ISO/IEC 19770

From Wikipedia, the free encyclopedia
  (Redirected from ISO 19770)
Jump to: navigation, search

ISO/IEC 19770 is an international standard about software asset management (SAM) and consists of three main parts.

  1. ISO/IEC 19770-1 is a process framework to enable an organization to prove that it is performing software asset management to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall.
  2. ISO/IEC 19770-2 provides a software asset management data standard for software identification tags.
  3. ISO/IEC 19770-3 will provide a software asset management data standard for software licensing entitlement tags.

In addition, an overview document with an introduction and glossary for the ISO/IEC SAM standards and a technical report on tag management are being developed.

ISO/IEC 19770-1: Processes[edit]

ISO/IEC 19770-1 is a framework of Software Asset Management (SAM) processes to enable an organization to prove that it is performing software asset management to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. This part of ISO/IEC 19770-1 describes the life cycle processes for the management of software and related assets.[1][2]

A revision of this standard was published in 2012. This revised standard is designed to allow the implementation of SAM processes to be "accomplished in multiple increments and to that increment most suited to the needs of the organization."[3]

ISO/IEC 19770-2: Software identification tag[edit]

ISO/IEC 19770-2 provides a software asset management (SAM) data standard for software identification (SWID) tags. Software ID tags provide authoritative identifying information for installed software or other licensable item (such as fonts or copyrighted papers).

This process starts with the software manufacturer or publisher, who will use this standard to enable their software to be accurately identified, making the software significantly more manageable from a software asset management perspective. Providing accurate software identification data also improves organizational security, and lowers the cost and increases the capability of many IT processes such as patch management, desktop management, help desk management, software policy compliance, etc. This standard provides much more than just software identification however, by allowing other members of the SAM ecosystem to add their own attributes to the software identification process (including who distributed the software, who may have re-packaged the software, if the software is following an ISO 20000 / ITIL release process, etc.).

SWID tags can also be created by software purchasing organizations. Tags can be created for commercial software that is purchased but does not include a SWID tag. SWID tags can also be utilized to track software built in-house.

A draft of this standard was initially developed by a committee of the International Business Software Managers Association (IBSMA). The last version of the draft standard created by the IBSMA committee went out for public review in May 2007.

In October 2007, members of ISO/IEC Working Group 21 (ISO/IEC JTC 1/SC 7/WG 21) met in Montreal and created an "other working group" (OWG) to continue the development of the 19770-2 standard with the goal of finalizing the standard in time for the ISO Plenary meeting to be held in May 2008 in Berlin. At that time, Steve Klos of Agnitio Advisors was appointed as the convener of the other working group (OWG). In late December 2007, the OWG was allowed to restart work on the standard.

According to the schedule, ISO/IEC JTC1/SC7 plenary meeting took place in Berlin on May 18–23, 2008. The JTC1/SC7 resolutions included appointment of Krzysztof (Chris) Baczkiewicz, IT Standards Support Department Manager for Eracent, as the editor of both 19770-2 Software Identification Tag and 19770-3 Software Entitlement Tag standards.

This standard was finalized and published in November 2009.

As the document was nearing publication, a non-profit organization called TagVault.org[4] was formed under IEEE-ISTO[5] with the initial founding members being Symantec, CA Technologies, Microsoft and ModusLinkOCS. The organization will act as a registration and certification authority for ISO/IEC 19770-2 software identification tags (SWID tags) and will provide tools and services allowing all SAM ecosystem members to take advantage of SWID tags faster, with a lower cost ($500 per year for individuals, $1,500 and up for organizations[6]) and with more industry compatibility than would otherwise be possible.

TagVault.org continues to promote the use of the standard by commercial organizations and has been recognized for its service to the software community by ISO/IEC JTC1 SC7 WG21. TagVault.org received the Platinum Contributor award for its efforts today.[when?][7]

Some software installation packaging tools utilize SWID tags. These products include:

  • Caphyon's Advanced Installer
  • Flexera Software's InstallShield
  • Flexera Software's InstallAnywere
  • Open Source - WiX

Many software discovery tools already utilize SWID tags, including Altiris, Aspera License Management, CA Technologies discovery tools, Eracent's EnterpriseAM, Flexera Software's FlexNet Manager Platform, HP's DDMI and Software Management Suite, Microsoft's System Center 2012 R2 Configuration Manager.

Adobe has released multiple versions of their Creative Suites products with SWID tags. Symantec has also released multiple products that include SWID tags and is committed to helping move the software community to a more consistent and normalized approach to software identification and eventually to a more automated approach to compliance.[8]

The US Federal government has identified 19770-2 SWID tags as an important aspect of the efforts necessary to manage compliance activities, logistics and security. The 19770-2:2009 standard has been approved to be added to the US DoD Information Standards Registry (DISR) as an emerging standard in September 2012, which means that the DoD can start to specify that SWID tags as a desired requirement for software acquisitions today,[when?] and within 12 to 24 months after the DISR approval, the DoD will be able to transition the purchase requirements from desired to mandated.

ISO/IEC 19770-3: Software entitlement tag[edit]

ISO/IEC 19770-3 will provide a software asset management (SAM) data standard for software licensing entitlement tags. Software entitlement tags are computer files that provide authoritative identifying information about software licensing rights.

The ISO/IEC 19770-3 Other Working Group ("OWG")[9] was convened by teleconference call on 9 September 2008. Seven subcommittees were defined and a regular meeting schedule was chosen. The mandate for this OWG will extend through the May 2009 ISO/IEC Plenary conference. It is anticipated that a Final Committee Draft will be submitted by the OWG to WG21 at that time.

John Tomeny of Sassafras Software Inc was appointed as the convener of the ISO/IEC 19770-3 Other Working Group by Working Group 21 (ISO/IEC JTC 1/SC 7/WG 21). In addition to WG21 members, other participants in the 19770-3 OWG may be any "individuals considered to have relevant expertise by the Convener".[10]

As mentioned above, Krzysztof (Chris) Baczkiewicz of Eracent also holds the role of the Editor for the ISO/IEC 19770-3 standard.

References[edit]

External links[edit]