Vector License Manager facilitates adoption of ISO 19770-1 as the basis for continuous improvement of software asset management and license compliance enabling organizations to demonstrate that it takes SAM seriously.Software License Compliance and Software Asset Management

Software License Compliance and Software Asset Management

Software Asset Management and Software License Compliance are often confused in many organizations, with neither given adequate attention.

Accurate software asset identification, which is vital to both overall SAM and compliance, is such a challenge that it acts as a disincentive to effort. Further, many of the software inventory tools in the market today are only partially successful with software identification reporting – application suites being a particular problem.

Book Demo

Learn about VIZOR

As a result, many organizations simply accept the risks of non-compliance on the one hand and the costs of over-provisioning on the other. A lack of understanding of the laws surrounding copyright frequently put organizations’ reputations at risk, and in some instances cost a lot of money when court action is taken by the BSA, an organization that pursues non-compliant organizations on behalf of their software vendor members.

The recent upsurge in interest in corporate governance, including the SOX requirement to properly value an organization’s assets, has begun to filter down to IT. Included here is the need to quantify the value of software owned by the organization. In turn, this creates an environment in which the whole management of software assets becomes more significant.

The positives behind establishing SAM procedures are clear to anyone who looks for them. Leading arguments include:

• Better overall organizational processes
• Minimized over-licensing and elimination of under-licensing
• The potential to actually optimize software assets in line with business needs
• Mitigation of financial and legal risks
• Increased awareness for standardized IT environment and processes
• Knowledge on how to handle software and licenses during mergers, de-mergers and acquisitions

Why Software Asset Management (SAM) needed ISO 19770-1

Having recognized some or all of these benefits, personal champions of the SAM cause drove a few organizations to become more pro-active and to begin to evolve their own SAM policies and processes. But, unlike other areas of IT such as Change Management which received massive focus through ITIL, there was no ëHow Toí for managing software assets. Talking with attendees at events such as the annual conference of the International Association of IT Asset Managers, or a Budd Larner seminar on negotiating software contracts, confirms that organizations by and large make up their SAM policies as they go.

ISO19770-1 fits into this gap. In a seven year process starting in 1997, various groups worked on drafts for ISO 19770-1 leading to its eventual publication in 2006. Interested parties included ITIL, the UK Federation Against Software Theft (FAST), and the JTC1/SC7 ISO/IEC Joint Technical Committee Sub-Committee 7 on Software and Systems Engineering.

Software License Compliance and ISO 19770-1

It is important to understand that ISO 19770-1 is not a prescriptive standard for either software license compliance or for the constituent activities of compliance, such as software inventory. What it does, is set out a foundation or baseline for a comprehensive set of processes for overall software asset management.

So, while ISO 19770-1 is not a standard for software licensing compliance, if the appropriate sections are implemented, then compliance will follow. Compliance becomes just one aspect of software asset management over which the organization will gain control.

ISO 19770-1 processes and Software License Compliance

The 27 processes covered by 19770-1 are organized into three main categories:

Organizational Management Processes for SAM; this includes:

• Control Environment for SAM
• Planning and Implementation Processes for SAM

Core SAM Processes; this includes:

• Inventory Processes for SAM
• Verification and Compliance Processes for SAM
• Operations Management Processes and Interfaces for SAM

Primary Process Interfaces for SAM;’ principally:

• Life Cycle Process Interfaces for SAM

This may sound daunting, but it was not intended that organizations necessarily adopt every element of ISO 19770-1. Rather, they would relate these processes to their operations and identify areas of priority for improvement. It is not intended that this standard be used to judge whether an organization ‘Does SAM’ or ‘Doesn’t do SAM’. Its intentions are far more pragmatic, aimed at supporting organizations in a process of continuous improvement.

Neither are tools vendors categorized as ‘ISO 19770-1 compliant’, but the standard does provide vendors such as Vector Networks with a list of areas of capability on which to call in setting out product roadmaps.

Achieving Software License Compliance will be greatly helped by taking guidance from the Core SAM Processes, grouped into:

• Inventory Processes for SAM
• Verification and Compliance Processes for SAM
• Operations Management Processes and Interfaces for SAM

Each process in ISO 19770-1 is defined by its Objectives and Outcomes. The ‘how’ is left to the organization to decide. So for example, for the process of ‘Software Asset Control’, one of three in the ‘Inventory Processes for SAM’ group, ISO 19770-1 declares the Objective to be:

“…to provide the control mechanism over software assets and changes to software and related assets while maintaining a record of changes to status and approvals.”

The Outcomes are listed as:

“Implementation of the Software asset control process will enable the organization to demonstrate that:

a) An audit trail is maintained of changes made to software and related assets including changes in the status, location, custodianship and version

b) Policies and procedures are developed, approved and issued for the development, maintenance and management of software versions, images/builds and releases.

c) Policies and procedures are developed, approved and issued which require that a baseline of the appropriate assets is taken before a release of software to the live environment in a manner that can be used for subsequent checking against actual deployment.”

ISO 19770-1 and Vector’s Software Asset Optimization Method

Many organizations have experienced huge pressures on costs during 2008 – 2010 and those pressures are now unlikely to ever go away. The motivation and business case for the time and effort involved in software asset management are here to stay.

With effort constrained by staffing levels, organizations need to find rapid payback from the most easily identified and implemented opportunities. To assist with this, Vector sets out a simple closed loop process we call Software Asset Optimization.

Vector’s approach to Software Asset Optimization identifies four basic characteristics of any software asset:

• The number of copies required, and by which users
• The number of licenses owned
• The number of copies deployed, and where
• The usage patterns of every deployed copy

The first and fourth of these are not strictly required within ISO 19770-1, but Vector believes them to be important to cost and asset optimization. Both our Asset Manager Pro solution and the Software License Compliance and Optimization solution include modules to address these needs.

The Application Package Policy Manager (PPM) provides a policy-based method to quantify the numbers of copies needed of each application, and the Software Usage Monitoring module identifies unused software and provides drill-down reporting into application usage.

Any discrepancy between any two characteristics represents a problem of non-compliance, wasted assets, or inappropriate provisioning. Organizations can prioritize the classes of discrepancy that correspond most closely to their organization objectives. At any point in time, compliance may be deemed more important than cost savings, resulting in a focus of alignment between the second and third characteristics – ownership and deployment.

We offer more guidance on this concept in a free-to-download white paper, and can provide consulting and support for any organization wishing to attack the optimization opportunity. Call +1 770-622-2850 today.

Other Advantages of Adopting ISO 19770-1

The way in which the standard is constructed allows organizations to take a ‘pick-and-mix’ approach to identifying areas in which they can make the most immediate progress. It provides a check-list to identify areas of weakness and potential business risk either through non-compliance or waste of resources.

Adopting ISO 19770-1 as the basis for continuous improvement of software asset management and license compliance would enable an organization to demonstrate that it takes SAM seriously enough to match today’s corporate governance directives.

ISO 19770-1 is not expensive. It can be bought online as a PDF from several sources, such aswww.bsigroup.com, www.iso.org for less than US$250.