practices.
  • Flexibility to map organisational practices to the framework’s aims and to support cross-organisational benchmarking.

Typical use and users

This standard is intended for trust & safety teams, product and platform managers, legal and compliance teams, risk and governance functions, auditors, regulators and consultants working on digital platform safety. It is also useful for standards bodies, researchers and organisations seeking to benchmark or improve their content- and conduct-risk management practices.

Related standards

Relevant related standards include information-security and privacy standards and other ISO/IEC JTC 1 outputs that organisations commonly use alongside trust-and-safety guidance (for example, ISO/IEC 27000-series for information security and privacy-related standards for personal data protection), plus industry frameworks for moderation, transparency and accountability. The DTSP Safe Framework served as the basis for this ISO/IEC standard.

Keywords

trust and safety, safe framework, content moderation, conduct risk, digital safety, platform governance, assessment, maturity model, ISO/IEC 25389, JTC 1, IT security.

FAQ

Q: What is this standard?

A: ISO/IEC 25389:2025 is an international standard titled "Information technology — The safe framework" that provides a recommended framework for organisations running trust and safety operations on public-facing digital products and services.

Q: What does it cover?

A: It covers high-level aims and recommended practices for identifying, controlling and managing content- and conduct-related risks, plus guidance for assessing the implementation and maturity of those practices across an organisation’s trust and safety operations.

Q: Who typically uses it?

A: Trust & safety teams, product managers, compliance and legal teams, risk and governance functions, auditors, regulators, consultants and researchers focused on platform safety and digital risk management.

Q: Is it current or superseded?

A: It is current—published as an international standard in June 2025 (first edition). Organisations should check for any future amendments or related guidance as the topic and best practices evolve.

Q: Is it part of a series?

A: It is published under ISO/IEC JTC 1 (Information technology) and sits alongside other ISO/IEC standards for information security, privacy and IT governance; it is not a numbered part of a multi-part series but can be used together with related ISO/IEC standards.

Q: What are the key keywords?

A: Trust and safety, content moderation, conduct risk, digital safety, platform governance, maturity assessment, ISO/IEC 25389.