Why should ISO standards be of interest to any end user organization?
Peter Beruk: Standards are created to solve a problem. In the software asset management space, the problems are one of risk and cost associated with the management of IT assets. Contributors of ISO standards collaborate to create industry standard, globally accepted solutions, to these problems for end user organizations.
The issue for all organizations is that if you don’t or can’t properly manage your software, you are potentially:
- buying more licenses than you need and therefore spending more than you need to, or
- acquiring fewer licenses than you have deployed – creating risk for you should you be audited, including exposure to possible litigation from the vendors who own that software.
What was the significance of the first ISO SAM standard?
The first SAM standard – ISO 19770-1 – is about SAM processes and best practice. This standard focuses on helping you ensure you have adequate processes within the organization to help reduce risk and cost as much as possible. This standard covers areas like SAM policies and procedures, employee education, and how a company goes about acquiring, installing, managing, and ultimately retiring that software – what we call at 1E the software lifecycle.
So walk us through the subsequent two?
ISO 19770-2 is the software identification tag, and the project editor on that is Steve Klos with 1E. What this standard enables an end user organization is the ability to get the full and accurate name of the software product that you’re using directly from the publisher.
A good example of why this is necessary is with IBM software installations. Some catalogues will list IBM as IBM, some will list it as International Business Machines, some will list it is as IBM Corp, some will list it as IBM Corporation, meaning you suddenly have four different instances of IBM. Via this tag, the software identification tag normalizes those names (and other information about the product) because that information is coming directly from the publisher.
The other part of the equation is the software license entitlement. We all know that all vendors have different license metrics – which vary from product to product – and vendor to vendor. ISO 19770-3, which is the software entitlement schema, encapsulates the details of software entitlements, including the usage rights, limitations and metrics.
Jason Keogh of 1E is project editor of this particular standard. When an organization acquires software, it gets a license agreement and a contract that stipulates how the organization is legally allowed to use that software. This standard provides software publishers with a common way to encapsulate those license terms and metrics into the schema which will be provided to customers at the time of software delivery. Once vendors start leveraging that standard, which just published in April, 2016, it will enable automation allowing organizations to directly import specific licence metrics into their software asset management tool allowing for better accuracy and automation.
And what does that mean for the end user organization?
When publishers start supporting ISO 19770-3, it’s going to enable significant automation in software asset management – something that simply was not possible before these standards. You’ll have the normalized names and product information as to what you have installed, and then the entitlement information is going to show you what you have licenses for. Will it be push button compliance? Not quite. But it’s going to be information that is better and more accurate from the publisher than what you have today.
So these standards are something potentially quite game changing?
It is absolutely game changing. There are hundreds of thousands different permutations of license agreements. Compounding this, the typical organization has over 1800 different titles. Tracking this via a spreadsheet simply is not smart – or even possible anymore. Automation is a must and these standards start us down that path. As these standards are relatively new and require the publishers to support them, we encourage all organizations around the world to demand, while in procurement negotiations for software that vendors make these tags available if they are not already. This will help every organization more accurately track their software which will reduce their risks. On the SAM tools provider side, once they start seeing that market traction, they will move to ensure that their tools will also be able to consume that information like 1E AppClarity can do today.