You are here :
- Home
- Technical Information
- Software License Compliance and ISO 19770-1 Processes
Software License Compliance and ISO 19770-1
It is important to understand that ISO 19770-1 is not a prescriptive standard for either software license compliance or for the constituent activities of compliance, such as software inventory. What it does, is set out a foundation or baseline for a comprehensive set of processes for overall software asset management.
So, while ISO 19770-1 is not a standard for software licensing compliance, if the appropriate sections are implemented, then compliance will follow. Compliance becomes just one aspect of software asset management over which the organization will gain control.
ISO 19770-1 processes and Software License Compliance
The 27 processes covered by 19770-1 are organized into three main categories:
Organizational Management Processes for SAM; this includes:
- Control Environment for SAM
- Planning and Implementation Processes for SAM
Core SAM Processes; this includes:
- Inventory Processes for SAM
- Verification and Compliance Processes for SAM
- Operations Management Processes and Interfaces for SAM
Primary Process Interfaces for SAM;’ principally:
- Life Cycle Process Interfaces for SAM
This may sound daunting, but it was not intended that organizations necessarily adopt every element of ISO 19770-1. Rather, they would relate these processes to their operations and identify areas of priority for improvement. It is not intended that this standard be used to judge whether an organization ‘Does SAM’ or ‘Doesn’t do SAM’. Its intentions are far more pragmatic, aimed at supporting organizations in a process of continuous improvement.
Neither are tools vendors categorized as ‘ISO 19770-1 compliant’, but the standard does provide vendors such as Vector Networks with a list of areas of capability on which to call in setting out product roadmaps.
Achieving Software License Compliance will be greatly helped by taking guidance from the Core SAM Processes, grouped into:
- Inventory Processes for SAM
- Verification and Compliance Processes for SAM
- Operations Management Processes and Interfaces for SAM
Each process in ISO 19770-1 is defined by its Objectives and Outcomes. The ‘how’ is left to the organization to decide. So for example, for the process of ‘Software Asset Control’, one of three in the ‘Inventory Processes for SAM’ group, ISO 19770-1 declares the Objective to be:
“...to provide the control mechanism over software assets and changes to software and related assets while maintaining a record of changes to status and approvals.”
The Outcomes are listed as:
“Implementation of the Software asset control process will enable the organization to demonstrate that:
a) An audit trail is maintained of changes made to software and related assets including changes in the status, location, custodianship and version
b) Policies and procedures are developed, approved and issued for the development, maintenance and management of software versions, images/builds and releases.
c) Policies and procedures are developed, approved and issued which require that a baseline of the appropriate assets is taken before a release of software to the live environment in a manner that can be used for subsequent checking against actual deployment.”
ISO 19770-1 and Vector’s Software Asset Optimization Method
Many organizations have experienced huge pressures on costs during 2008 – 2010 and those pressures are now unlikely to ever go away. The motivation and business case for the time and effort involved in software asset management are here to stay.
With effort constrained by staffing levels, organizations need to find rapid payback from the most easily identified and implemented opportunities. To assist with this, Vector sets out a simple closed loop process we call Software Asset Optimization.
Vector’s approach to Software Asset Optimization identifies four basic characteristics of any software asset:
- The number of copies required, and by which users
- The number of licenses owned
- The number of copies deployed, and where
- The usage patterns of every deployed copy
The first and fourth of these are not strictly required within ISO 19770-1, but Vector believes them to be important to cost and asset optimization. Both our Asset Manager Pro solution and the Software License Compliance and Optimization solution include modules to address these needs.
The Application Package Policy Manager (PPM) provides a policy-based method to quantify the numbers of copies needed of each application, and the Software Usage Monitoring module identifies unused software and provides drill-down reporting into application usage.
Any discrepancy between any two characteristics represents a problem of non-compliance, wasted assets, or inappropriate provisioning. Organizations can prioritize the classes of discrepancy that correspond most closely to their organization objectives. At any point in time, compliance may be deemed more important than cost savings, resulting in a focus of alignment between the second and third characteristics – ownership and deployment.
We offer more guidance on this concept in a free-to-download white paper, and can provide consulting and support for any organization wishing to attack the optimization opportunity. Call +1 770-622-2850 today.
Other Advantages of Adopting ISO 19770-1
The way in which the standard is constructed allows organizations to take a ‘pick-and-mix’ approach to identifying areas in which they can make the most immediate progress. It provides a check-list to identify areas of weakness and potential business risk either through non-compliance or waste of resources.
Adopting ISO 19770-1 as the basis for continuous improvement of software asset management and license compliance would enable an organization to demonstrate that it takes SAM seriously enough to match today’s corporate governance directives.
ISO 19770-1 is not expensive. It can be bought online as a PDF from several sources, such as www.bsigroup.com, www.iso.org for less than US$250.
