The ISO 19770-1 standard: A guide to implementing IT asset management
If you’ve tried to implement IT asset management (ITAM), you know how complex a project it can be. Management buy-in for ITAM can be hard to get. Finding the skills and talent to implement a new program can seem like an endless search.
Whether your organization could use a defined ITAM strategy or you have multiple competing strategies, it can be tough to find the right path forward.
Which is where the newly updated IEC/ISO 19770-1 enters the picture. This international standard draws up an ITAM model that helps organizations build an effective IT strategy on trustworthy data and mature processes so they can make better business decisions about their IT assets.
Here’s an overview of the ISO 19770-1 technology asset management standards to help you get your ITAM program in place and in line.
What is the ITAM ISO standard?
This ISO standard provides best-practice guidelines for ITAM, establishing policies that organizations need to gain insight into which technology supports their overall IT strategy, reduces costs, and supports productivity. With ITAM in place, organizations can make better technology decisions, and build strong, repeatable processes for managing the lifecycle of all IT assets.
ISO 19770-1 first arrived in 2006 as a software asset management standard. ISO recognized the complexities and challenges involved and saw that there was a gap in the market. By creating this standard, it put together policies and procedures to help drive compliance and control.
Six years later, the standard was updated, but not dramatically – the changes focused on the accreditation process.
Most recently, in December 2017, ISO introduced three major changes to the standard:
- It changed from a software asset management (SAM) standard to an ITAM standard governing all assets, from hardware to software to people.
- The standard, which previously had three categories, now has seven, encompassing risk management, security, and other areas that have grown in importance.
- The standard is now closely aligned to other ISO standards, including IEC/ISO27001 Information Security Management System and IEC/ISO20000 Service Management, specifically around the treatment of IT risks and the implementation of Service Delivery processes. This means there should no conflict with existing policy and procedure.
The switch from SAM to ITAM was driven in large part by acknowledging that SAM can’t be done in a silo. Good SAM depends on a holistic understanding of digital assets, so by refocusing the standard, it can better cover an organization’s full spectrum of IT and lead to better management and better decision-making.
How the ISO 19770-1 standard can improve your policies and processes
There are a number of benefits to using this ITAM ISO standard to refocus your program, including the following:
- Understanding what software and hardware you have. Many organizations don’t know all the devices on their network or all the software their employees use every day. Are you one of them? By implementing the best practices from ISO, you’ll be able to get a handle on what you’re paying for and what you’re using, which sometimes don’t line up and need to be reconciled.
- Controlling costs. By knowing what you have and what you need, you can avoid waste and right-size your hardware and software to what your users actually need to do their jobs. Working from the ISO standard also enables you to better plan budget and anticipate costs.
- Identifying risks. Compliance is often a main driver of ITAM programs, and following the ISO 19770-1 framework and processes can mitigate risk. Go from being under the threat of audits to confident you can invite manufacturers to review your assets, knowing you’re covered.
Start refocusing your ITAM processes
Having principles to work toward and embedding best practices allows end users to get software and hardware as needed, with compliance as a byproduct.
This is a watershed moment for ITAM, now that the international standard has expanded from just software to all technology. But as you implement it, you’ll inevitably hit obstacles.
From resource availability and senior management buy-in to the complexity that BYOD and cloud can add to the mix, implementing this ISO standard can be complicated. Every organization needs a program customized to its own needs. SHI’s ITAM Maturity Assessment can help in this regard. It looks at the current state of an organization’s ITAM processes, and identifies and prioritizes vulnerabilities, so it can develop a customized implementation plan.
The benefits of implementing ISO 19770-1 far outweigh the efforts to implement. This is an opportunity to dedicate time and effort in 2018 to audit-proofing your organization, getting your IT assets under control, and realizing cost savings as you adopt best practices.
If you need help figuring out how to best apply the ISO 19770-1 standard to your organization, contact your account executive.
Stuart Dicken contributed to this post.