Abbeyfield Consultancy Limited - Software Asset Management

ISO 19770

What is ISO 19770?

ISO / IEC 19770 is an international standard, launched in 2006, that was developed to help organisations put in place processes and procedures for effective Software Asset Management (SAM).

The standard is designed to help manage risk, meet corporate IT governance requirements and generally improve the cost-effectiveness and availability of business software across the enterprise.

There are two parts to the standard:

  • ISO/IEC 19770-1 focuses on the importance of the effective management of software assets (Part 1 was published on 9 May 2006)
  • ISO / IEC 19770-2 defines the data requirements to support ISO 19770-1 (Part 2 has not been released)

The common misconception is that ISO / IEC 19770-1 is just about audit and software compliance. Although these are important components, the standard for SAM now embraces every aspect of a business and the way in which software and IT management processes and procedures are effectively managed by senior management.

Why do we need a standard?

First and foremost, many organisations have not taken the time to step back and review their increase in software spend over recent years. If they did, many would be surprised to learn that they now spend more each year on software than they do on hardware or even high-ticket items such as company cars.

Yet while no responsible company would allow it's cars on the road without ensuring they were taxed, insured and serviced, it is difficult to say the same for an organisation's software inventory.

The largest misconception of the ISO standard is that it is a guarantee of compliance, it is not. Whilst compliance is a part of the ISO standard you can be non-compliant as long as you can monitor your noncompliance you will still pass.

According to industry analysts such as Gartner, the average company is over-licensed on around 30 percent of their inventory and typically at least 30 percent under-licensed in other areas. While this may sound nicely balanced, rest assured the software vendors and licensing watchdogs will not agree! That is why 2006 saw record fines for non-compliance and the use of unlicensed software.

However it is not all about compliance. Every year organisations waste millions on purchasing surplus licenses that they did not need - this could be because they fail to re-deploy existing application licenses, do not take advantage of bulk enterprise licenses or fail to go through the proper procurement channels.

As such, the ISO 19770-1 standard for Software Asset Management is concerned with the entire lifecycle of the applications in use on your network, from purchasing to disposal. The standard sets out six key areas of best practices designed to help all types of organisations save money, reduce compliance risks and increase operational efficiencies in software management.

Another benefit of the standard is that it provides a clear set of guidelines for all parties with an interest in software management - whether it is the end user, the vendor, the reseller or an industry watchdog such as the BSA, SIIA or FAST. With the 19770-1 standard now formally endorsed and published by the International Standards Organisation (ISO), all parties in the chain have a common set of rules to work from, which should make it easier for everyone to set and meet software management expectations.