ISO/IEC DTS 19770-13

ISO/IEC JTC 1/SC 7
Secretariat: BIS
Date: 2025-11-21
Information technology — IT asset management — —
Part 13:
Guidance on the incorporation of sustainability aspects in an IT asset
management system
FDIS stage
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
E-mail: copyright@iso.org
Website: www.iso.orgGestion durable des actifs informatiques — Guide pour l'intégration du
développement durable dans un système de gestion des actifs informatiques

© ISO/IEC 2025 – All rights reserved
ii
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
iii
Contents
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Sustainable (green) IT . 24
4.1 General. 24
4.2 Sustainability conduct of IT asset suppliers and IT service providers . 26
4.3 Resource consumption of IT assets . 28
4.4 Life cycle management of IT assets . 30
5 Principles for the implementation of sustainable ITAM . 35
5.1 General. 35
5.2 Governance and culture . 37
5.3 Strategy alignment and objectives . 38
5.4 Risk, opportunity and impact assessment . 39
5.5 Stakeholder engagement . 39
5.6 Monitoring, measuring and metrics . 40
5.7 Reporting, transparency and assurance. 40
5.8 Continual improvement and enhancing ambition . 40
6 Implementation of sustainable ITAM . 41
6.1 General. 41
6.2 Governance and culture . 45
6.3 Strategy alignment and objectives . 46
6.4 Risk, opportunity and impact assessment . 48
6.5 Stakeholder engagement . 57
6.6 Monitoring, measuring and metrics . 59
6.7 Reporting, transparency and assurance. 59
6.8 Continual improvement and enhancing ambition . 60
Bibliography . 61

© ISO/IEC 2025 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) is a and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide federation of national standardsstandardization.
National bodies (that are members of ISO member bodies). The workor IEC participate in the development of
preparing International Standards is normally carried out through ISO technical committees. Each member
body interested in a subject for which a technical committee has been established has the right to be
represented on that committee. Internationalby the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO / /IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO documents document should be Notednoted. This document was drafted in accordance with the
editorial rules of the ISO / /IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocswww.iso.org/directives).).
Attention is drawnISO and IEC draw attention to the possibility that some of the elementsimplementation of
this document may beinvolve the subjectuse of (a) patent(s). ISO and IEC take no position concerning the
evidence, validity or applicability of any claimed patent rights in respect thereof. As of the date of publication
of this document, ISO and IEC had not received notice of (a) patent(s) which may be required to implement
this document. However, implementers are cautioned that this may not represent the latest information,
which may be obtained from the patent database available at www.iso.org/patents and https://patents.iec.ch
rights. ISO should. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details
of any patent rights identified during the development of the document will be in the Introduction and / or on
the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO’sISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT),) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by the Joint Technical Committee ISO / /IEC JTC 1, Information technology,
subcommitteeSubcommittee SC 7, Software, and systems engineering.
A list of all parts in the ISO / /IEC 19770 series can be found on the ISO websiteand IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-
committees.
© ISO/IEC 2025 – All rights reserved
v
Introduction
The document is intended to address sustainability aspects related to the use of IT assets and their
management, defined as “IT asset management” (ITAM) in ISO / /IEC 19770-1 and provide an overview of
relevant developments regarding green IT in a broad approach. In understanding and developing an alignment
of interest in tackling IT-related sustainability challenges, organizations can contribute toward positive
environmental and social outcomes, improve their ITAM, address externalities from IT assets, mitigate related
risk, realize opportunity, and drive value from a transition to green IT. This document is also designed to
support organizations in the incorporation of fundamental sustainability principles, practices, and
terminology, hereinafter summarized as “sustainability aspects” into their “IT asset management system”
(ITAMS), to help achieve these mutually beneficial outcomes. Some elements of this document can also
support an organization to align with the specifications of ISO 14001, ISO 26000, ISO 50001, other ISO
standards and international initiatives and conventions related to sustainability as appropriate.
This document does provideprovides guidance on how key sustainability aspects can be integrated at the
organizational level into an existing ITAMS including recommendations related to the decarbonization of IT
and, of similar importance, the fair and equitable treatment of ITAM personnel and the definition and
implementation of sustainable ITAM policies. It should be pointed out that theThe use of green IT does not
require the implementation of the principles described in this document, nor willdoes the implementation of
the principles lead directly to the exclusive use of green IT. Nevertheless, the transition to green IT is simplified
by the adoption of these principles.
At this stage the term “Sustainablesustainable ITAM” is not yet defined, enabling organizations to develop
their own adoption approach. And although, theAlthough this document does not specify any mandatory
requirements itself, the principles defined for driving Sustainablesustainable ITAM can be considered as
complementary to and can be implemented alongside other sustainability initiatives, requirements and an
environmental, social and governance (ESG) framework adopted by an organization. Components of an ESG
framework willshould already exist within the organization, at least in part, e.g.for example, as a basis to drive
decarbonization of its portfolio and reduce emissions within its operational processes and value chain, in
particular to enable the organization to prepare an emissions inventory –, which also includes the calculation
of their corporate carbon footprint (CCF) in accordance with the Green House Gas (GHG) Protocol Corporate
Standard. In addition, application of the principles and guidance provided in this document willcan support
an organization in adapting or enhancing these components, so that integration of sustainability is more
effective and efficient as well as holistic and consistent.
Implementation of Sustainablesustainable ITAM principles shall require interfacing with multiple
organizational departments and internal and external roles, e.g.for example, those responsible for:
— enabling ESG strategic objectives through digital technology and services;
— managing and promoting ESG in general;
— setting and monitoring ESG progress against strategic objectives;
— measuring, analyzing and mapping of ESG performance and ESG related key performance indicators
(KPIs);
— understanding and monitoring risk and threats related to ESG;
— engagement with and reporting to stakeholders on ESG issues; and
— training on ESG and ESG capacity building.
© ISO/IEC 2025 – All rights reserved
vi
The principles and guidance provided in this document can be used by personnel within an organization and
those supporting and advising an organization on the application of sustainability principles for ITAM to
manage the engagement with various stakeholders.
TheThis document has beenis designed so that an organization can apply the principles and guidance for
Sustainablesustainable ITAM to the extent applicable, regardless of its size, geographical presence, or core
business. Organizations at different stages of an ITAMS or ESG integration can apply all or parts of the
principles and guidance for Sustainablesustainable ITAM, depending on existing ITAMS and / or ESG
components, or both, and the degree of operational capability and capacity.
The document is also designed to demonstrate alignment with related principles, guidance, and practices, so
that the organization’s stakeholders can assess progress in the implementation of sustainability principles for
ITAM as well as changes to indicators used to measure the achievement of IT related ESG goals. In any case,
continual improvement is a core aspect of an ITAMS. Thus, progression towards greater sustainability in ITAM
also requires ongoing improvement of operational performance and progress related to sustainable outcomes.
The main outcomes of the implementation of the principles and guidelines may include the following:
— Sustainablesustainable ITAM statement or policy;
— strategic implementation plan for Sustainable ITAM;
— development of strategic goals on material ITAM related sustainability issues;
— development and implementation of metrics and KPIs for Sustainable ITAM;
— development and implementation of control and monitoring processes for KPIs;
— systematic review of existing ITAMS processes and resources;
— ITAM stakeholder engagement plan;
— scenario analysis, risk impact assessment and mitigation plan;
— benchmarking, peer review and gap analysis; and
— external assurance.
NoteNOTE 1 : The structure and, in various parts, the contents of this document have been adopted from ISO 32210
as good practice for the development and implementation of a sustainability strategy in an organization with necessary
adjustments required to address the application of this practice to ITAM.
Note NOTE 2 : Certain areas and concepts presented in this document are still in a developmental stage, very dynamic
and ever evolving. This applies in particular to the normalization and operationalization of IT-related sustainability
requirements, related standards and legal frameworks.
© ISO/IEC 2025 – All rights reserved
vii
Information technology — IT asset management — —
Part 13:
Guidance on the incorporation of sustainability aspects in an IT asset
management system
1 Scope
The document gives guidance to organizations on the incorporation of sustainability aspects for IT asset
management (ITAM. It).
This document is applicable to any organization, regardless of size, type and nature and applies to the
sustainability aspects that an organization has implemented or will implement in its IT asset management
system (ITAMS) in accordance with the scope definition of ISO / /IEC 19770-1. The
This document also gives guidance to organizations on the incorporation of sustainability aspects for ITAM
and addresses what is material from the perspective of the organization and of its stakeholders.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obphttps://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/https://www.electropedia.org/
3.1
3.1
accountability
obligation to another for the fulfilment of a responsibility (3.63(3.64))
Note 1 to entry: The obligation includes the duty to inform and to explain the way amanner in which the responsibility
was fulfilled.
Note 2 to entry: The non-fulfilment of a responsibility has consequences that can be enforced on the accountable party.
[SOURCE: ISO 37000:2021, 3.2.2]
3.2
3.2
asset
item, thing, or entity that has potential or actual value to an organization (3.53(3.54))
Note 1 to entry: Value can be tangible or intangible, financial, or non-financial, and includes consideration of risks (3.65)
and liabilities. It can be positive or negative at different stages of the asset life (3.3).
Note 1 to entry: Assets can be physical or non-physical.
© ISO/IEC 2025 – All rights reserved
Note 2 to entry: Physical assets usually refer to equipment, inventory and properties owned by the organization.
Physical assets are the opposite of intangible assets, which are non-physical assets such as leases, brands, digital assets,
use rights, licenses, intellectual property rights, reputation, or agreements.
Note 3 to entry: A grouping of assets referred to as an asset system (3.7(3.7) could) can also be considered as an asset.
[SOURCE: ISO 55000:20142024, 3.2.1.1]
3.3
3.3
asset life
period from asset (3.2(3.2) creation) ideation to asset end -of- life
Note 1 to entry: “Useful life” is the period over which an asset is capable of fulfilling a purpose to an entity.
Note 2 to entry: Asset life can differ from the period the organization holds responsibility (3.63) for the asset.
Note 3 to entry: End-of-life is when the asset can no longer cause any residual obligations.
[SOURCE: ISO 55000:20142024, 3.21.2]
3.4
asset management
3.4
asset management
coordinated activity of an organization (3.53(3.54)) to realize value from assets (3.2(3.2))
Note 1 to entry: Realization of value will normally involveinvolves a balancing of costs, risks (3.64(3.65),), opportunities
and performance (3.56(3.57)) benefits.
Note 2 to entry: Activity can also refer to the application of the elements of thean asset management system (3.5(3.5).).
Note 3 to entry: The term “activity” has a broad meaning and can include, for example, the approach, the planning, the
and plans, and their implementation.
Note 4 to entry: Realization of value of an asset can calculated based either on:
— classical models and performance measures with a strong business focus such as:
— the return on investment (ROI) on the asset as the ratio between the net profit derived from using the asset and the
capital that was employed to produce that profit; and
— the total cost of ownership (TCO) of the asset as the cost over its entire life cycle (3.46) from acquiring, deploying,
operating, maintaining, and retiring or replacing the asset; or
— new models that recognize the value and use of an impact (3.34) to social and environmental capital such as:
— the Cambridge value mapping tool (CVMT) for sustainable business modelling to identify ‘value uncaptured’ in the
form of failed value exchanges, i.e. value missed, destroyed, surplus, and absence; and
— the natural capital protocol (NCP) decision-making framework developed by the Capitals Coalition and World
Business Council for Sustainable Development (WBCSD) that effectively allows for the accounting of environmental
and social impact within business value assessments and investment decisions and appraisals.
— the Global Reporting Initiative (GRI) has been supporting sustainability (3.75) reporting by organizations since
1997, in cooperation with the United Nations. GRI published its Sustainability Reporting Standard, which includes a
reporting framework with associated guidelines and criteria.
© ISO/IEC 2025 – All rights reserved
[SOURCE: ISO 55000:20142024, 3.32.1, modified — Note 4 to entry has been added].]
3.5
3.5
asset management system
management system (3.47(3.48)) for asset management (3.4(3.4) whose function is to establish the asset
management policy (3.58) and asset management objectives (3.51))
Note 1 to entry: The asset management system is a subset of asset management.
[SOURCE: ISO 55000:2014, 3.4.2024, 3.3.5]
3.6
3.6
asset portfolio
assets (3.2(3.2)) that are within the scope of the asset management system (3.5(3.5))
Note 1 to entry: A portfolio is typically established and assigned for managerial control purposes. Portfolios for physical
hardware might be defined by category (e.g. plant, equipment, tools, land). Software portfolios might be defined by
software publisher, or by platform (e.g. PC, server, mainframe).
Note 2 to entry: An asset management system can encompass multiple asset portfolios. Where multiple asset portfolios
and asset management systems are employed, asset management (3.4) activities should be coordinated between the
portfolios and systems.
Note 3 to entry: Note 2 to entry: An asset portfolio covers all asset classes including the financial costs involved. The
portfolio should reflect fixed costs or CAPEX (Capital Expenditurecapital expenditure) along with variable costs or OPEX
(Operational Expenditureoperational expenditure) spread over the lifetime of the asset class.
[SOURCE: ISO 55000:20142024, 3.2.41.7, modified — Note 32 to entry has been added].]
3.7
3.7
asset system
set of assets (3.2(3.2)) that interact or are interrelated
[SOURCE: ISO 55000:20142024, 3.2.51.6]
3.8
3.8
asset type
grouping of assets (3.2(3.2)) having common characteristics that distinguish those assets as a group or class
EXAMPLE: Physical assets, information assets, intangible assets, critical assets (3.17), enabling assets, linear assets,
information, and communications technology (ICT) assets, infrastructure assets, moveable assets.
[SOURCE: ISO 55000:20142024, 3.2.61.5]
3.9
3.9
baseline
agreed reference value or set of values which can be derived from past experience, often used for comparing
with ongoing performance (3.56)data (3.18,), values or outcomes
[SOURCE: ISO 37500:2014, 3.1, modified — “or” replaced “and / /or” before “outcomes”.]” has been replaced
by "or".]
© ISO/IEC 2025 – All rights reserved
3.10
3.10
benchmarking
activity of measurement and analysis that an organization (3.53) can use to search for and compare practices
inside and outside the organization, with the aim of improving its performance (3.56)
Note 1 to entry: Benchmarking can be applied to policies (3.57comparing attributes), strategies and objectives, processes
(3.59(3.60),) and their operation, products, services and an organization’s structures.
Note 2 to entry: Benchmarking can be used to compare attributes or performance between organizations (3.54).
[SOURCE: ISO 30400:20162022, 3.171.18]
3.11
3.11
carbon footprint of product
CFP
sum of GHG emissions (3.30(3.30)) and GHG removals (3.31(3.32)) in a product system, expressed as CO
equivalents and based on a life cycle (3.46) assessment using the single impact (3.34) category of climate
change
Note 1 to entry: A CFP can be disaggregated into a set of figures identifying specific GHG emissions and GHG removals. A
CFP can also be disaggregated into the stages of the life cycle.
[SOURCE: ISO 14067:2018, 3.1.1.1] , modified — Note 2 to entry has been removed.]
3.12
3.12
circular economy
economy that is restorative and regenerative by design and which aims to keep products, components and
materials at their highest utility and value at all times, distinguishing between technical and biological cycles
Note 1 to entry: Main objectives (3.50(3.51)) of circular economy with regard to ITAM are:
— enabling full-fledged IT asset life (3.3) cycle by redesigning IT assets (3.36) to reduce material requirements (3.61)
for the manufacturing process (3.59,), to foster adoption of biodegradable and recycled materials, and to improve
options for repair, refurbish, reuse, recover, recycle, and remanufacture using harvested materials from IT assets for
a safer and sustainable future;
— integration of ESG (3.25(3.25)) factors in the supplier and service provider selection process as % terms towards
achieving sustainable sourcing; and
— creation of localization rules and criteria that enablesenable local sourcing of IT assets (3.37),, thereby reducing the
impact (3.34) towards scope 1, scope 2 and scope 3 GHG emissions (3.30(3.30).).
Note 2 to entry: Ecodesign is an approach to designing products and services while considering environmental impact in
every phase of the development and the life of the product. Thus, ecodesign goes hand in hand with circular economy by
trying to avoid designing products that get discarded after only one use and have no further benefit after their end of life.
The EU has implemented the ecodesign directive for sustainable products 2009/125/EC (ESPR) that sets mandatory
ecological requirements (3.61) for energy-using and energy-related products that are sold in the member states.
Currently, the eco-design directive covers more over 40 product groups that are responsible for approx.approximately
40 % of all EU GHG emissions.
[SOURCE: ISO 20400:2017, 3.1, modified — Notes 1 and 2 to entry have been added].]
© ISO/IEC 2025 – All rights reserved
3.13
3.13
climate change adaptation
process (3.59) of adjustment to actual or expected climate and its effects
Note 1 to entry: In human systems, adaptation seeks to moderate or avoid harm or exploit beneficial opportunities.
Note 2 to entry: In some natural systems, human intervention can facilitate adjustment to expected climate and its effects.
[SOURCE: ISO 14090:2019, 3.1, modified — “climate change adaptation” replaced the The preferred term
“adaptation to climate change”.]” has been removed; the admitted term “climate change adaptation” has been
changed to the preferred term.]
3.14
3.14
continual improvement
recurring activity to enhance performance (3.56)
[SOURCE: ISO 37301:2021, 3.12]
3.15
3.15
corporate carbon footprint
CCF
balance of all GHG emissions (3.30(3.30)) generated according to the Kyoto Protocol in an organization over a
specific period of time
3.16
3.16
corporate sustainability
CS
is the approach aiming to create long-term stakeholder (3.71(3.72)) value through the implementation of a
business strategy that focuses on the ethical, social, environmental, cultural, and economic dimensions of
doing business.
3.17
3.17
critical asset
asset (3.2(3.2)) having potential to significantly impact on the achievement of the organization’s (3.53(3.54))
objectives (3.50(3.51))
Note 1 to entry: Assets can be safety-critical, environment-critical, or performance-critical (3.56(3.57)) and can relate to
legal, regulatory or statutory requirements (3.61(3.62).).
Note 2 to entry: Critical assets can refer to those assets necessary to provide services to critical customers.
Note 3 to entry: Asset systems (3.7(3.7)) can be distinguished as being critical in a similar manner to individual assets.
[SOURCE: ISO 55000:20142024, 3.2.71.8]
3.18
3.18
data
facts about an object
© ISO/IEC 2025 – All rights reserved
Note 1 to entry: In the context of IT asset management systems (3.40(3.41),), data may be a captured, measured, or
recorded representation of information, before it is analyzed, interpreted, or processed. Data may relate to objects such
as facts, events, things, processes (3.59,), or ideas, including concepts that within a certain context have a particular
meaning related to IT assets (3.36(3.37).).
Note 2 to entry: Processing of data generates information as an outcome with which meaningful decisions and actions
can be taken.
Note 3 to entry: Data includes information generated that qualifies for further analytics, scientific and research purposes,
including AI (3.2) capabilities.
[SOURCE: ISO 9000:2015, 3.8.1, modified — NoteNotes 1 hasto 3 have been added, modified from ISO 15784-
1 and ISO / IEC 2382, Notes 2 and 3 to entry added].]
3.19
3.19
digital asset
IT asset (3.36(3.37)) expressed electronically in a digital format
Note 1 to entry: Digital assets include software assets (3.69(3.70),), and digital information content assets (3.20(3.20).).
[SOURCE: ISO / /IEC 19770-1:2017, 3.17]
3.20 3.20
digital information content asset
digital asset (3.19(3.19)) with information content
EXAMPLE : Documents, audio, video, graphics, databases, free-standing dictionaries; often licensed
Note 1 to entry: ITAM (3.38(3.39)) can include management of these assets (3.2) as whole entities, e.g. for license
compliance, but excludes management of the content.
[SOURCE: ISO / IEC 19770-1:2017, 3.1718]
3.21
3.21
documented information
information required to be controlled and maintained by an organization (3.53(3.54)) and the medium on
which it is contained
Note 1 to entry: Documented information can be in any format and media and from any source.
Note 2 to entry: Documented information can refer to:
— the management system (3.47(3.48),), including related processes (3.59(3.60););
— information created in order for the organization to operate (documentation);
— evidence of results achieved ([e.g. records, KPIs (3.43(3.44),), KRIs (3.44(3.45) )and OKRs (3.51(3.52);)];
— sources of information that can be both internal and external;
— security of information that is reliably sourced, can be validated, verified for its accuracy.
[SOURCE: ISO 55000:20142024, 3.1.63.12, modified — Note 2 to entry has been modified]
© ISO/IEC 2025 – All rights reserved
3.22 3.22
EP
energy proportionality
EP
relationship between power consumed by IT hardware (3.33) and the rate at which useful work is done (its
utilization)
Note 1 to entry: Utilization measures how much of a computer's resources are used, usually given as a percentage. A fully
utilized computer running at its maximum capacity has a high percentage, while an idle computer with no utilization has
a lower percentage. Due to this, the more a computer is utilized, the more efficient it becomes at converting electricity to
practical computing operations. One way to improve hardware efficiency is to run the workload on as few servers as
possible, with the servers running at the highest utilization rate, maximizing energy efficiency.
Note 2 to entry: EP was developed by Google and is now an accepted measure of energy efficiency of an IT asset
(3.36(3.37).).
3.223.23
EFCA
3.23
environmental full-cost accountingEFCA
method of cost accounting that traces direct costs and allocates indirect costs by collecting and presenting
information about the possible environmental costs and benefits or advantages
Note 1 to entry: Full-cost accounting embodies several key concepts that distinguish it from standard accounting
techniques, including but not limited to:
— hidden costs and externalities;
— overhead and indirect costs;
— past and future outlays; and
— costs according to the life cycle (3.46) of an asset (3.2(3.2).).
3.233.24
3.24
environmental management system
EMS
part of the management system (3.47(3.48)) used to manage environmental aspects, fulfill compliance
obligations, and address risks (3.64) and opportunities
[SOURCE: ISO 14001:2015, 3.1.2, modified — excluded references to “environmental aspects”, “compliance
obligations” and “risks and opportunities” for simplification]The abbreviated term "EMS" has been added.]
3.243.25
3.25
environmental, social and governance
ESG
holistic framework and set of criteria defined by the United Nations Development Program (UNDP) used to
evaluate and measure an organization’s (3.53(3.54) )performance (3.56) in relation to environmental, social,
and governance issues and its sustainable and ethical behaviorbehaviour
Note 1 to entry: The UNDP launched its sustainable development agenda in 2015, reflecting the growing understanding
by Member States that a development model that is sustainable for this and future generations offers the best path
forward for reducing poverty and improving the lives of people everywhere.
© ISO/IEC 2025 – All rights reserved
Note 2 to entry: The criteria ensure that an organization is being socially responsible and held accountable, which is in
the best interest of shareholders and potential investors.
Note 3 to entry: The objective (3.50(3.51)) of this ESG framework is towards enabling and implementing the 17
sustainable development goals as per UNDP. The environmental component of the framework considers the impact
(3.34) and contribution that an organization can have on the natural world, including but not limited to:
— waste and pollution management;
— resource management;
— GHG emissions (3.30(3.30););
— energy efficiency;
— deforestation;
— protection of biodiversity.
The social component of the framework assesses how an organization treats and protects its employees, suppliers,
customers, and the public by considering topics such as:
— diversity, equity, and inclusion;
— working conditions;
— data (3.18) protection;
— privacy;
— customer satisfaction;
— local communities.
The governance component of the framework examines how an organization policy (3.57) itself – amongst other aspects
– through:
— tax strategy;
— executive remuneration;
— donations and political lobbying;
— corruption and bribery;
— board diversity and structure.
3.253.26
3.26
financial operations
FinOps
financial operations
set of practices aimed at bringing together finance, operations, and engineering teams within an organization
(3.53(3.54)) to manage and control spend on cloud services in a way that aligns with the objectives (3.50(3.51))
and priorities of the organization
Note 1 to entry: ITAM (3.38(3.39)) and FinOps are two distinct but interconnected concepts within the realm of IT
management. The connection between ITAM and FinOps lies in their shared objective of effectively managing IT
© ISO/IEC 2025 – All rights reserved
resources and controlling costs. Integrating these disciplines can lead to a more holistic and efficient approach to IT
financial management, especially in the context of cloud services.
Note 2 to entry: Key components of FinOps include:
— Visibility: FinOps emphasizes the importance of having visibility into cloud costs. This involves tracking and
understanding how resources are being utilized and what impact (3.34) they have on the overall budget.
— Accountability: FinOps encourages accountability by allocating costs to specific teams, projects, or departments. This
helps in fostering a sense of ownership and responsibility (3.63) among different stakeholders (3.71.).
— Optimization: Identifying opportunities to optimize costs is a crucial aspect of FinOps. This may involve rightsizing
resources, utilizing reserved instances, or leveraging spot instances to take advantage of cost savings.
— Governance: FinOps involves implementing governance policies (3.57) to ensure that cloud resources are used
efficiently and in compliance with organizational guidelines. This may include setting budget limits, implementing
tagging strategies, and establishing approval processes (3.59.).
— Collaboration: FinOps promotes collaboration between finance, operations, and engineering teams. This
collaboration helps in aligning financial goals with operational and business objectives.
— Continual improvement (3.14Continuous Improvement:): The cloud environment is dynamic, and FinOps is an
iterative process that involves continuouscontinual improvement. Regularly reviewing and optimizing cloud usage
based on changing business needs is a key element of FinOps.
Note 3 to entry: Following the definition of the FinOps Foundation (https://www.finops.org/) FinOps is performed by
working iteratively on the Framework Capabilitiesframework capabilities through three phases: Inform, Optimizeinform,
optimize and Operateoperate.
— Inform: During the Inform phase, FinOps activities focus on locating data (3.18) sources related to cloud costs, usage,
and efficiency. Utilizing this information for allocation, analysis, and reporting enables teams to enhance their
capabilities in budgeting, forecasting trends, establishing KPIs (3.43(3.44)) for benchmarking (3.10,), and creating
metrics (3.49) that unveil the business value of an organization's cloud expenditure.
— Optimize: In the Optimize phase, FinOps activities center around identifying opportunities to enhance cloud
efficiency using the data and capabilities developed in the Inform phase.
— Operate: In the Operate phase, FinOps activities involve executing organizational changes to operationalize FinOps,
utilizing the data and capabilities developed in the Inform and Optimize phases. This encompasses establishing cloud
governance policies, monitoring compliance, and empowering individuals through the creation of training programs,
team guidelines, and automation policies that align with organizational objectives (3.54.).
3.263.27
3.27
governance of organizations
human-based system by which an organization (3.53(3.54)) is directed, overseen and held accountable for
achieving its defined purpose
[SOURCE: ISO 37000:2021, 3.1.1]
3.273.28
3.28
governing body
person or group of people who have ultimate accountability (3.1(3.1)) for the whole organization (3.53(3.54))
Note 1 to entry: Every organizational entity has one governing body, whether or not it is explicitly established. When the
organization is not an organizational entity, the term governing group is the applicable where “governing body” is used
throughout this document.
© ISO/IEC 2025 – All rights reserved
Note 2 to entry: A governing body can be explicitly established in a number of formats including, but not limited to, a
board of directors, supervisory board, sole director, joint and several directors or trustees.
Note 3 to entry: ISO management system standards make reference to the term “top management” (3.77) to describe a
role that, depending on the standard and organizational context, reports to and is held accountable by, the governing
body.
[SOURCE: ISO 37000:2021, 3.3.4]
3.283.29
3.29
greenhouse gas
GHG
gaseous constituent of the atmosphere, both natural and anthropogenic, that absorbs and emits radiation at
specific wavelengths within the spectrum of infrared radiation emitted by the Earth’s surface, the atmosphere
and clouds
Note 1 to entry: GHGs include carbon dioxide (CO2), methane (CH4), nitrous oxide (N2O), hydrofluorocarbons (HFCs),
perfluorocarbons (PFCs) and sulfur hexafluoride (SF ).
[SOURCE: ISO 14064-3:2019, 3.1.1, modified — Note 2 to entry has been removed].]
3.293.30
3.30
greenhouse gas emission
GHG emission
release of a GHG (3.29(3.29)) into the atmosphere
[SOURCE: ISO 14064-3:2019, 3.3.2]
3.31 3.31
GHG removal
greenhouse gas intensity
GHG intensity
method to normalize total emissions attributed to a business by the amount of output or value created by the
business
Note 1 to entry: The ratio of emissions units divided by value created is most typically used in the manufacturing industry
but can even be applied to whole countries using gross domestic product (GDP) as the denominator. Similar comparisons
could be made between owned and hosted IT data centers using a denominator of utilized server capacity, data volume
handled, or end users served.
[SOURCE: OECD, EF 210-1.b – modified: Note 1 to entry added]
3.32
greenhouse gas removal
GHG removal
withdrawal of a GHG (3.29(3.29)) from the atmosphere by GHG sinks (3.32(3.33))
[SOURCE: ISO 14064-3:2019, 3.3.4], modified — The full form "greenhouse gas removal" has been changed to
an admitted term.]
© ISO/IEC 2025 – All rights reserved
3.303.32
GHG sink
3.33
greenhouse gas sink
GHG sink
process (3.59) that removes a GHG (3.29(3.29)) from the atmosphere
[SOURCE: ISO 14064-3:2019, 3.3.3], modified — The full form "greenhouse gas sink" has been changed to an
admitted term.]
3.313.33
3.34
hardware
physical equipment used to process, store, or transmit computer programs or data (3.18(3.18))
[SOURCE: ISO / /IEC / /IEEE 24765:20102017, 3.12781781]
3.323.34
3.35
impact
past, current, or future change, outcome, effect, or influence, whether adverse or beneficial
[SOURCE: ISO 32210:2022, 3.7]
3.333.35
3.36
information technology
IT
development, maintenance, and use of technology to acquire, process, store and distribute digital information
Note 1 to entry: This excludes the use of technology to acquire, process, store and distribute information which is not
digital, such as paper-based information. Examples which are excluded when not digitally captured are books, manuals,
manuscripts, and whiteboards. For the purposes of this definition, “digital” is equivalent to “electronic”.
[SOURCE: ISO / /IEC 19770-1:2017, 3.2224]
3.343.36
3.37
IT asset
item, thing, or entity that can be used to acquire, process, store and distribute digital information and has
potential or actual value to an organization (3.53(3.54).).
Note 1 to entry: IT assets include:
— software (3.68(3.69););
— media (physical and digital);
— IT equipment (physical and virtual);
— licenses (including proof of license);
— contracts; and
— ITAM system management assets (including ITAM systems and tools, and the metadata needed to manage all IT
assets).
© ISO/IEC 2025 – All rights reserved
Note 2 to entry: Services to meet ITAM (3.38(3.39)) requirements (3.61(3.62),), typically externally supplied, can also be
considered IT assets, such as cloud services, e.g. Infrastructureinfrastructure-as-a-Serviceservice (IaaS),
Platformplatform-as-a-Serviceservice (PaaS) and Softwaresoftware-as-a-Serviceservice (SaaS), hardware (3.33)
maintenance, software support, and training.
Note 3 to entry: Digital information content assets (3.20(3.20)) are files or other entities with information content, but
they are not considered software. For example, there may be collections of standards in digital form; media collections;
and credit agency rating information. Such assets (3.2) may be licensed, and therefore may benefit from being managed
using the discipline of IT asset management.
Note 4 to entry: Information per se, independent of IT hardware and software assets (3.69,), can be considered an asset
(3.2),, but it is not considered an IT asset.
Note 5 to entry: The collective set of IT assets is also referred to as the IT infrastructure (3.42(3.43).).
[SOURCE: ISO / /IEC 19770-1:2017, 3.2325, modified — Note 2 to entry has been reworded to include ot
...