ISO SAM Comes Center Stage

“IAITAM members seeking more natural, evolutionary approach will find the news of SAM in stages refreshing…”

 

Executive summary

Focusing on how to use standards in the real world, this article continues from recent articles to explore how ISO is making Software Asset Management (SAM) standards much more accessible. It will interest organizations that want to achieve best practice in natural evolutionary stages, make progress and demonstrate results more easily. There is also refreshing news of an opportunity to trial ISO approaches which is expected to lead to easier application of the 19770-series of international standards. Anticipated benefits include easier SAM process improvement; realizing savings and other benefits more quickly; and the ability to demonstrate the achievement of each stage.

 

Contents

  • Getting up to date: SAM a story too big for just one act
  • Overview of BSA tiered approach: Ready for the stage
  • Trialing arrangements: Where can I get tickets?
  • ISO and the BSA: About the players
  • Can I see the preview? ..and other FAQ
  • Applause for your SAM: Take a bow!

 

Up to date: SAM – A story too big for just one act

Everyone likes a great story but there are times I feel my classical education could provide a richer background – especially if I find myself settling down to see one of the great plays and I wish I knew more history. Frankly even in films like Shakespeare in Love, I wish I knew a bit more about his great rival Christopher Marlowe or the great Italian dynasties!

That’s why it’s at times like this I’m glad I purchased a program with my ticket, as there always seems to be a short paragraph bringing me up-to-date on the period, culture and major historical influences. Or, more usefully, some clues which help me to enjoy the story and the fun better!

 

Thus it may be for many of us with Software Asset Management and its related best practice for processes. There is quite a bit of history from different parts of the IT world – some in ITIL and Service Management, some in the field of licensing and compliance and even some in the general field of quality management. So I wonder if you feel like reading the first page of the program again? Just as a quick reminder?

 

David Bicket’s earlier article on “Software and IT Asset Management Standards: Benefits for Organizations and Individuals” (ITAK V3 I9) is a great place to start for getting up-to-date with SAM standards published and in-train. I’d like to add here that market feedback on the ISO SAM standard (ISO/IEC 19770-1 SAM Processes) has been positive. However, many organizations want to target something more ‘digestible’ than immediate conformance with the full standard (aligned with full Service Management and highly comprehensive).

 

This is really the centerpiece of this story. Best practice tends to mean naturally evolving through several phases and 19770-1 is just too much to address in one leap. As a result, the ISO/IEC Working Group responsible for SAM standards (WG21) has authorized the trialing by industry of incremental approaches to SAM conformance, with the aim of progressing one to a full international standard.  Enter stage left the Business Software Alliance which has proposed such an approach, based on the principle of four tiers of processes which together cover all of ISO/IEC 19770-1.  The latest is that WG21 has recently authorized this approach for trialing, and encourages organizations to participate in these trials.

 

So the stage is set and the curtains are open: read on for more of the story and some opportunities to get in on the act. David Bicket, the ISO working group Chairman, suggests that there are benefits it can give your organization, and sees benefits for the industry as a whole if organizations can use it and provide feedback on it.   Any feedback needs to be received by 31 March 2009.

 

Overview of BSA tiered approach: Ready for the stage

Or, more accurately, the stages: These are four broad groupings of similar process areas in the BSA tiered approach.  These groupings are intended to reflect a pragmatic blend of how easily they can be justified, and the sequence in which changes can be and are often implemented.  Note that these tiers assume that an organization has a full spectrum of relevant SAM processes in place, but assessment for each tier is focused on particular groupings of those processes.  The tiers thus provide evolutionary stages for process improvement as well as stages for independent assessment of what has been achieved.

 

  1. Trustworthy Data. [This may also be called ‘Repeatable License Compliance Processes’] This is the initial focus for most organizations. The need for accurate IT asset information is generally well recognized, and comparatively easy to sell within the organization.   Also, the processes included in this tier will address license compliance, which is a concern for most corporate boards. It also typically creates the business justification for the other tiers, since the process of obtaining accurate IT asset information typically highlights the issues which drive the demand for further improvements in SAM.
  2. Control Environment. In theory, you first need to establish the control environment and plan. In reality, this is normally done as a reaction to the problems identified in Tier 1 above.  Once management recognizes those risks and exposures, it can take appropriate steps to ensure that these issues are resolved top-down, with proper resourcing (or alternatively, explicit management acceptance of the associated risks).
  3. Key Operational Processes. With trustworthy data and a good control environment already addressed, focus here turns to ensuring that critical management and operational processes are in place and performing well. These include in particular contract management, procurement, deployment, and retirement.
  4. Full Conformance. The final tier is full conformance with ISO/IEC 19770-1.

 

Note: The BSA Tiered Approach is © Business Software Alliance 2008.  Permission has been granted to ISO/IEC for this trialing, and the BSA has committed to transfer the IP to ISO/IEC if this approach is adopted in any way for further development as an ISO/IEC standard.)

 

Trialing arrangements: What price are tickets?

Trialing arrangements are set up for easy access. Any organization may participate subject to clear (and payment-free) conditions:

 

  • The organization (SAM owner) registers interest in using the tiered approach to complete an assessment before 31 March 2009. As part of registration, information is requested for market segmentation e.g. industry and number of people engaged in IT delivery.
  • The organization must commit to providing meaningful feedback on the tiered approach by 31 March 2009, regardless of the extent to which the organization has been able to complete the assessment by then. (A questionnaire will be provided.)
  • The organization must agree to being contacted for follow-up on its feedback.
  • The organization must acknowledge BSA copyright for the approach in any citations concerning the assessment. (The BSA has committed to transfer the IP to ISO/IEC as this approach is offered to help further standards development.)

 

It is understood that many organizations wishing to trial may be working with a chosen service partner or consultant, and WG21 welcomes feedback from these parties.  However, the essential requirement for trials is that they be conducted with end-user organizations.  The commitments cited above must ultimately be the responsibility of the end-user organizations.

Note that there is no need to work with the BSA or to inform the BSA of participation in this trial.  The BSA is running its own trials of this approach, and an organization may approach the BSA to enquire if there is an opportunity of doing a trial with them.  However, the BSA has gone about this so as to provide the approach via ISO without payment or BSA-registration being needed, so there is no requirement to do so.

 

ISO and the BSA: About the cast

ISO is taking the lead role in this. You will know a little of their character and of the background to what Working Group 21 currently offers by reviewing David Bicket’s article mentioned earlier. Essentially you need to know that Part1 of ISO/IEC 19770 is focused on processes, and there are many of them covering wide-ranging areas of an organization’s procedures, policies and management.

 

WG21 wants to make SAM standards easy to use in practice so the priority is to promote use of existing standards.  WG21 believes this way of working encourages good market feedback to help with new and complementary standards-making efforts. This has been the motive for Working Group 21 to come into the limelight and offer the staged approach. It’s a compelling performance because they want some audience participation: in the form of honest feedback from you.

So far we’ve seen one other player, the BSA, involved in the actions. A reminder of its role: the Business Software Alliance (www.bsa.org) is really acting as an author for useful industry materials. What they have done here is to provide a tiered approach to adopting SAM which has the great advantage of mapping explicitly on the existing best-practice.

Why this role? The BSA’s part in this has considerable history and influence for the industry as a whole:

 

“The BSA is dedicated to promoting a safe and legal digital world.  The BSA is the voice of much of the world’s commercial software industry and its hardware partners before governments and in the international marketplace.  BSA programs foster technology innovation through education and policy initiatives that promote copyright protection, cyber security, trade and e-commerce”.

 

The BSA has proposed a tiered approach to conformance with ISO/IEC 19770-1 “because it believes that organizations achieve the most by having targets with strong business justification, and the use of tiers facilitates business justification. Targeting full conformance with ISO/IEC 19770-1 may not be possible all at once, or in some cases ever, due to business constraints.  However, a tiered approach to software asset management and conformance provides more options, making it easier to make improvements, and to realize benefits at each stage, for as many stages as the organization considers justified.”

 

The BSA is organizing its own trials of this tiered approach, and providing feedback to WG21.  There are further details about this in the references at the end of this article.

 

Can I see the preview? ..and other FAQ

This and more information is already available on the WG21 website, along with a simple application form, so I would recommend getting this from direct source in case of any changes.

What exactly is being offered? Registration gives you:

 

  • A breakdown of ISO/IEC 19770-1 outcomes into four tiers; a spreadsheet shows how each tier adds focus on a subset.
  • A PDF document containing the original submission from the BSA to WG21 describing the four-tier framework
  • A questionnaire to be used for providing feedback

 

How do I obtain these materials?  You just need to complete the registration form [attached], and send it to enquiries@19770.org.  You should receive a response within 2 working days, and the relevant materials assuming that you qualify.

Do I qualify? Yes, if you are in a position within an organization to be able to commit to the following:

 

  • Providing meaningful feedback on the tiered approach by 31 March 2009, regardless of the extent to which it has been able to complete the assessment by then. (A questionnaire will be provided.)
  • Agreeing to being contacted for follow-up on its feedback.
  • Acknowledging BSA copyright for the approach in any citations concerning the approach or assessment. (The BSA has committed to transfer the IP to ISO/IEC as this approach is offered to help further standards development.)

If you are a consultant considering this approach for use with one or more of your clients, you can also benefit. See details of what’s required at www.19770.org .

 

What is WG21 aiming to achieve, and why go about it this way? WG21 wants to make SAM standards easy to use in practice so the priority is to promote use of existing standards.  WG21 believes this way of working encourages good market feedback to help with new and complementary standards-making efforts.

What do I get if I give my details? Any details you supply are used exclusively by WG21 solely to help the ISO/IEC standards-making process.

What kind of feedback is expected? The feedback of most value is specifically about the suitability of the tiers for implementing and assessing SAM best practice in stages. E.g. Does starting with Trustworthy Data make the most sense? Are all the right processes in Tier1?

When may I give feedback? Organizations who participate in the trial are required to provide feedback at latest by 31st March 2009. You may submit it whenever you have useful feedback. You may submit it in stages if you wish.

 

Applause for your SAM: Take a bow!

So the stage is set, and the curtain opens on the next stage of SAM development. It’s important to recognize all the organizations and players who have worked on the productions so far. It’s important to close with a reminder there is still much room for more recognition – possibly some for your own organization.

The welcome developments to make SAM best practice more accessible are also likely to be welcomed by a wider range of SAM-adopting organizations. Not least because staged approaches make it easier to measure your SAM against best-in-class and increase the potential for recognizing your progress through industry certification.

Certification for your SAM: Auditions for wider roles. If you like what you hear and want closer involvement, you may want to get some more feedback about your own SAM. There are ways to use the more accessible SAM best practice to formally evaluate your procedures and new options derive directly from the tiered approach. WG21 makes clear this is not a part of the current process, but this approach does mean more options become available.

If I want assessment what options are there? Organizations should decide their own assessment requirements – ISOIEC does not make recommendations. Some organizations have used:

 

  • Self-assessment, for example using the “ISO/IEC 19770-1 Software Asset Management: Are you ready?” self-assessment software published by ISO, which includes extensive guidance;
  • 2nd party assessment (your own partner);
  • 3rd party (independent) using public assessment schemes.

 

Expect to see some further developments from industry players with established Certification Schemes. You may also wish to check options BSA may offer industry if organizations wish to show they are moving forward to best practice – and get ready to take your bow!

Finally, a reminder that Working Group 21 welcomes additional participants who can contribute and want to share in the work of standards-making.  Again see David Bicket’s article for contact details if you are interested!

 

References:

  1. The BSA’s own website on Tiered Approach to SAM using SAM Advantage is www.bsa.org/SAMadvantage
  2. If you wish to discuss the possibility of working directly with the BSA in such a trial, please contact Peter Beruk at peterb@bsa.org
  3. ISO (www.iso.org)
  4. WG21 (www.19770.org)

 

© David Phillips 2008.  Portions © ISO/IEC for WG21, used with permission.

About David Phillips

David Phillips is with SAMleaders.