“The Working Group responsible for international SAM standards (ISO/IEC JTC1 SC7 WG21) met in May. It was a productive meeting, with ten individuals attending in person, and another five attending remotely, with representatives from seven national standards bodies (Denmark, India, Ireland (new!), Japan, Poland, UK, and US) and from three liaison organizations (BSA, IAITAM, and itSMFI).
Discussions were held related to the next face-to-face meeting of WG21 which will be in Palm Springs, California, USA 10-12 October, hosted by IAITAM in conjunction with the IAITAM annual US conference 17-19 October. There are also plans for a meeting on 16 October open to all to solicit views about “Emerging Software Asset Management (SAM) standard requirements”. Likewise, there is expected to be the first Annual General Meeting of the International SAM Standards User Group (ISSUG) after the open meeting, for those interested.
The first edition of the SAM process standard (ISO/IEC 19770-1) published in 2006 has been revised to provide four separate tiers, and has successfully passed all of its votes. ISO/IEC 19770-1 2012 available here.
Market uptake of the ISO/IEC 19770-2 Software Identification Tag (‘SWID’ tag) is increasing, with the US government being particularly involved because of its security uses. Microsoft is the most recent publisher to announce support, most major installers now support SWID tags, and increasing numbers of software tools are also supporting SWID tags. There is further to go, and end-users are encouraged to ask all publishers to support the tags. See, for example, the open letter.
Approval was obtained in Korea from SC7 for a New Work Item submission to create an Amendment to ISO/IEC 19770-2 to formalize some of the desired enhancements identified over the last several years, e.g. to facilitate its use for improved security automation.
Work on the Software Entitlement Tag (ISO/IEC 19770-3) is well advanced. It is expected that the 2nd Committee Draft of this standard will go out for vote and comments within the next two months.
19770-5 should go out as a Draft International Standard for vote and comments within the next two months.
Preparatory work is proceeding on the Embedded Software Tag (conceptually the equivalent of ISO/IEC 19770-2 for embedded software). It is expected that the formal submission for vote on the New Work Item Proposal will happen within the next several months.
Work on Tag Management guidance is progressing, and it is expected that the second Working draft of this standard will go out for comments within the next four months.
A call to national bodies had previously been made “to identify existing proprietary and industry-based schemes to be mapped to ISO/IEC 19770-1.
Candidates at present is the following:
Work on these mappings will progress over the next several years. (Note that there is some limited mapping guidance in Annex C of ISO/IEC 19770-1:2012, but this is expected eventually to be superseded by the more detailed work indicated here.)
Approval was obtained in Korea from SC7 for a New Work Item submission for “Guidelines for the application of ISO/IEC 19770-1 for small organizations”, to become ISO/IEC 19770-11.”