ISO/IEC 19770-1 is a framework of ITAM processes to enable an organization to prove that it is performing software asset management to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT asset management overall. ISO/IEC 19770-1 is aligned to Service Management (ISO/IEC20000-1) and contains 27 process areas, with objectives and detailed outcomes defined for each. The standard also advocates a tier-based approach to allow organizations to adopt ITAM processes that are suitable to the needs and size of the organization.
Effective IT Asset Management enables every organization to reduce its risk associated with the over or under buying of software assets (both executable and non-executable), but also works to ensure the security of those assets through effective tracking and support of the asset throughout the entire software and IT lifecycle. The standard is also sufficiently broad enough for it to be applied in a variety of technological environments, including cloud-based computing.
Organizations rely on software and other IT assets to effectively run their business.They rely on technology to communicate with customers and partners, to track their business plans and finances and remain competitive with their peers.Given this heavy reliance, and fact that software is licensed and not sold, it is important to organizations to properly manage those assets strategically while ensuring installation and use of those licenses are legal.The need to be legal is particularly important given that software vendors are known to regularly audit their customers to ensure compliance with applicable terms of the license contract.Also, ITAM/SAM is often performed by a mixture of automated and manual means even in sizable organizations. The manual component is labor intensive and cannot scale to support modern distributed enterprises. However, by providing a common standard to which all organizations can conform,even if the management of licenses can be labor intensive, organizations can benefit from processes such as the recycling of existing licenses within an organization, thus saving organizations money.
a. end-user organizations
The benefits to end-user organizations are numerous.The current Information Technology Asset Management (ITAM) & Software Asset Management (SAM) markets are dominated by some vendor-specific approaches for licensing, license management and asset optimization. Each approach is unique and employs its terminology. While this approach may foster innovation, it also results in a software consumer being required to deal with each of those vendors on a separate basis, which leads to significant inefficiencies and prevents easy comparisons. Adopting 19770-1 can go some way to limiting these inefficiencies and allowing comparisons due to an internationally-recognized framework for adopting and implementing ITAM. This process standard allows for standardization in IT asset management by allowing for a common, standardized, and measurable approach. But the standard simultaneously allows organizations to adopt a flexible applied to ITAM through its tier-based approach. It is useful for every organization looking to ensure maximum value from IT assets while reducing a variety of IT-related risk, including security-related risks.Having a standardized approach also allows for certification which will be useful for ensuring partners and potential partners have these processes in place – reducing your risk.
b. SAM practitioners
Similar to end-user organizations, the process framework allows those implementing SAM (SAM practitioners) a common, globally accepted, approach to effective software asset management.The 27 process areas covered become the ‘implementation plan’ for the SAM practitioner, but simultaneously allow SAM practitioners to design and implement a SAM framework that is best suited to customers and their needs.
Industry (including government) Adoption/Support
The availability of training and certification schemes based on 19770-1 enables both individuals and organizations to gain knowledge of 19770-based SAM and have their level of knowledge evaluated. Some of these schemes have been in operation for several years. Current examples are:
a) BSA’s SAM Advantage Training course and Verafirm related certifications (see https://samadvantage.bsa.org/ and http://www.verafirm.org);
b) IAITAM’s ITAM 360/19770 knowledge base and assessment system (http://www.iaitam.org).
c) The availability of cross-references between accepted industry practice and 19770-1. Annex C of 19770-1:2012 contains cross-references between 19770-1 and IAITAM Best Practice Library, Japan’sSAMACBest Practices (http://www.samac.or.jp),and CobiT 4.1 (http://www.isaca.org/COBIT/).
d) The availability of additional guidance documentation on 19770-1. Current examples are:
- Definitive Guide to SAM Assessment and ISO/IEC 19770-1 (see http://www.ecpmedia.com/publications.html#sm_guidetosam);
- The ITAM Review (e.g. http://www.itassetmanagement.net/2012/11/12/microsoft-sam-optimizationmodel-isoiec-197701/); and
- The SAM Guide (see http://www.samguides.com/).
Here are a few materials on the 3rd edition of the ISO ITAM standard (ISO/IEC 19770‐1:2017 IT Asset Management – Requirements)
FAQ PDF: FAQ on ISO ITAM Ed 3 – 20180404
Presentation Deck: ISO SAM-ITAM Process Standard Gen 3 Overview v3
To preview or buy a copy of the ISO Processes and tiered assessment of conformance, please visit ISO here: