Software and IT Asset Management Standards: Benefits for Organizations and Individuals



Similar documents
Information technology Software asset management Part 3: Software entitlement tag

ISO/IEC Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1

Reviewers of proposed revision to ISO/IEC :2006 SAM Processes. Call for feedback on draft of revised Tiered SAM Processes

SAM Standards: A Review of ISO and 2

ISO/IEC 90003:2004 covers all aspects

Is Business Continuity Certification Right for Your Organization?

ISO/IEC 27001:2013 webinar

ISO/IEC Part 1 the next edition

Software Asset Management High Risk, High Reward

Effects of the British Standard for IT Service Management

SAM Benefits Overview SAM SOFTWARE ASSET MANAGEMENT

Software Piracy shows the needs of Software Asset Management. Peter Beruk Sr. Director, Compliance Marketing

How To Understand The Differences Between The 2005 And 2011 Editions Of Itil 20000

Examining the Evolving Cyber Insurance Marketplace

Selection and use of the ISO 9000 family of standards

WHITE PAPER December, 2008

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

San Francisco Chapter. Cassius Downs Network Edge LLC

-Blue Print- The Quality Approach towards IT Service Management

Systems and software engineering Lifecycle profiles for Very Small Entities (VSEs) Part 5-6-2:

ITIL & The Service Oriented Approach. Vivek Shrivastava

How To Standardise An Interconnect Protocol For Library Use With An Ip (Sip) For A Non-Proprietary Communication

ISO20000: What it is and how it relates to ITIL v3

H E C T O R M E D I N A G L O B AL M B A C O M M E N C E M E N T AD D R E S S Scottsdale, AZ, July 21, 2006

The Emerging ISO International Standard for Certification of Software Engineering Professionals

Cloud Security Benchmark: Top 10 Cloud Service Providers Executive Summary January 5, 2015

ISO/IEC Information & ICT Security and Governance Standards in practice. Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT

SC7-ISO20000 Alignment issues Aligning ITIL to existing ISO JTC1- SC7 Software Engineering Standards

Creating and Maturing a Service Catalog

Design Specification for IEEE Std 1471 Recommended Practice for Architectural Description IEEE Architecture Working Group 0 Motivation

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS

Introduction to ITIL for Project Managers

What is the realistic outcome of managed learning implementation and is it right for you?

Software Asset Management (SAM) Best Practice

About this guide. 4 The syllabus requires knowledge of this topic This is material that may be of interest to the reader but is

COMPARISON OF OPTIONS ERP TO Best of Breed by David Hope- Ross, Senior Director, Oracle

ITIL V3 and ISO/IEC 20000

Internal Audit Practice Guide

International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education.

BEST PRACTICES: Ten Steps to Selecting the Right Human Resources Software

There are a number of reasons why more and more organizations

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

The SAM Spotlight. Greetings from London. David Yashar. Managing Consultant

The Cybersecurity Journey How to Begin an Integrated Cybersecurity Program. Version 1.0 March 2005

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal

ISO/IEC/IEEE The New International Software Testing Standards

Work Plan for : Enhancing Audit Quality and Preparing for the Future. The IAASB s Work Plan for December 2014

Agile So)ware Development

Best Practice Implementation is Changing ERP. CPiO White Paper. T E marketing@cpio.co.uk. CPiO. Part of the Waterdale Group of Companies

Frameworks for IT Management

White Paper. The Hidden Benefits of Human Resource Business Process Outsourcing (HR BPO) SOURCING ANALYTICS

Cloud Computing in a Regulated Environment

Before the. United States Department of Commerce. and the. National Institute of Standards and Technology

HP Service Manager software

Ten Steps to Selecting the Right Property Management Software

New and Prospective Managers: Competency Development and Learning Plan

ISO and the World of Asset Management. Jim Dieter, MIAM, CPPM CF

The Basics of Scrum An introduction to the framework

Getting a head start in Software Asset Management

How To Buy A Crm Solution

Quality Management Systems. Compliance Driven or Quality Driven?

CUSTOMER GUIDE. Support Services

ISSA Guidelines on Master Data Management in Social Security

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Community Management Services

Service Overview. KANA Express. Introduction. Good experiences. On brand. On budget.

SERVICES. Designing, deploying and supporting world class communications solutions.

Guidance for ISO liaison organizations Engaging stakeholders and building consensus

EVALUATION OF SOFTWARE

CONSOLIDATED VERSION IEC Medical device software Software life cycle processes. colour inside. Edition

Title: Lucent s ITSM Journey Session #: 299 Speaker: Sheila Bridge Company: Lucent Technologies, Inc.

SAM Benefits Overview

Introduction to the Open Data Center Alliance SM

Shifting The Ticketing Paradigm

Introduction to the ISO/IEC Series

15 Principles of Project Management Success

cois community for open interoperability standards Open Document Format principles for Government Technology

Trustworthy Computing Spring 2006

THE TELECOM MANAGEMENT ECOSYSTEM: A Progress Report on Vendor Value, Enterprise Efficiency Gains and Business Impact

Guideline to purchase a CRM Solution

Role Profile. Ministry of Technology, Innovation and Citizens Services. Assistant Deputy Minister Integrated Workplace Solutions.

Agile and ITIL And how they integrate. enterprise.bcs.org

TS/P 247: Proposal to transform ISO/PC 251 Asset management into a TC

Accenture Human Capital Management Solutions. Transforming people and process to achieve high performance

A Framework for Business Sustainability

A New Standards Project on Avoiding Programming Language Vulnerabilities

Expert Reference Series of White Papers. Intersecting Project Management and Business Analysis

Governing the Control and Delivery of Change in IT

Software Asset Management (SAM) and ITIL Service Management - together driving efficiency

Integrating Project Management and Service Management

WHITE PAPER CQI. Chartered Quality Institute

How PRINCE2 Can Complement PMBOK and Your PMP Jay M. Siegelaub Impact Strategies LLC. Abstract. About PRINCE2

Realizing business flexibility through integrated SOA policy management.

How Operating Systems Create Network Efficiency

Transcription:

Note: This article first appeared in ITAK, the journal of the International Association of IT Asset Managers see www.iaitam.org. The author is David Bicket, Convener of ISO/IEC JTC1 SC7 WG21. The views expressed are those of the author, and do not necessarily reflect the views of ISO/IEC or of any other organization. Information as of September 2008. The subject of standards can arouse passions in a few people, but for others it is mind numbingly boring. Nonetheless, our lives are dominated by standards even currencies are really standards, alternatives to the gold standard. If we did not have such standards, the business world as we know it would not exist, and our social and personal worlds would also be turned upside down. The development of the business world tends to be accompanied by the development of standards, to allow people and organizations to work together more effectively and efficiently. SAM or ITAM? There is sometimes debate about whether one should talk primarily about Software Asset Management ( SAM ) or IT Asset Management ( ITAM ). In reality this is largely an academic argument. In the Asset Management area, the same job has to be done regardless of what you call it. Neither term is 100% accurate or comprehensive for everything you need to do unless you push the literal definitions: what needs to be managed includes not only traditional asset classes but also things like organization, people, knowledge, and capital. SAM is overwhelmingly the more common term in use on the internet (as can be verified e.g. with Google). However, ITAM is intrinsically the more inclusive term. Benefits of SAM/ITAM Standards The area of SAM and ITAM standards is young, but it is already having an impact on the IT industry. This impact is likely to grow exponentially for at least a decade, and indeed may come to be seen as one of the areas of standardization with greatest impact in the software industry. We can identify three broad categories of impact and benefit for end user organizations and asset management professionals: 1. Organizational benefits from process focused standards (e.g. for SAM processes) for which some benefits will come from more commonality of approach by the entire industry, but for which the main benefits require active pursuit by end user organizations; 2. Organizational benefits from product focused standards (e.g. for identification and management of installed software, and for software entitlements) for which the benefits will just happen, as products utilizing the new standards reach the market; and David Bicket 2008 1

3. Personal and organizational benefits from participation in the standards creation process. Process Focused Standards There is a saying that asset management (and almost any other type of management) is 10% technology, and 90% process. There has been considerable focus on the technology, and there are literally hundreds of tools on the market to help with SAM and ITAM. But the problems persist, with software and licensing particularly difficult and costly to control. A major objective of WG21 has been to produce a standard for Software Asset Management processes. This has been achieved, but there is continuing development work in this area. There is also discussion about formally redefining the remit of WG21 to cover all of ITAM. Further discussion is needed regarding how such a redefinition would impact on existing and planned SAM process standards. The benefits of process focused standards include the following: The creation of common frameworks for the work of consultants and of tool providers. This makes it is easier to compare between alternatives, and also easier to pick the best of breed from different sources and still have confidence that they will align and work together. For example, there will be more common expectations between organizations and consultants about the types of documents to be produced and the terminology to be used. More straightforward assessments against a common baseline, and for comparison between different organizations. This makes it easier to assess where you are in terms that are meaningful for executive management, and facilitating prioritization of improvements. The ability to demonstrate to executive management, and potentially to external parties using independent certification, that control has been achieved over a highly complex technical area. This makes it easier for organizations to show they have effective and useful processes in place to manage software assets effectively. Commercial advantage, e.g. as an outsourcer being able to demonstrate improved service capability through certification, or as an end user organization being in a stronger position to negotiate better commercial terms and conditions with suppliers. WG21 has two areas of process focused work, one already completed, and one in development. David Bicket 2008 2

Software Asset Management Processes (ISO/IEC 19770 1:2006). This is the only ISO/IEC SAM standard which has thus far been officially issued (in May 2006). It is intended to be aligned to ISO/IEC 20000 for Service Management. (ISO/IEC 19770 1 was developed within the ISO/IEC structures, whereas ISO/IEC 20000 was fast tracked from a British Standard without significant changes.) To quote from its Introduction 1 : This part of ISO/IEC 19770 has been developed to enable an organization to prove that it is performing Software Asset Management (SAM) to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. This part of ISO/IEC 19770 is intended to align closely to, and to support, ISO/IEC 20000. Good practice in SAM should result in the following types of benefits, and certifiable good practice should allow management and other organizations to place reliance on the adequacy of these processes, and the expected benefits should be achieved with a high degree of confidence: Risk management [...] Cost control [...] Competitive advantage [...] 1 ISO/IEC 19770 1:2006 Software Asset Management Processes ISO/IEC 2006. WG21 gave the responsibility to Investors in Software for developing an initial draft which was aligned to BS 15000, the British Standard for Service Management which was subsequently fast tracked to become ISO/IEC 20000. David Bicket 2008 3

The following diagram gives an overview of ISO/IEC 19770 1:2006: Incremental Conformance to SAM Processes (Proposed ISO/IEC 19770 4). Market feedback on the ISO/IEC 19770 1 standard has been positive. However, many organizations want to target something more digestible than immediate conformance with the full standard (which is aligned with full Service Management and highly comprehensive). As a result, WG21 has authorized the trialing by industry of incremental approaches to SAM conformance, with the aim of progressing one to a full international standard. The Business Software Alliance has proposed such an approach, based on the principle of four tiers of processes David Bicket 2008 4

which together cover all of ISO/IEC 19770 1. WG21 has authorized this approach for trialing, and encourages organizations to participate in these trials. Further information about these trials may be found on the WG21 website www.19770.org. Product focused standards IT assets have proven difficult to manage, with software assets including licenses recognized as being particularly difficult. The complexity of control in this area is a major factor in high IT costs, and in exposures such as to security and operational problems and licensing non compliance. As IT technology continues to evolve, for example with virtualization and software as a service, an area which was already difficult to control is becoming more so. Although it is possible to talk about the generic benefits of product focused standards, the specific standards on which WG21 is working are arguably in a class by themselves because they do not primarily standardize something which already exists. Instead, they create a new class of electronic information specifically for the identification and management of IT assets in a way which is nonproprietary and can be used by anyone. The benefits of these standards, across the organization and for all vendors, will be the following: The ability to identify and manage assets at the appropriate level, in particular for software products but also potentially for hardware, e.g. for deployment, upgrading, and licensing. The ability to reflect the requirements of all stakeholders in an asset, e.g. creators, licensors, packagers, release managers, and users. There are three separate product focused standards under active development or consideration by WG21: Software Identification Tag (Proposed ISO/IEC 19770 2) Although originally partially developed under a mandate outside of the ISO/IEC structures, responsibility for this was given to a WG21 subcommittee 2 (called an Other Working Group ) in December 2007. While this is still formally a draft, in many respects it may be considered a de facto standard, as major software manufacturers are already starting to provide software identification tags, and Vista already has APIs which can be used for it. Developing this type of product focused 2 Steve Klos is convener of the 19770 2 OWG. Björn Westerlund was originally the editor for this standard; Krzysztof (Chris) Baczkiewicz has now taken over this responsibility. David Bicket 2008 5

standard was one of the earliest objectives stated by WG21, and in the process of developing it the needs for the other two proposed product standards was recognized. To quote from the Introduction 3 : This part of ISO/IEC 19770 provides a standard for software identification tags. The software identification tag is an XML file containing identification and management information about a software product, which is installed onto a computing device together with the software product. The tag may be created as part of the installation process, or added later for software already installed without tags. However, it is expected more commonly that the tag will be created when the software product is originally developed, and then be distributed and installed together with the software product. Having the tag available from the beginning allows for the more effective management of distribution and repackaging external to the end user organization, and then of release management within the end user organization. Software Entitlement Tag (Proposed ISO/IEC 19770 3) Start up development of the Software Entitlement Tag was authorized by WG21 in May 2008. A subcommittee 4 (called an Other Working Group ) has been formed to develop this standard, including many of the same individuals who worked on 19770 2. To quote from the preliminary document 5 : This part of ISO/IEC 19770 provides a software asset management (SAM) data standard for software licensing entitlements. Entitlements tags provide authoritative licensing information for software configuration items specified in ISO/IEC 19770 2 (paragraph 3.2). This document is intended to be sufficiently supported and implemented by software manufacturers, modifiers and users alike to ensure the viability of conformance. Standardization of software licensing entitlements provides uniform, measurable data for the license compliance processes of SAM practice, making it possible to optimize reconciliation of installed software with licensing entitlements. Standardization will benefit all parties involved in software asset management. 3 Updated Final Working Draft ISO/IEC 19770 2 Software Identification Tag, ISO/IEC JTC1 SC7 WG21, 25 August 2008 ISO/IEC 2008. 4 John Tomeny is convener of the OWG. Krzysztof (Chris) Baczkiewicz will be the formal editor of this standard. 5 ISO/IEC JTC1/SC7 N4086, 13 July 2008, ISO/IEC 2008 David Bicket 2008 6

Hardware Tag This is under consideration, with more investigation work to be done. There does appear to be a need for better identification of hardware devices. The rapid growth of internet connectivity may also demand something like this Intel predicts that there will be 15 billion internet connected devices by 2015 6. Providing hardware tag information allows for a consistent collection, management and reconciliation of hardware, software and entitlement data in future SAM tools and processes. Participation in the Standards Creation Process The third type of benefit available to every SAM and ITAM professional is the sense of professional pride in contributing to the development of the profession. The international standards world is an idiosyncratic and ultimately altruistic world, where people are expected to have some self interest, but too much self interest makes it impossible for people to work together. The international standards world is not an area for making much money directly. The benefits come rather from having a common playing field for everyone, which makes it easier to do business. Ultimately, much of the standards world is driven by individuals who are passionate about their professionalism, and who never get properly rewarded monetarily for their huge personal investment. If you are a passionate professional with a strong sense of social responsibility, then you can find fulfillment in the world of standards. You can make a difference. Furthermore, you have much to gain in the process. There is a productive exchange between people with varied skills, knowledge and experience, and valuable learning is on offer for all involved. Call to Action There are two calls to action, one for the benefits which process focused standards can give to an organization, and the second for active participation in the standards making process if you have the passion to contribute to the profession in this way. 6 Vnunet.com, 20 August 2008. David Bicket 2008 7

Assess Against ISO/IEC 19770 1 An organization can achieve specific benefits from conducting an assessment against ISO/IEC 19770 1 in its entirety, or by participating in the WG21 authorized trials of a tiered approach which breaks it up into more digestible chunks. Organizations and individuals may also wish to consider using the self assessment tool sold by ISO ( ISO/IEC 19770 1 Software Asset Management: Are You Ready? ). Gartner recommends this tool also for its learning value. 7 Become Involved in the International Standards Making Process for SAM and ITAM There are several ways in which interested individuals and organizations can become involved personally in the international standards making process for SAM and ITAM: 1. Review publicly available drafts of standards when they are available. In particular, Working Drafts of the proposed ISO/IEC 19770 3 Software Entitlement Tag will be made available for public review, and you can help by providing feedback on these. 2. Join the sub committees (Other Working Groups, or OWGs) developing the new standards. 3. Join WG21 itself through one of its Liaison Organizations. 4. Join WG21 itself through one of the National Bodies. This will take work, but it does mean that you may be able to influence the vote of your National Body. Each National Body has its own rules about how individuals and organizations join. See the WG21 web site for more information. (www.19770.org). ISO/IEC standards for SAM and ITAM will provide major benefits for all of industry, without most organizations and individuals having to do anything actively. However, there are even more significant benefits available, and more quickly, to organizations and individuals who proactively exploit the opportunities available. 7 We believe the self assessment tool will be a good way to review and enhance your SAM skills. Increasing the visibility and professionalism of SAM as a management discipline is long overdue. 23 Aug 2007 G00150121. David Bicket 2008 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information