In my last entry, I gave an overview of the ISO 19770-1 Organizational Management Processes for SAM. Next in line are what the standard terms its “Core SAM Processes.”
The ISO 19770-1 Core SAM Processes are divided into three process subsets: (1) those pertaining to SAM Inventory Processes, which include processes specific to software asset verification, inventory management, and control; (2) those pertaining to SAM Verification and Compliance Processes, which include processes specific to software asset record verification and security compliance, software licensing compliance, and conformance verification; and (3) those pertaining to Operations Management and Interfaces for SAM, which include processes specific to the management of third-party relationships and contracts, finances, service levels, and IT security.
The Inventory and Verification and Compliance processes together constitute the “meat” of ISO 19770-1 – those most directly related to assessment of an organization’s ownership and proper use of software assets. Unsurprisingly, the SAM Inventory Processes are those that allow an organization to know what software assets it owns and how efficiently it is using those assets. This is an obvious early step to SAM implementation under ISO 19770-1 or any other relevant standard. Without an appreciation for and up-to-date records regarding the assets to be managed and any changes to those assets, the management process is going to be a valueless one for the organization. Closely aligned with core SAM inventory processes are those related to Verification and Compliance. These processes ensure that the assets inventoried under ISO 19770-1 are used within the bounds of applicable organizational policies and contractual obligations, and also according to the ISO 19770-1 standard itself.
The Operations Management Processes and Interfaces of ISO 19770-1 consist of management functions that help an organization to efficiently and effectively implement the core Inventory and Verification and Compliance processes. This subset ensures that everyone influencing the SAM process – vendors, suppliers, budget managers, and responsible staff – provide their respective inputs in a manner that is standardized, reportable, and secure. This allows those ultimately responsible for effective SAM implementation to maintain a clear view of the organization’s current SAM status and opportunities for improvement.