By: Peter Beruk, ITAM Channel editor of the month, SAM Subject Matter Expert, ISO ITAM (19770) Secretary to WG21
There are countless articles on the value that comes from software asset management (SAM). We know that SAM value, often defined as lower cost and risk from the use of IT assets, comes from having the right combination of people, process, and technology.
However, little has been written on the “what’s next” for SAM adopting organizations. The effective SAM manager, who has toiled navigating internal politics and getting the right mix of people, process, and technology in place, navigates the organization to achieve lower risk and cost. This effort helps save the organization from aggressive software vendor audit tactics – and fines – because of their SAM implementation. The SAM executive sponsor will be proud.
However, one must ask the question, have we inadvertently set the value goal post too low? The SAM manager has demonstrated value by decreasing risk and cost and introducing automation in day-to-day SAM allowing the organization to make better decisions based on trustworthy data. In doing so, the SAM manager has shown that through effective people, process and technology, they can manage through an ever increasing number of license models, and different technologies and platforms from desktop, mobile, server and cloud.
Clearly, the SAM manager has proven their value by reducing risk and cost. Shouldn’t the organization, to put it bluntly, wave a flag to their software providers (and customers) that they have successfully implemented the right mix of people, process, and technology – letting their software providers (and customers) know they have embedded controls to maximize their IT assets and demonstrate license compliance?
In delivering value, the SAM manager has made it to the end-zone multiple times. But if nobody knows about it outside of the organization, is the SAM effort delivering everything it can? Is it time to certify organizations for achieving this nirvana?
Today, the word is maturity. As an example, the Microsoft Optimization model assigns organizations to four levels of maturity:
‘The Optimization model assigns organizations to four levels of maturity:
1. ‘Basic SAM’ – Management of software is ad-hoc and inconsistent
2. ‘Standardized SAM’ – Assets tracked but probably don’t make the best use of the data
3. ‘Rationalized SAM’ – Actively managing assets throughout their lifecycle
4. ‘Dynamic SAM’ – Leveraging SAM for competitive advantage.
While I welcome measurement (don’t we all), my concern with maturity levels are that they may be inexact. For instance, how one organization may leverage software asset management for competitive advantage (‘Dynamic SAM’) may be entirely different than how another organization leverages SAM for their business requirements.
Instead, might it be better to have a formal SAM Certification, much like those offered in Quality Management (ISO 9001), Information Security Management (ISO 27001) or IT Service Management (ISO 20000)? If so, the current version of the ISO ITAM standard (ISO/IEC 19770-1) ISO/IEC 19770-1 is a framework of 27 ITAM process areas which enable an organization to prove that it is performing software asset management to a standard sufficient to satisfy corporate governance requirements and used for certification.
I would love to hear your thoughts about certification and how you think it add to the value equation. This article is shared on the “Licensing and SAM” and ITAM Channel groups on Linked-in. Please leave your comments and thoughts from one of these groups to take part of the discussion.
P.S. ISO does not issue certifications. Third party firms do this. Look at this data to see the number of certifications issued (as well as an overview of how certification works) which rely on ISO standards.
Note: you may wish to listen to the ITAM Channel interview with Peter Beruk on the importance of standards and his experience from working with ISO