Information technology- Software asset management Part 1: Processes

Document Number: NL ISO IEC 19770 1 : 2010
Sector: Information Technology. Office Machines
TC: NL JTC 1
ICS:
1.1 Purpose This part of ISO/IEC 19770 establishes a baseline for an integrated set of processes for Software Asset Management (SAM). 1.2 Field of application This part of ISO/IEC 19770 applies to SAM processes and can be implemented by organizations to achieve immediate benefits. ISO/IEC 19770-2 provides a specification for SAM data, which requires implementation by software manufacturers (external and internal) and by tool developers for its full benefits to be achieved. It is intended that this part of ISO/IEC 19770 be an implementation standard for organizations. Future editions may provide an assessment framework that is aligned to the requirements in ISO/IEC15504-2. This part of ISO/IEC 19770 applies to all organizations of any size or sector. This part of ISO/IEC 19770 can only be applied to a legal entity, or to parts of a single legal entity. NOTE The definition of organizational scope is documented as part of the Corporate governance process for SAM. This part of ISO/IEC 19770 may be applied to an organization which has outsourced SAM processes, with the responsibility for demonstrating conformance always remaining with the outsourcing organization. This part of ISO/IEC 19770 can be applied to all software and related assets, regardless of the nature of the software. For example, it can be applied to executable software (such as application programs, operating systems and utility programs) and to non-executable software (such as fonts, graphics, audio and video recordings, templates, dictionaries, documents and data). NOTE The definition of software asset scope (software types to be included within the scope) is documented as part of the SAM Plan developed in the Planning for SAM process. It may be defined in any way considered appropriate by the organization, such as for all software, for all program software, for all software on specific platforms, or for the software of specified manufacturers, as long as it is unambiguous. The following forms of software assets are within the scope of this part of ISO/IEC 19770: a) software use rights, reflected by full ownership (as for in-house developed software) and licenses (as for most externally sourced software, whether commercial or open-source); b) software for use, which contains the intellectual property value of software (including original software provided by software manufacturers and developers, software builds, and software as installed and executed); and c) media holding copies of software for use. NL ISO/IEC 19770-1:2010 ISO/IEC 19770-1:2006(E) 2 © ISO/IEC 2006 – All rights reserved NOTE From a financial accounting point of view, it is primarily category (a) which may be considered an asset, and even then it may have been completely written off. From a financial accounting point of view, category (b) may be viewed as actually creating a liability (rather than an asset) with commercial software if it is not properly licensed. This part of ISO/IEC 19770 considers categories (b) and (c) proper assets to be controlled as well as (a). Licenses may have bookkeeping value, but software in use in particular should have business value and needs to be treated as a business asset. Related assets within the scope are all other assets with characteristics which are necessary to use or manage software in scope. Any characteristics of these related assets which are not required to use or manage software are outside of the scope. Table 1 provides examples of these. Table 1 — Application of ISO/IEC 19770-1 to Non-Software Assets Asset type Applicability Example Normative for hardware assets with characteristics required for the use or management of software assets in scope Physical inventory of equipment on which software can be stored, executed or otherwise used; number of processors or processing power; whether the hardware qualifies for counting for site licensing purposes Hardware Not applicable for characteristics not required for the use or management of software assets in scope Cost and depreciation of hardware, preventive maintenance renewal dates Normative for other assets with characteristics required for the use or management of software assets in scope Personnel names for identifying custodianship, personnel counts for licensing done on this basis Other assets Not applicable for characteristics not required for the use or management of software assets in scope Other personnel information 1.3 Limitations This part of ISO/IEC 19770 does not detail the SAM processes in terms of methods or procedures required to meet the requirements for outcomes of a process. This part of ISO/IEC 19770 does not specify the sequence of steps an organization should follow to implement SAM, nor is any sequence implied by the sequence in which processes are described. The only sequencing which is relevant is that which is required by content and context. For example, planning should precede implementation. This part of ISO/IEC 19770 does not detail documentation in terms of name, format, explicit content and recording media. This part of ISO/IEC 19770 is not intended to be in conflict with any organization's policies, procedures and standards or with any national laws and regulations. Any such conflict should be resolved before using this part of ISO/IEC 19770.