by | May 6, 2015


The benefits that can be derived from Software Asset Management are often forgotten in the chase to produce licence compliance reports. However, it is worth taking a moment to consider the role software asset management can play in other areas of IT – most notably, information security.

Best practice advocates of information security will be well aware that one of the mandatory requirements of ISO 27001 is the creation and maintenance of a scope or domain that an ISMS (Information Security Management System) applies to. One of the practices that seeks to verify the scope of a SAM estate can easily be applied to the scope verification of the ISMS also. SAM is keen to ensure that it captures all devices for the purposes of licensing, information security wishes to make sure it captures all devices to ensure appropriate security control – a simple comparison of devices from the inventory system and the Anti-Virus System, should produce three primary findings:

*Devices in the SAM and ISMS scope
*Devices only in the SAM scope
*Devices only in the Info Sec scope

SOURCE: bcs.org

1 Comment

  1. Sherry Irwin

    While I fully agree with the above perspective, there is sometimes a perception that SAM has some accountability for IT security, which is not the case. SAM practices, including as to technology and data, facilitate and support IT security, but IT security does not fall within SAM’s mandate.

Submit a Comment

Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!