Courtesy: ISO/IEC 40180:2017 Information technology
ISO/IEC 19770-1 is a framework of ITAM processes to enable an organization to prove that it is performing software asset management to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. ISO/IEC 19770-1:2017 specifies the requirements for the establishment, implementation, maintenance and improvement of a management system for IT asset management (ITAM), referred to as an “IT asset management system” (ITAMS).
While ISO 55001:2014 specifies the requirements for the establishment, implementation, maintenance and improvement of a management system for asset management, referred to as an “asset management system”, it is primarily focused on physical assets with little provision for the management of software assets. There are a number of characteristics of IT assets which create additional or more detailed requirements. As a result of these characteristics of IT assets, the 19770-1 management system for IT assets has explicit additional requirements dealing with:
- controls over software modification, duplication and distribution, with particular emphasis on access and integrity controls;
- audit trails of authorizations and of changes made to IT assets;
- controls over licensing, underlicensing, overlicensing, and compliance with licensing terms and conditions;
- controls over situations involving mixed ownership and responsibilities, such as in cloud computing and with ‘Bring-Your-Own-Device’ (BYOD) practices; and
- reconciliation of IT asset management data with data in other information systems when justified by business value, in particular with financial information systems recording assets and expenses.
- The first generation was published in 2006.
- The second generation was published in 2012. It retained the original content (with only minor changes) but splits the standard up into four tiers which can be attained sequentially.