ISO 19770 and Software Asset Management (SAM)

Compared to hardware asset management, software is a much trickier beast to tame. But the benefits are worth it...

ISO?

Let's dig into this new standard for managing the software assets in your enterprise. For starters, lets take a look at what the ISO is.

The "ISO" also known as the International Organization for Standardization was established in 1947 and is the world's largest developer of standards. It is a network of Standards Institutes, currently from 157 countries built on the basis of one member per country. The organization is centralized in Geneva, Switzerland. Although a non-governmental organization, the ISO maintains a unique position between the public and private sectors since many members of the ISO are either mandated by their governments or are directly involved with industry leaders and associations.

The ISO has set many standards for several aspects of modern life over the years, including such industry categories as manufacturing, development, safety, environmental and many others. However, today we’ll discuss one of their technical standards called ISO/IEC 19770-1:2006, also know as the SAM Standard, short for "Software Asset Management Standard."

It's all about standards

This standard consists of two parts. Part one explains the processes of SAM while the second part defines product identification intended to simplify the software inventory procedure. ISO 19770 is unique in that it combines both process descriptions and software versions. A successful implementation in your organization does not necessarily hinge on one part or the other since they are not dependent one another.

ISO 19770 is a draft standard for managing the software assets of an enterprise and it was developed with the purpose of enabling organizations to audit their performance of SAM to a standard sufficient to satisfy corporate governance requirements and to ensure effective support for the entire IT organization. It is also closely aligned with ISO/IEC 20000 which is intended to define the requirements of a service provider to deliver managed services, however we'll review that topic at a later date.

SAM advantages

Ultimately, effectively implementing ISO 19770 both facilitates the management of business risks and cost control for your organization, thus offering your business a competitive advantage and negating legal exposure. In terms of risk management, businesses limit the risks of disruption to IT related services and reduce legal and regulatory exposure.

IT related cost control is done so with central management of purchasing, thus providing better, more accurate and timely information for all aspects of accounting, auditing and billing. Furthermore, a competitive advantage is achieved by quality decision-making based on more complete information.

Using the ISO 19770 standard, the SAM principles apply to nearly everything in your IT environment including the following topics:

  • Proof of license documentation
  • Licensing models
  • All supported platforms
  • The software master media and all distribution copies
  • All builds and releases
  • All installed software
  • Detailed listings of software versions, patches and updates
  • Licenses
  • Contracts
  • Physical and electronic means of distribution

Furthermore, ISO 19770 calls for inventory records to include a software identifier, version, the name and location of the user and the asset's current disposition.

The standard advises businesses to implement policies and procedures designed to maintain inventory records, include backups, and a means to protect these records from unauthorized exposure.

Using these well thought-out processes for SAM will, among other things, result in several benefits for your organization by allowing management from other departments within your organization to place complete trust in the competence and completeness of these IT-related processes.

Software asset management is now a well-established business practice. With the potential savings in the millions, businesses are beginning to analyze and come to terms with software usage patterns, asset inventory, detailed contract terms and volume-related purchasing power. As a result, there are more products on the market designed to handle this complicated task than you can shake a stick. However, ensuring that the product of choice is ISO compliant has not been a prerequisite for most.

Until recently, applications designed to handle this process have been generally known to handle it in an arbitrary fashion, to put it kindly. Relatively few organizations have been able to successfully implement these products because they lack legally compliant auditability.

In the end, due diligence requires you to familiarize yourself with ISO 19770 in order to get a firm grasp of the complicated details behind properly maintaining your software assets.

Resources

ISO Homepage - Link

Purchase ISO/IEC 19770-1:2006 - Link

This article was first published on EnterpriseITPlanet.com.





Comment and Contribute

 


(Maximum characters: 1200). You have characters left.