There’s a new update to the ISO 19770-1 international standard for Software Asset Management (SAM). The launch has been fairly low profile, but that’s probably a reflection on the SAM community and the fact that the standard is developed by volunteers (unpaid, in their own time) who are ITAM professionals rather than marketing experts.
Snow has been involved with the standard since work began on it in 2001 (represented by CEO, Axel Kling), and continues to be with both Axel and more recently myself (I joined Working Group 21 (WG21), the group responsible for all the standards in the ISO 19770 portfolio, late last year just prior to the publication of the 2017 edition of the standard) as part of the group of volunteers. We encourage the SAM community to support this work by leveraging the material and engaging with the group where appropriate.
The latest iteration of the ISO SAM standard has seen many changes made. It has evolved from the 2006 process standard through the 2012-tiered standard which helped organizations understand how to build a SAM competency in a structured way, into the current management standard which provides governance-based rather than process-based view of the discipline. The remit of the standard has also been expanded from SAM to ITAM – a logical step given the indisputable fact that you cannot today manage software without managing the hardware that it runs on (and for the avoidance of doubt, cloud is hardware – possibly someone else’s hardware, but still hardware).
Although I’ve looked at various elements of it over the last few months, I hadn’t sat down and read the entire document from cover to cover (thankfully it is only 37 pages as opposed to the previous version’s 86) so took advantage of a recent flight to Austin to focus on it.
The good news – I didn’t fall asleep.
The bad news – it did take me the best part of 10 hours to fully absorb it.
OK, so a flight may not have been the best place to attempt to read an ISO standard, but I had very few interruptions or distractions. So why did it take so long? Well, first off, I wasn’t just reading, I was reviewing it – trying to understand the implications of the move to a management standard, marking up my queries and making a note of my comments. I was working on hard copy, which is now covered in semi-illegible scribbles.
However, a number of these scribbles do relate to how hard it was to read. This is in part due to the copious notes that are attached to each section (in some cases there are more notes than body text), and the references to other standards.
This new iteration of the standard has in large part been adapted from ISO 55001:2014 (Asset Management) which was itself developed from PAS 55 to provide a management standard for the management of physical assets. While the alignment and synergies are clear, this does lead to the inclusion of a lot of references that risk disrupting the flow of the document. There are also copious references to other standards, which again, are helpful in many ways but distracting when trying to read and absorb the document (I noted references to nine other standards, and I know there were some mentions that I didn’t include in these notes). Most IT organizations will be familiar with the IT-related standards (particularly 27000 and 20000) as well as 9000 & 14000 and may well already be compliant or aligned with them. However, others – such as 55000 and 31000 (risk management) may not be familiar. While it isn’t essential to read these alongside 19770, the references within the text mean that they may be helpful for context. On a positive note, the standard retains the concise bulleted structure that made the previous versions so accessible to software asset managers trying to get a SAM discipline off the ground where other available best practice guidance was overly wordy and detailed, focused on procedures and tasks rather than high-level processes and outcomes.
THE ANALYST’S VIEW
While shifting the primary focus of 19770-1 from process to governance is a good move to ensure that the necessary mechanisms are in place to support effective SAM – including executive sponsorship, stakeholder buy-in, strategy, policy, plans and reporting – the content of this standard and the documentation it requires for conformance may be overwhelming for many organizations and SAM practitioners for whom getting a basic SAM capability off the ground is a major challenge.The introduction of a management standard by WG21 makes sense, as the need for more robust ITAM governance is clear. However, it is a pity that the process standard has been retired. If you don’t already have a copy of the 2012 version of the standard, it is still available from some sources, and would be a useful reference document and companion to the current version when planning your ITAM implementation. I hope that WG21 will consider republishing or updating the process documentation (which is a significant and valuable piece of work) to provide supporting material for IT asset managers addressing the challenge of building ITAM capability.