Edition 3 of ISO/IEC 19770-1 for Software and IT Asset Management has recently been published by ISO. It is a major advance for SAM and ITAM practitioners to increase value and reduce cost and risk for the organizations they support. This edition of the Standard continues ISO’s and its 22 nation working group pursuit started in 2006 to make IT Asset Management easier and more understandable.
– It explicitly addresses current challenges, e.g.
o Both outsourcing and services (e.g., cloud)
o Mixed responsibilities between the organization and its personnel (e.g., BYOD, smartphones)
– It has been re-written to be compatible with 27001 (Information Security), 9001 (Quality), and all other ISO Management System Standards. (20000-1 on Service Management is in the process of likewise being rewritten.)
– It has been especially aligned with 27001, e.g., using the 27001 approach to risk management.
– It can facilitate independent certification, especially by certification bodies used to performing 27001 certifications.
– It allows the use of tiers, facilitating its incremental use. Tier 1, called ‘trustworthy data,’ includes having trustworthy data for license compliance. Tier 2 is for life-cycle processes, and tier 3 is for optimization, addressing functional areas such as contract and financial management.