ISO tools to assess software asset management

Standards body provides self-assessment capabilities for IT departments

The group behind the ISO standard for software asset management (SAM) will next month release a toolkit to help firms self-assess their processes.

Not-for-profit group Investors In Software (IIS) helped to draft the specification for ISO 19770-1, the global standard on SAM, and its members include Microsoft, Symantec, Ernst & Young and Autodesk.

IIS said the toolkit offers a repository with “gap analysis” to measure the effectiveness of SAM processes. Firms are turning to SAM processes to manage increasingly complex software and licensing. Platform heterogeneity, different versions of applications, outsourcing and in-house programs all complicate the issue.

Meanwhile, IIS is working on part two of the ISO standard to address what it says are snags in the software discovery process.

“Part one was mainly around corporate governance guidelines and a top-down approach,” said Zak Virdi, IIS director. “Part two is guidance for conformity of naming conventions to describe how software is discovered. So far, every vendor has pretty much adopted their own approach. To have a standardised approach is a wonderful ambition.”

Some firms in software asset discovery said a uniform approach to describing assets would be a boon.

“Lack of standardisation is one of the reasons why there’s a market for discovery software – it’s very hard to do,” said Kosten Metreweli, marketing vice-president of Tideway Systems, a developer of configuration management software. “The desktop tends to be a little easier to pin down but in the datacentre you have multiple platforms and there’s no standard for identifying and versioning. Customers have tended to err on the side of caution [in paying software licences] and that has played into the hands of the vendors. Anything that makes software assets more standardised is welcome.”

Part two of the ISO 19770 standard could be published within 18 to 24 months, IIS said.

IIS’s Virdi also suggested that IT suppliers should financially reward customers who demonstrate a best-practice approach to SAM. “It’s like the Advanced Driving Test,” he said. “If you’re a better driver you receive cheaper insurance.”

Ram Dhaliwal, Microsoft UK licensing programme manager, said, “The ISO standard formalises the SAM process and clarifies the key steps for implementing SAM within a customer organisation. Microsoft has been supportive in the development of the ISO standard and has been working with the IIS for some time now.

“The SAM ISO standard is not just for large organizations - small to medium businesses can still use online or hard-copy guides of the standard to ensure they follow the key process steps to implement a software asset management strategy their own way without progressing to accreditation stages - the depth of how SAM is implemented comes back to the customer choosing the best solution for them.”