Best practice
ITAM industry feedback sought for new version of ISO/IEC 19770-1
A third version of the ISO standard for SAM is being developed. This article provides an overview of updates and how you can review the latest drafts and provide your feedback. If you have any questions please contact me.
New ISO/IEC 19770-1 Draft Updates
David Bicket
David Bicket of m-Assure writes:
The ISO SAM process standard is being revised to cover full ITAM and to integrate with the standards for Information Security, Service Management, Quality Management and others.
This will be edition 3 of ISO/IEC 19770-1. The expectation is that the revised ITAM standard will formally be published in early 2017, but that it will be usable before then. The latest draft is available for public review and comment through 12 February.
Some notable features of this proposed revision are:
- The revision maintains continuity with the principles of edition 2, i.e. with the 2012 edition of ISO/IEC 19770-1. Any organization which has used edition 2 for self-assessment, improvement, or certification should find it easy to transition to edition 3.
- Improved Tiers. The revision continues the use of tiers, but has revised them to be more intuitive. There are now just three tiers, which are trustworthy data (as with edition 2); life-cycle integration; and optimization.
- Integrated Use with Other Standards. The revision is being rewritten using a new high-level structure and common wording required by ISO for every ‘Management System Standard’ (MSS). ISO 9001 (Quality Management), ISO/IEC 27001 (Information Security Management) and a number of others have already been revised and re-issued. ISO/IEC 20000-1 (Service Management) is also being revised at present. This new approach will facilitate the Integrated Use of Management Systems (IUMS – another ISO acronym). Particular focus is being given to ensure easy integration with Information Security Management and Service Management.
- Leveraging on Physical Asset Management. The revision uses as its basis a new standard for generic asset management (ISO 55001) which was developed primarily for physical asset management, but with the involvement of SAM/ITAM experts to ensure it was a suitable basis for ITAM as well.
- Addressing Additional Requirements for SAM and ITAM. The revision adds to ISO 55001 requirements to meet the special or more demanding characteristics of SAM and ITAM. In particular, these include controls over:
- Software, which has major exposures relating to possible unauthorized modification, duplication and distribution
- Licensing
- Complex organizational ownership/responsibility scenarios, such as for cloud computing
- Mixed organizational/personal responsibility scenarios, such as for BYOD
How to review and provide feedback
There are multiple ways of reviewing the draft and of submitting comments.
- The ‘Committee Draft’ is available for public review at https://isotc.iso.org/livelink/livelink/Open/17495669. The technical specification for it is available at https://isotc.iso.org/livelink/livelink/Open/17496551.
- Members of the public may review the draft and submit comments through 12 February via the British Standards Institution’s web site, using this URL: https://drafts.bsigroup.com/Home/Details/55799. This website requires registration, but otherwise anyone may submit comments using it.
- If you are a member of a national standards body (such as the BSI, ANSI, or DIN) or if you are a member of a liaison organization with the responsible ISO committee SC7WG21 (such as ISACA, itSMFI, IAITAM, SAMAC or TCG) you can submit comments via them. Such comments should be provided using the template that is available from https://isotc.iso.org/livelink/livelink/Open/16689282. Please note that recommendations for change need to be include specific replacement text; it is not sufficient simply to say that something should be ‘considered’ or ‘reviewed’.
Can’t find what you’re looking for?
More from ITAM News & Analysis
-
Stop Shadow IT Before It Hurts Your Business
Shadow IT often spreads quietly and quickly becomes a serious risk. Just look at the UK-based supermarket chain Co-op. A little-known remote maintenance tool used by an external IT provider was compromised. The result? Nearly 800 ... -
Why ITAM Forum Should Join the Linux Foundation: My Rationale and Your Questions Answered
TLDR. ITAM Forum has the opportunity to join the Linux Foundation as a stand-alone, self-funded project. This article covers a) What’s happening b) Why I think it’s a great move for the ITAM Forum and c) ... -
Microsoft Pricing Changes: EA Customers Face Price Increases
From 1st November 2025, Microsoft will remove all tiered pricing for Online Services under the Enterprise Agreement. This means all customers renewing or purchasing new Online Services after this date, will receive standard level A pricing ...
Software Licensing Training
On-demand and live training for ITAM, SAM and Software Licensing professionals.
Similar Posts
-
Eight steps towards AI governance
I delivered our “Managing AI as an Asset” training course the day before the Wisdom conference last week. Thank you to those who attended and provided feedback. It will be available on the LISA platform before ... -
Crawl, Walk, Run applied to ITAM Best Practice (Practical ITAM)
Since the ITAM Forum has been working in strategic partnership with the FinOps Foundation, I’ve come to admire the Crawl, Walk, Run approach to best practices, as it allows improvements and recommendations to meet the organisation ... -
Stop Shadow IT Before It Hurts Your Business
Shadow IT often spreads quietly and quickly becomes a serious risk. Just look at the UK-based supermarket chain Co-op. A little-known remote maintenance tool used by an external IT provider was compromised. The result? Nearly 800 ... -
AI Governance Through an ITAM Lens: Treat AI as a Status Change, Not a New Asset
Managing AI in the enterprise is a team sport. In this article, I want to explore specifically what ITAM brings to the table as we enter the AI era. As I’ve mentioned in previous articles on ...
