ISO/IEC JTC 1/SC 7/WG 21 - Information technology asset management
Gestion de l'évaluation des technologies de l'information
General Information
This document specifies requirements and provides guidance for certification bodies providing audit and certification of an ITAMS in accordance with ISO/IEC 19770-1. It does not change the requirements specified in ISO/IEC 19770-1. This document can also be used by accreditation bodies for the accreditation of certification bodies. However, this document does not specify requirements or provides guidance for accreditation bodies to audit certification bodies. A certification body providing ITAMS certification is expected to be able to demonstrate fulfilment of the requirements specified in this document, in addition to the requirements in ISO/IEC 17021-1.
- Standard16 pagesEnglish languagesale 15% off
- Draft16 pagesEnglish languagesale 15% off
This document defines requirements, guidelines, formats and approaches for use when producing a mapping document that defines how industry practices map to/from the ISO/IEC 19770 series. This edition is focused solely on mappings to/from both the second edition of ISO/IEC 19770-1 that was published in 2012, or the third edition of ISO/IEC 19770-1 that was published in 2017. However, the title of this document is deliberately more general as it is expected that future editions of this document also include mapping frameworks related to other parts of the ISO/IEC 19770 series. In this document where reference is made to ISO/IEC 19770-1 without the specification of an edition number or a publication year, then the text applies to all editions of ISO/IEC 19770-1.
- Standard17 pagesEnglish languagesale 15% off
ISO/IEC 19770-1:2017 specifies requirements for an IT asset management system within the context of the organization. ISO/IEC 19770-1:2017 can be applied to all types of IT assets and by all types and sizes of organizations. NOTE 1 This document is intended to be used for managing IT assets in particular, but it can also be applied to other asset types. It can be suitable, in whole or in part, for managing embedded software and firmware, however its use for these purposes has not been determined. It is not intended for managing information assets per se, i.e. it is not intended for managing information as an asset independent of hardware and software assets. Certain types of data and information are covered, such as data and information about IT assets in scope, and depending on how the scope is defined, it can cover digital information content assets. See the Introduction for an explanation about IT assets. NOTE 2 This document does not specify financial, accounting, or technical requirements for managing specific IT asset types. NOTE 3 For the purposes of this document, the term "IT asset management system" is used to refer to a management system for IT asset management. ISO/IEC 19770-1:2017 is a discipline-specific extension of ISO 55001:2014, with changes, and is not a sector-specific application of that International Standard. ISO 55001:2014 is intended to be used for managing physical assets in particular, but it can also be applied to other asset types. This document specifies requirements for the management of IT assets which are additional to those specified in ISO 55001:2014. Conformance to this document does not imply conformance to ISO 55001:2014. ISO/IEC 19770-1:2017 can be used by internal and external parties to assess the organization's ability to meet the organization's own IT asset management requirements.
- Standard37 pagesEnglish languagesale 15% off
ISO/IEC 19770-4:2017 establishes specifications for an information structure to contain Resource Utilization Measurement information to facilitate IT asset management (ITAM). This document is applicable to all types of organization (for example, commercial enterprises, government agencies, and non-profit organizations).
- Standard38 pagesEnglish languagesale 15% off
ISO/IEC 19770-3:2016 establishes a set of terms and definitions which may be used when discussing software entitlements (an important part of software licenses). It also provides specifications for a transport format which enables the digital encapsulation of software entitlements, including associated metrics and their management. This common set of terms and associated transport format is intended to facilitate the management of software entitlements. The intended benefits of the better management of entitlements include easier demonstration of proof of ownership, cost optimization of the use of entitlements and easier license compliance management. Furthermore, one of the benefits of having a standard for entitlement structure is that it may encourage the normalization by industry of names for and the details of, different types of entitlements. A common lexicon is critical to standardization and shared understanding. The terms in this part of ISO/IEC 19770 should form a part of that lexicon over time. It should be noted that within this text, attributes of an XML entity will be denoted with angle brackets, . XML elements are noted with quotes, "Element". ISO/IEC 19770-3:2016 deals only with software entitlements, which are defined as the subset of software licenses that are concerned with usage rights. It is expected that the original documentation of licensing terms and conditions will be definitive for legal purposes, and will always take precedence over the Ent encapsulation. ISO/IEC 19770-3:2016 does not detail ITAM processes required for discovery and management of software (which is provided for in ISO/IEC 19770‑1) or software identification tags (as defined by ISO/IEC 19770‑2). ISO/IEC 19770-3:2016 does not consider identifying mechanisms for product activation. ISO/IEC 19770-3:2016 is not intended to conflict with any organization's policies, procedures and standards, or with any national laws and regulations. Any such conflict should be resolved before using this part of ISO/IEC 19770. In case the conflict cannot be resolved, the specification shall not be implemented.
- Standard62 pagesEnglish languagesale 15% off
- Standard62 pagesEnglish languagesale 15% off
ISO/IEC 19770-2:2015 establishes specifications for tagging software to optimize its identification and management. This part of ISO/IEC 19770 applies to the following. a) Tag producers: these organizations and/or tools create software identification (SWID) tags for use by others in the market. A tag producer may be part of the software creator organization, the software licensor organization, or be a third-party organization. These organizations and/or tools can broadly be broken down into the following categories. Platform providers: entities responsible for the computer or hardware device and/or associated operating system, virtual environment, or application platform, on which software may be installed or run. Platform providers which support this part of ISO/IEC 19770 may additionally provide tag management capabilities at the level of the platform or operating system. Software providers: entities that create, license, or distribute software. For example, software creators, independent software developers, consultants, and repackagers of previously manufactured software. Software creators may also be in-house software developers. Tag tool providers: entities that provide tools to create software identification tags. For example, tools within development environments that generate software identification tags, or installation tools that may create tags on behalf of the installation process, and/or desktop management tools that may create tags for installed software that did not originally have a software identification tag. b) Tag consumers: these tools and/or organizations utilize information from SWID tags and are typically broken down into the following two major categories: software consumers: entities that purchase, install, and/or otherwise consume software; IT discovery and processing tool providers: entities that provide tools to collect, store, and process software identification tags. These tools may be targeted at a variety of different market segments, including software security, compliance, and logistics. ISO/IEC 19770-2:2015 does not prescribe Information Technology Asset Management (ITAM) or other IT-related processes required for reconciliation of software entitlements with software identification tags or other IT requirements. ISO/IEC 19770-2:2015 is not intended to conflict either with any organization's policies, procedures or standards or with any national or international laws and regulations.
- Standard73 pagesEnglish languagesale 15% off
- Standard73 pagesEnglish languagesale 15% off
ISO/IEC 19770-5:2015 provides a) an overview of the ISO/IEC 19770 family of standards, b) an introduction to IT asset management (ITAM) and software asset management (SAM), c) a brief description of the foundation principles and approaches on which SAM is based, and d) consistent terms and definitions for use throughout the ISO/IEC 19770 family of standards. ISO/IEC 19770-5:2015 is applicable to all types of organization (e.g. commercial enterprises, government agencies, and non-profit organizations).
- Standard19 pagesEnglish languagesale 15% off
- Draft41 pagesEnglish languagesale 15% off
- Draft41 pagesEnglish languagesale 15% off
ISO/IEC 19770-5:2013 provides an overview of Software Asset Management (SAM), which is the subject of the ISO/IEC 19770 family of standards, and defines related terms. ISO/IEC 19770-5:2013 contains: an overview of the ISO/IEC 19770 family of standards; an introduction to SAM; a brief description of the foundation principles and approaches on which SAM is based; and consistent terms and definitions for use throughout the ISO/IEC 19770 family of standards. ISO/IEC 19770-5:2013 is applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit organizations).
- Standard17 pagesEnglish languagesale 15% off
ISO/IEC 19770-1:2012 establishes a baseline for an integrated set of processes for Software Asset Management (SAM), divided into tiers to allow for incremental implementation, assessment and recognition. ISO/IEC 19770-1:2012 applies to SAM processes and can be implemented by organizations to achieve immediate benefits. It can be applied to all software and related assets, regardless of the nature of the software, where related assets are all other assets with characteristics which are necessary to use or manage software. For example, it can be applied to executable software (such as application programs, operating systems and utility programs) and to non-executable software (such as fonts, graphics, audio and video recordings, templates, dictionaries, documents and data). It can be applied to all technological environments and computing platforms (e.g. virtualized software applications, on-premises or software-as-a-service; it is equally relevant in cloud computing as it is in older computing environments).
- Standard80 pagesEnglish languagesale 15% off
- Standard90 pagesFrench languagesale 15% off
ISO/IEC 19770-2:2009 establishes specifications for tagging software to optimize its identification and management. It applies to: Platform providers: These are the entities which are responsible for the computer or hardware device and/or associated operating system, or virtual environment, on which software can be installed or run. Platform providers which support ISO/IEC 19770-2:2009 additionally provide tag management capabilities at the level of the platform or operating system. Software providers: These are the entities that create (“software creators”), package (“software packagers”) or license (“software licensors”) software for distribution or installation. These include software manufacturers, independent software developers, consultants, and repackagers of previously manufactured software. They may also be in-house software developers. Tag providers: These are the entities that create (“tag creators”) or modify (“tag modifiers”) software identification tags. A tag provider may be part of the software provider organization, or may be a 3rd party organization or the software consumer. Tag tool providers: These are the entities that may provide any number of tools that create, modify or use software identification tags. These tools include development environments that provide automatically generated software identification tags, installation tools that may create and/or modify tags on behalf of the installation process as well as desktop management tools that may create tags for software that does not have a tag and/or modify tags with release details throughout the software lifecycle. Software consumers: These are the entities that purchase, install and/or otherwise consume software, and who are intended as the one of the major beneficiaries of the improved information provided by the software identification tag as specified in ISO/IEC 19770-2:2009. ISO/IEC 19770-2:2009 does not detail SAM processes required for reconciliation of software entitlements with software identification tags. It does not specify product activation or launch controls. It is not intended to conflict either with any organization's policies, procedures and standards or with any national laws and regulations. Any such conflict should be resolved before using ISO/IEC 19770-2:2009.
- Standard99 pagesEnglish languagesale 15% off
ISO/IEC 19770-1:2006 has been developed to enable an organization to prove that it is performing software asset management (SAM) to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. ISO/IEC 19770-1:2006 is intended to align closely to, and to support, ISO/IEC 20000. Good practice in SAM should result in several benefits, and certifiable good practice should allow management and other organizations to place reliance on the adequacy of these processes. The expected benefits should be achieved with a high degree of confidence: SAM should facilitate the management of business risks, cost control and give competitive advantages.
- Standard25 pagesEnglish languagesale 15% off
- Standard12 pagesRussian languagesale 15% off