Why you should add ISO 19770-3 to your RFP must have list

In April 2015 the International Standards Organization (ISO) released a new standard for the ITAM (19770) family of standards. ISO/IEC 19770-3 is a standard defining a schema for encapsulation of Software License Entitlements. We call records compliant with this standard “Ent Tags”.
In this blog you’ll learn:

1. How this standard can reduce risk for your company
2. How this standard can make License Management and Software Asset Management (SAM) easier in your organization and
3. Why you should add a requirement for software vendors to supply you with an ISO 19770-3 compliant “Ent Tag” to every RFP (and software purchase) from now on

What is ISO 19770-3?

The standard itself is intended to allow the details of a software license transaction to be recorded. It provides a schema to encapsulate things like “Vendor”, “Title”, “Edition”, “Metric” and “Quantity” for software license entitlements.

Who created ISO 19770-3?

Anything published by ISO has had a LOT of different people feed into it. Defining and publishing a standard takes years, with multiple teams providing input, corrections, review, etc. The person who coordinates this is called the “Convener” or “Editor” of the standard. I am the Editor for ISO 19770-3, so I know quite as much about it as anyone else – and although I am a contributor to the standard, there is no one author.
Dave Bicket of m-Assure, an ISO behemoth and someone who spent 13 years working in Enterprise Risk Services for Deloitte did the majority of the revamp which brought the standard to its published form. WG21 (ISO Working Group 21) is the team that Dave and I are part of, which has responsibility for all 19770 family standards. While the standard was being developed WG21 had active participation from employees of IBM, Microsoft, Symantec and other software publishing companies. IBM and Microsoft, in particular, did a lot of testing and validation of the standard. That doesn’t mean IBM and Microsoft implement the standard – it just means that some of their employees, who work with ISO, have worked on it and/or tested it.

How can it benefit me/my company?

Most companies today have significant challenges recording and understanding their Software License Entitlements – for a wide variety of reasons. ISO 19770-3 Ent Tags are intended to resolve the root cause issue: Software Companies to date have not had a standard way of recording the entitlements they have sold you.
That’s what ISO 19770-3 enables. It effectively allows software vendors to provide you with a standardized “Receipt” for the licenses your organization buys.
Once the vendor provides you with this type of Receipt:

1. The vendor can no-longer challenge the details of your license record (because they provided it)
   1. Today your records will be a mixture of details that have been interpreted by you, or by your SAM tool. No third party SAM tool (not even ours) is canonical. An ISO 19770-3 tag provided by the vendor of the software is canon.
2. You can trace the origin of any record to its original source
   1. Let’s say you buy 1,000 licenses of Product X. You give 200 copies to Business Unit 1 (Faco) and 800 to Business Unit 2 (Imagino). Faco and Imagino each get supplemental “child” tags recording the internal allocation, which include a reference to the original “parent” record.

6 years later, Imagino is divested and becomes a separate company. The vendor is contacted and asked if the 800 licenses can be allocated to the new legal entity. They (reasonably enough) ask for details of the original license for the 800 entitlements. You can trace that these 800 licenses were part of an allocation 6 years previously and provide the original Entitlement ID’s (EntID) of the parent. Each EntID is Globally Unique – so will never be repeated.

3. You have perfect clarity on what you are entitled to/licensed for
   1. Unlike relying on records from procurement systems or invoices which often lack the level of detail required to understand a software entitlement, ISO 19770-3 Ent Tags are designed to provide the required information. No more trying to figure out if 500 “Oracle” licenses mentioned on a receipt from 2009 are for the database or some other piece of software and are for Named User Plus or Concurrent User license types… all of the details will be in the Tag.
4. No more manual data entry
   1. When you record a license transaction today you often do so manually. Ent Tags mean the vendor has provided you already with all of the details – just import them! This also means
   2. You are no longer reliant on third party, non-canonical catalogs or repositories.
5. More freedom from SAM tool vendors
   1. Yes – 1E is a SAM tool vendor, but we think of our customers first. Customers don’t want to be locked into keeping the same, crappy SAM tool around forever – they want data portability. They want to move to AppClarity J. Seriously though – by using a tool that is ISO 19770-3 compliant, you can move your data into any other 19770-3 compliant tool with ease.
   2. Picking a SAM tool that is compliant with ISO 19770-3 (which AppClarity is) reduces your risk of picking a poor/sub-standard tool. If the tool is compliant, it can, by default, handle entitlement records for perpetual licenses, subscriptions, maintenance licenses, named user licenses, concurrent user licenses, resource based licenses (like Oracle Processor, MS SQL core-based licenses), literally ANY license type at all, with all associated Rights and Limitations.

So – with Ent Tags your risks are reduced and your processes for SAM are made faster and more accurate. Requesting that a vendor provides you with ISO 19770-3 compliant Ent Tags is entirely reasonable – it’s like asking a the Grocery store for a receipt when you buy groceries.
If the vendor refuses to provide you with an Ent Tag, they are increasing your risks, reducing the efficacy of your processes and slowing you down. They should really give you a discount for doing that, right?
Remember that every time you purchase software you have the ability to sway the behavior of the software vendor – more so than at any other time. Add a requirement for ISO 19770-3 compliant Ent Tags to your RFP’s. Request a discount if they refuse to provide same. Insist on getting one or the other.

Why haven’t all Software Vendors and SAM tool vendors switched to 19770-3 already?

Honestly – why would they? They don’t benefit, you, the software purchaser, their customer benefits – but they do not. If you are a software vendor you need to (slightly) modify your processes to support providing these tags. It’s easier to ignore them than to actively seek to do something just because it benefits customers. If you’re a vendor reading this and you’d like to change that, please reach out to me directly, I can show you just how simple it is to create and manage these Ent Tags.
If you are a SAM tools vendor, it may be that your tool is currently insufficient, it can’t encapsulate or manage all of the complexity which ISO 19770-3 can… therefore you’ll have to update your internal database schema and UI/API interfaces to facilitate the standard. If you have a sub-standard tool, it’s effort to make ISO 19770-3 work. Also, your customer base may move away from you if they are not locked in. AppClarity from 1E is fully compliant – so you know you’re in good hands. We are also confident that our user experience and additional features are such that customers will migrate to us rather than away from us… we think all tools vendors should have that attitude.

What wording should I add to RFP’s going forwards?

If you are procuring software through an RFP process, add wording like this to your RFP: Software License Entitlements for licenses purchased in this RFP must be provided in ISO 19770-3 (Ent Tag) compliant format.

Conclusion

That’s it. One line. Add it to ALL RFP’s. Use it with your resellers too – if they provide you with Tags it’s not quite as canonical as a Vendor, but it’s pretty good. The standard supports ANYONE creating a tag, the vendor, your reseller or you. There’s decreasing levels of authority with every step away from the vendor themselves though; only vendor originated tags are considered canonical.
Ask your resellers and your vendors to provide you with Ent Tags every time you purchase software, put the wording above into every RFP and make sure you’re using ISO 19770-3 compliant SAM tooling – you’ll be doing yourself and your organization a favor.