ISO/ IEC 19770 standards
Our leading SAM and ITAM services align to the ISO standards set out in ISO/ IEC 19770-1, 19770-2, and 19770-3. As we continue to develop our offerings to customers across the globe, we proudly ensure changes or amendments added to the ISO standard are reflected through our platform.
Built of an independent committee, ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) set standards to provide organizations with structured processes throughout their entire estate. As software asset management (SAM) and IT asset management (ITAM) specialists we follow the standards set and ensure we’re abiding by these guidelines through our tools, solutions, and advice to customers and partners.
The ISO 19770 standard for software asset management is currently built within three sections:
- Part 1: Processes and tiered assessment of conformance
- Part 2: Software identification tag
- Part 3: Entitlement schema
Part one: Processes and tiered assessment of conformance
This part of the ISO/ IEC 19770 is to assist customers in setting processes to achieve best practise software asset management – reaching a standardized SAM program can be achieved through any organization. Using a tier method, ISO/ IEC have provided ‘goals’ for organizations to aim for, which range from kick starting a SAM program to further developing the processes already in place. We assist customers in achieving each tier through the standards set by ISO/ IEC:
- Tier 1: Trustworthy data
License Dashboard assists customers in understanding what is installed across the IT estate, providing a baseline of instalments - Tier 2: Practical management
Taking control of the IT estate will immediately provide significant benefits, which will continue to bloom the longer a SAM program is invested in - Tier 3: Operational integration
License Dashboard will ensure all investments are smoothly running together to provide effective SAM data - Tier 4: Full ISO/ IEC SAM conformance
License Dashboard will help integrate SAM across the organization, remaining compliant through complicated and challenging situations
Throughout the tiers, we help to mitigate the risks associated with SAM, control costs on software spend, and assist in making better business decisions.
We ensure these outcomes benefit our customers and offer the ability to demonstrate an effective SAM process.
Part two: Software identification tag
The second part of ISO/ IEC 19770 focuses on identifying the software products installed across the IT estate which require management. ISO/ IEC focuses on ensuring there are guidelines to identifying suites and individual products across all business units – whether this is utilizing one discovery tool or more – to remain compliant, it must be understood what software is being used across the organization. By focusing on tagging software, it optimizes its identification and management.
Software vendors will often produce a software identification (SWID) tag to represent the software elements that are part of a software product. This can include upgrade and downgrade rights, patches, installation scripts, and more. SWID tags are included on the installation media, installed at the same time the software is implemented, and should be removed as software is removed – staying in control of software that is installed and uninstalled across the estate will reduce the risk of overspending on unnecessary licenses. We assist in managing the deployments across the environment to ensure compliance throughout the process.
Part three: Entitlement schema
Part three focuses on a schema that encapsulates the required details of software entitlements – term, usage rights, limitations, constraints, the metric of usage that needs to be measured, and so on – ensuring the organization understands what they can deploy and for how long. ISO has stated that standardizing a process for collecting and maintaining software entitlements provides uniform, measurable data for SAM best practice – and we agree. For the past decade we have been championing the importance of obtaining critical attributes about license entitlement and our tooling is very thorough to ensure you do not overstate or undervalue your entitlement position; two huge areas of very real risk often underestimated by license management systems.
Our services and products provide specific details of vendor terms and conditions, improved reconciliation between software consumption data and entitlement data, and innovative methods of reporting to share valuable information across the organization. This gives a uniform and clear view of software licenses offering opportunities to resolve entitlement data gaps to maximize your deployment rights.
Understanding which entitlements are assigned to each area of the business (whether that is a department or a business unit) helps organizations understand granularly where things may have gone astray, while a holistic view of group compliance load balancing shortfalls and surpluses offers a fuller picture.
Our tools and services offer normalized entitlement data to fully illustrate the current license state of an IT environment, which is invaluable to a software audit. This entitlement is also dynamic in that actively maintained licenses are updated as and when new product rights become available. Once a baseline has been established, whether that’s done through a simple spreadsheet or a specialist tool, it is important to stay on top of any licensing changes, terms and condition changes, and any deployments across your environment – keeping entitlement data organized and secure will assist during these adjustments.