ISO/IEC 19770 is an international standard created to help organisations develop and implement sound policies and processes for more effective Software Asset Management (SAM). It has been designed to help businesses better manage and mitigate risk, to meet corporate IT governance requirements, and to enhance the overall cost-effectiveness and availability of their software.

The Standard

Launched in 2006, ISO/IEC 19770 comes in two parts.

The first - ISO/IEC 19770-1 published in May 2006 - relates to the importance of managing software assets accurately and effectively. The second - ISO/IEC 19770-2 - will define the data requirements needed to support part 1, but it hasn't been released yet.

Why is it needed?

Few organisations have the time to step back and review any increases in their software spend and even fewer take it. Those that do go through such an exercise however, are often surprised by the realisation that they're spending more on software annually than they do on either hardware or high-ticket items like company vehicles.

Therein lies the need for the ISO/IEC 19770 standard.

Because while no responsible company would allow its employees to take to the road without ensuring their vehicles are properly taxed, insured, and serviced, few keep such close tabs on their software inventories. Indeed, many businesses don't monitor their software assets at all.

This naturally carries certain implications, none of them positive.

According to Gartner and other industry analysts, the average company is typically "over-licensed" by 30 per cent in some areas of its software inventory, and at least 30 per cent under-licensed in others.

The first of these anomalies means you're spending too much, the second that you're spending too little, and while the software vendors and licensing watchdogs are unlikely to make much fuss in the first instance, they're certain to have something to say if they think they're being short-changed by 30 per cent or more.

Add to this the fact that 2006 saw record fines for non-compliance and unlicensed software usage, and it's clear why SAM is something businesses have to take seriously.

How does it work?

ISO/IEC 19770 provides a clear and, just as importantly, common set of SAM guidelines for all parties - end user, vendor, reseller or VAR, and industry watchdogs like the BSA, SIIA, and FAST - making it easier for all concerned to set and meet expectations.

In total, the standard comprises 27 distinct processes. Some are concerned solely with procedures that can only be managed manually; others involve processes that can be managed more easily using appropriate asset discovery tools.

Intrinsically though, the standard concerns itself with an organisation's ability to accurately identify the software it has installed and in use (the distinction between the two is an important one) on its PCs and servers.



Misconceptions

It's easy to see ISO/IEC 19770-1 as purely software auditing and compliance related. It isn't, although both are key components of the standard. In fact, ISO/IEC 19770-1 reflects almost all facets of the business, and every aspect that touches or impacts its use of software and IT management, and associated processes and procedures.

Accordingly, managers need to select their SAM solutions with care if the standard's requirements are to be met in full.

It is important, for instance, that the chosen SAM tool helps maximise the ROI after the completion of the initial roll-out by continuing to deliver a full and up-to-date view of the infrastructure; a dynamic audit.

Maintaining such a view will make it much easier to prevent slip ups in compliance and over-purchasing, and to minimise the likelihood of losing control over what's on the network at any given time.

Benefits

Transparency
ISO/IEC 19770 gives the business a sound base for transferring and sharing knowledge, new methodologies, and industry best practices for both SAM and wider IT service management. It also delivers greater control in terms of risk management, cost, corporate governance and competitive advantage.

A key benchmark
It also sets an important precedent for SAM excellence, particularly for those interested in certification. This in turn could well encourage software manufacturers - who see such organisations as being at the forefront of driving SAM practices forward - to imbed further benefits in their products.

Long-term benefits
It's tempting to look at SAM as a distinct or ad hoc "project", but it will have an impact across the business moving forward, so it is important to appreciate the longer-term benefits of the practices and technologies involved.

While SAM projects are concerned initially and primarily with the software residing on the network, the Asset Management element can also provide multiple stakeholders across the business with other invaluable information. The status of their hardware estates for example - from a simple device-by-device view of configuration through to more complex queries about build compliance, platform deployment,
and upgrades.

Key Stakeholders
There are several main stakeholders and influencers involved in the mass adoption of the ISO/IEC 19770 standard.

Investors in Software (IiS)
A not-for-profit organisation that aims to support and advance professionalism in SAM and related IT asset management, IiS is heavily involved in the standard's development.

Microsoft
Microsoft is working with several of its Gold Partners to drive and facilitate the adoption of the SAM best practices outlined and championed by the standard.

The Business Software Alliance (BSA)
The BSA promotes global policies that foster innovation, growth, and a competitive marketplace for commercial software and related technologies.

The Software & Information Industry Association (SIIA)
The principal trade association for the software and digital content industry in the USA.