You must have control over your software and hardware. Not just because you should – but because it makes perfect sense and it is good for your business.
The updated ISO standard 19770-1:2017 promises to help you do just that. ISO 19770-1:2017 is really not a new standard, but an update from ISO 19770-1:2012.
But it is not a minor update. It feels more like an overhaul in that it now meets the requirements of a “real” management systems standard, such as ISO 27001. In relation to IT asset management (ITAM), the standard helps to address some significant problems when it comes to reducing risk and establishing a best practice for managing your IT assets.
The 19770-x family covers all the essential areas, such as lifecycle processes and best practices, software tagging and usage rights (entitlements). Until this latest new release, the standard was a software asset management (SAM) standard, but it has become more and more obvious that looking at software and SAM as an island makes little sense.
Over the years, efforts have been made to build bridges to related areas, such as IT service management. But you cannot talk about managing software assets without also accounting for the hardware on which the software operates. So, SAM and hardware asset management (HAM) need to be tied closely together. This is reflected in the new ISO standard.
The main difference in this release is that it has been designed as a “management system standard”. This means that you share the approach towards risk management with ISO 27001. It also means that the 19770 standard is compatible with other management systems standards. For instance, the ISO 20000-1 for IT service management is currently being rewritten in the same manner.
As these standards evolve with comparable approaches and methodologies, it becomes easier to set in place governance structures across disciplines and specialist areas. But the trade-off is that the guidance and the “how to” becomes much more vague and it becomes a task for the individual organisation to figure out a plan on how to comply with the standard.
It will, of course, introduce more challenges – but there is also reason to believe that the challenges in managing IT assets in a global bank are somewhat different than for a regional manufacturing company.
Some people may question whether adhering to such standards is worthwhile. In the end, it is really up to each organisation to decide at what level it wishes to apply certain standards and whether this then brings value and supports the organisation’s strategic goals.
Most organisations expect that there is a certain level of control over the IT assets they own, and that these assets are properly managed, but this is very far from the truth. The complexity of taking control, the growing demand from the lines of business to acquire technology when they need to, and the internet of thkngs (IoT) revolution increase the effort required to keep on top of IT assets.
And if you find you can’t manage what you don’t know, the new standard can help. It allows the organisation to decide on the level of control that is required or desired. The 19770 family also sets a standard for:
For most organisations, the main driver for taking control of their software assets is the desire to avoid issues of software non-compliance during a licence audit. Sound management of IT assets can also improve an organisation’s security stance on cyber threats. New vulnerabilities are discovered every day and, on average, three out of every four attacks is aimed at web applications.
Both the WannaCry and the Equifax attacks took advantage of poor patch management, and therefore a lack of proper processes safeguarding IT assets. Good processes would have helped mitigate this.
As an organisation, you should be able to take advantage of the international standards laid out from ISO with regard to software tagging and entitlement tagging. You should insist software providers (Microsoft, IBM, Oracle, for example) and tools providers (such as Snow and Flexera) should support your ITAM activities by adhering to the ISO standards.
But IT asset management starts internally. Look at your own organisation: do you have the right resources in place and are people aware of their roles and responsibilities? Look into your processes. Do you have a set of policies and procedures in place to support effective ITAM? Are you aware of the threats from cyber attacks and are you ready to take cautious action?
Adherence to the new ISO 19770 standard boils down to having proper processes in place. These will help to avoid licence non-compliance, which is a financial risk to the organisation. Also, ISO 19770 enables you to optimise your software licence and secure operational processes, thus reducing IT security risks.
"*" indicates required fields
Software Asset Management is a business practice that involves managing and optimising the life cycle of software within an organisation.
Software asset management is relevant to many facets of a business - take a look at some of the roles that it can form part of the focus of.
Software vendors come in all shape and sizes - all with their own set of licensing models and rules. We take a look at just a few of them.
As a constantly evolving subject, SAM is not without its challenges. We take a look at some of the most common ones.
Wondering what an investment in SAM could do for your business? Fill out a few details and find out what return you could get!
Answer a few questions about your SAM infrastructure & experience, and we'll put together a personalised recommendation for the future.
A simple health check of what's being used across your Office 365 estate in this FREE, Microsoft backed and easy to setup review.
Just like you would with your vehicle each year, get an annual check up of your software asset management programme.
Overwhelmed by the task of documenting the steps for a successful SAM programme? Get the experts in to help!
Concerned your SAM tools aren't covering your whole estate? Or on the look out for an entirely new tool? Get us in to assist.
Not content with covering all things SAM related, we've teamed up with Capital to provide a comprehensive hardware asset management review.
A simple, one-time reconciliation of the software you have deployed versus the licence entitlement you own.
A regularly scheduled analysis of your organisation's estate, specifically adapted to your needs and budget.
A full appraisal of your Microsoft 365 setup and how best to optimise it through automated recommendations.
An add-on to our SAMplicity One, MOT and Plus offerings, quickly diagnose your ability to migrate your resources to the cloud.
In collaboration with law firm Addleshaw Goddard, ensure the legality of your SAM programme and get assistance with any contract disputes.
Available as standard with SAMplicity Plus, ensure you're compliant if you're unexpectedly audited by a vendor.
We've teamed up with some of the forefront experts in licensing knowledge so you can teach yourself to be an expert too.
Stumped by the continually evolving complexities of SAM? Join us for one of our comprehensive courses, either in-person or online.
It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!