ARTICLE: SAM Standard (ISO/IEC 19770)

ARTICLE: SAM Standard (ISO/IEC 19770)

Steve Klos of Agnitio Advisors provides a quick overview of the International Standard for Software Asset Management. This is an edited version of a discussion in the Software Asset Management forum on LinkedIn. Steve is the convener of the ISO/IEC 19770-2 standard development process.

• 19770-1 – this is the standard focused on SAM processes. This standard defines 70 different items that a company needs to manage via people, processes and/or tools to ensure they address all SAM requirements. If a company has mature processes that address every one of the 70 items defined in the standard, it DOES NOT mean that they are compliant with all software licenses. What it means is that they will know their compliance position for every software title and will know if they are out of compliance.

• 19770-2 – the software identification tag – this standard is focused on authoritative software identification. The goal here is to provide definitive information on exactly what is installed on a computing device and provide more than just the basics. The information is provided in a standardized data structure (XML file) and the standard defines 7 mandatory elements and 27 option elements. If optional elements are provided by the software publisher, end-user organizations and SAM tools will be able to identify additional information such as what suite the product is associated with and the distribution channels the specific software installation was targeted for. In general, software tags will be “discovered” as part of an inventory process on corporate computing devices (desktops, notebooks, servers, PDA’s, etc).

• 19770-3 – the software entitlement tag – this standard is focused on software entitlement definitions. The goal in this standard is to create a standardized data structure (XML file) that can be used to specify what an organization has purchased as well as how and where the purchased item should be measured/tracked. These entitlements should not be using legalese terms for licenses, but rather defining exactly what it is an organization needs to validate in order to know if an entitlement is used. This standard is related to 19770-2 by the fact that unique reference information in 19770-2 and 19770-3 can be reconciled to identify software titles that are related to software entitlements. Other elements in 19770-3 provide details on what information needs to be validated and where that information needs to be captured in order to identify if an entitlement is used or not. In general, this software entitlement tag will be delivered through the purchasing process.