Flexera logo
Image: The 14 Key Competencies of SAM (and ISO 19770-1:2017)

You may have stumbled upon this blog and wondered, “What is ISO 19770-1:2017? Am I in the wrong place, or should I have prior knowledge to keep reading further?” Don’t worry, while this blog will be applicable to those with experience, it’s about how to manage your IT assets effectively. ISO 19770-1:2017 specifies requirements, or a set of standards, for an IT asset management system within the context of the organization.

I first had a chance of working with ISO 19770-1:2017 (Edition 3) over the last two years and I have spent a fair amount of time understanding the key principles and context as to how it works in the real software asset management (SAM) and IT asset management (ITAM) universe. Speaking with many in the industry, the majority agreed that it greatly differs from Edition 2 (2012), however you can’t really differentiate them unless you start reading through the full details.

The ISO committee has published an overview of what changes were made and why.  More commonly:

  • To bring ISO 19770-1 standard into alignment with other major ISO standards which are employing Management System Standard (MSS) structure.
  • To address the greater complexity and control the challenges of ever-expanding IT assets (hardware and software) across infrastructure (on-prem, SaaS, PaaS, IaaS).
  • To facilitate closer integration with other major ISO standards and bring SAM/ITAM objectives to coexist with other IT initiatives. For example, you can now have a common design approach between information security management (ISO 27001).

This blog focuses on how SAM can benefit from following the 14 key competency areas:

ISO 19770-1 (2017) category Capability area Example competency question
Trustworthy data Change management How do you currently manage your audit trail of asset record changes (e.g. user-device allocation) within different business units?
Data management How often do you reconcile software and hardware inventories with other sources to certify the accuracy of assumed license metrics? (e.g., user counts based on HR employee records, consolidating  IT asset data from different server inventory sources.)
License management How are software contracts digitalized and how are the relevant T&Cs collected to prepare you for your renewals?
Security management How are End of Life (EOL)/End of Support (EOS) software identified, reported and prioritized within security vulnerability and patch management?
Lifecycle management Specification What is your approach to determining and specifying requirements for new software/hardware requests?
Acquire Are software purchases handled centrally through your procurement process?
Development What is the process for defining and evaluating your technology stack for software development?
Release How frequently are new releases planned and how is this agreed with business owners?
Deployment Do you have  full understanding of software applications, platforms and infrastructure being delivered and utilized across your organization?
Operate How do you manage provisioning, resizing and reclamation of your assets at present?
Retirement What percentage of retired hardware assets are tracked in a way that allows software on them to be reused?
Optimization Relationship management How regularly do you review your software requirements and contracts with your business units, software vendors and service providers?
Financial management How do you identify software wastage on-prem and cloud?
SLA management How do you determine the service level relating to your SAM value chain?

Here are 4 practical steps to help you get started:

1. Understand how SAM can help accomplish better business outcomes

It’s important for the SAM team to drive this from the top-level organizational goals and be cross-functional (for example, with information security, procurement, finance, IT service management, enterprise architecture, cloud and others). This is in line with what we’re seeing in our clients’ worlds today, where SAM is no longer an isolated operational practice. It’s about manifesting a unified approach and driving value across the organization’s value chain. Once objectives and business outcomes are aligned, obtain further insight into the current state and operating model to help the SAM team develop the maturity of the software asset management practice with wider stakeholders in the business.

2. Gain visibility into your IT assets

Do a phased approach, and start with low-hanging fruit. Determine the perimeter of your IT estate and asset scoping (for instance, prioritize based on a combination of factors, including contract types, high risk metrics and renewal timescale). Examine your “as-is” or what’s often called the baseline position and assess the approaches used to prepare key management information to drive actionable insights.

We have also witnessed an increase in internally-driven governance reports that now extend to bring your own license (BYOL) in the cloud, SaaS and cloud containerization.  As the SAM key owner and other stakeholders who have a vetted interest come to terms with the completeness and accuracy of this information at the correct time, the result can be either transformational (if handled proactively and correctly) or costly (if mishandled).

Some common examples that drive the top priorities for this are:

  • Too many data lakes and data silos to formulate what is your single point of truth (or to justify multiple sources with well-accepted processes)
  • Increased (manual) effort in normalizing software and hardware asset data that reduces the accuracy and delivery of the information
  • Contract and license information stored in your contract management system, but not to the level of detail that will enable you to understand your risk position
  • Lack of audit trail and traceability of how assets are introduced or removed from the organization and the overall impact to security and vulnerability
  • Not knowing which users are utilizing what applications (on-prem/SaaS)
  • Lack of visibility into resources and usage across business services in the multi cloud/hybrid cloud environment (for instance,  zombie servers, unused storage, instances running after hours, containerization and dockers).

Having a complete and accurate view of your estate and entitlements allows you to prepare for what lies ahead.

3. Increase operations control of the assets

Assess the effectiveness of your processes in managing your asset lifecycle. Strictly speaking, many entities have some way to record basic software asset information. In some instances, software is managed separately from hardware lifecycle due to pre-defined internal processes. There is often a lack of unified approach or process to monitor the dynamic aspect of the asset and how it provides value to the rest of your business because this depends on proper buy-in and cooperation with the rest of your stakeholders. Some of the common drivers for this are:

  • Do you have visibility of software stacks (white/black list)?
  • Are crucial applications factored into the operational resilience plan?
  • How do you make sure business services are not impacted by migration of legacy software from on-prem to cloud?
  • How do you support scenario planning on hypothetical future business scenarios and build suitable action plans?
  • How do you report charge back or show back?
  • How do retired assets get treated? Are there ways to extract further benefit from them?
  • How are you driving consistency on tagging your cloud resources and services tagged in a multi-cloud environment?

The business benefit of managing the software asset efficiently is to ensure the organization gains efficiency and cost effectiveness in its IT operations.

4. Arriving at the total cost of ownership

Carry out your optimization in phases. I’ve seen organizations wanting to do this up front without knowing full details of what they owned across the business and how it’s treated in the business. It is both challenging and risky to optimize what you don’t know and what we call the “black hole.” Optimization comes in many forms and approaches. Some may begin with a contract optimization , some may examine the discovery data and start to forecast on usage.

There are options for beginning optimization early while simultaneously maturing the lifecycle operations of the assets. The key to optimization is to obtain full visibility over usage data to help drive cost savings and cost reduction.

Some common questions that drive the need for these areas are:

  • How do you optimize the budget spend on technology assets throughout the infrastructure (for instance, asset refresh, asset migration, asset in the cloud)?
  • How do you leverage EOL and EOS to aid with application rationalization  and align EUC refresh cycle?
  • Are you able to plan your contract renewals ahead of time and take advantage of the volume discount benefit from your enterprise software vendors?
  • Are you able to rightsize your SaaS usage throughout your managed/unmanaged portfolios and negotiate a better deal (with SaaS renewals typically shorter than enterprise software renewals)?
  • How do you leverage your optimized view of the estate to grow better, integrated relationships with your stakeholders?
  • How can you merge and manage hybrid on-prem and SaaS license optimization and governance (for instance, O365 and Salesforce) while controlling costs at the same time?

Optimization of software on-prem may take a bit longer due to the complexity and legacy estate that comes with it. Conversely, for the same organization that has already begun their journey to the cloud, they may examine optimization in the cloud in parallel as part of the low-hanging-fruit strategy (for instance, SaaS).  In a recent Gartner publication on CIO 2020 Agenda, strategy, cost and talent were the three pillars for resilience during disruptions.  Severe operating cost pressure remains the top type of disruption over the past four years. Leaders equipped with a proactive view of optimization across their technology assets will emerge stronger, more competitive and better prepared.

With businesses undergoing digital changes, their software asset management practice and wider ecosystem will need to engage, adapt and shift to deliver optimal business value.

For additional information on business value insight using ITAM best practices, please contact Flexera to find the solutions that are right for your organization.