We do analyses in cancer research, our lab and the IT is certified after ISO 17025. We use open source and closed source and for both it’s the same: for every step and every tool we’ve done verification and validation. With every analysis several test are done to ensure that nothing has changed which alters predefined outcomes since last time.
Why are we doing this for research (which is unusual) ? Because in cancer research real patients are involved, errors in analysis could lead to death.
In general researchers do similar verification and validations, not after some ISO, but according to their needs. All researchers I know are typically very doubtful about their methods and their numbers, doing a lot of cross checking and tests. Nothing more embarrassing for them to need to withdraw a publication.