ISO / IEC 19770-1
The New Standard on Software Asset Management

The new ISO 19770-1 has been formulated to provide an internationally recognised standard against which organisations can measure policies and procedures to ensure ongoing compliance in regard to IT asset management. It also assists in providing effective support for IT departments in continuing compliance with legal and contractual requirements and to demonstrate good corporate governance

• ISO / IEC 19770 – 1 was adopted by the BSI in May 2005 as a final committee draft and relates to the processes and procedures of software asset management.
   
• ISO / IEC 19770 – 2 is a proposed standard to define the data requirements to support 19770 – 1. It is not clear at this stage what the standard may include but it is presumes that it will define the support product contents and structure. There is no date for publication as yet

The standard is a new and still developing standard and it is being trialled in the UK first with the intention that it will be rolled out universally. The aim is for it to become a true international standard for compliance and is based upon ITIL but is much more detailed and specific in its requirements. The two parts 19770 – 1 and 19770 – 2 cover the processes and the data standard, with the processes available in draft form now and the data standard still in development.

Early indications are that Microsoft will adopt the standard as evidence of compliance and clearly other publishers will follow suite. There are plans for a formal certification process to be available just in the same way as other ISO standards.

The Standard is split into 6 main sections:

1. Control Environment: covers the processes and procedures, policies, roles and responsibilities, statements of all requirements and communications as well as ongoing assessment for the Sam process.
2. Planning and Implementation: maps out the activities needed, resources required, reporting structure, measurement and verification plus a continual improvement process.
3. Inventory: defines the scope selection and confirmation of assets included in Software Asset Management and the auditable monitoring of the existence, access to, usage and storage of them.
4. Verification and compliance: covers the process to identify and record assets and match inventory to licences and associated processes like authorisation and calculating effective licence from underlying licences (upgrades)
5. Operations Management: Covers security policy and documentary evidence of implementation, the management of relationship with suppliers and the contracts that relate to them including customer (user) relationships and maintenance of SLA’s for both the management and maintenance of contractual documents / budgets.
6. Life Cycle: Covers the life cycle of software assets from change management and selection of assets, acquisition and development (including new releases) incident management, problem management through to retirement, transfer and disposals.

The Microsoft position.

Expect to hear a new term – CPE, Customer Partner Experience, the aim of which is to make your experience of dealing with Microsoft a good and positive one.

Also expect that Microsoft will adopt the ISO standard in preference to the SAM process.

You will also hear about the Claret Report as there will be one for your organisation and it contains Microsoft’s view of your (Select) licence position. This is known by Microsoft as your ELP, or Effective Licence Position. You can request a copy of you Claret report from Microsoft if you wish.

he simple aim of the Microsoft process is to compare your ALP (Actual Licence Position) with your ELP and to resolve any differences.

If you are a FAST member:

• Ask your account representative when they will be converting to ISO 19770 and what the implications are for you.
• If you have either a Gold or Silver certification, ask how you can get it traded in for a BS 19770 certification.
• Ask how many publishers will recognise the FAST certification.
• Ask whether FAST are likely to be able to provide you with a compliance certification for ISO 19770 in the future.