User:Jjgw/sandbox

From Wikipedia, the free encyclopedia
Jump to: navigation, search
  • Risk management: for example mitigating interruption or deterioration of IT/services; legal and regulatory

exposure,[1]

  • Cost control: reduced direct costs of software and reduced direct costs of software, related assets (see

Field of application clause for a description of related assets) and ongoing support costs and contracts;

  • Competitive advantage: better business decisions and satisfaction from trustworthy data always at-hand.
  • Discover and identify installed software for purposes of security management: It is a requirement of security management to identify the assets within the scope of the information security management system.[2]
  • Limit overhead associated with managing and supporting software by streamlining and/or automating IT processes (such as inventory tracking, software deployment, issue tracking, and patch management).
  • Establish ongoing policies and procedures surrounding the acquisition, documentation, deployment, usage and retirement of software in an effort to recognize long-term benefits of SAM[3]

A revision of this standard was published in 2012. This revised standard is designed to allow the implementation of SAM processes to be "accomplished in multiple increments and to that increment most suited to the needs of the organization."[4]


  1. ^ International Standard ISO/IEC 19770-1 (2006-05-01). "Information technology — Software asset management-- Part 1: Processes". International Organization for Standardization and International Electrotechnical Commission: viii. 
  2. ^ International Standard ISO/IEC 27001 (2005-10-15). "Information technology — Security techniques — Information security management systems — Requirements". International Organization for Standardization and International Electrotechnical Commission: 4.  . Clause 4.2.1 c) 1).
  3. ^ "Microsoft Software Asset Management: Step-by-Step Training - Step 4". Microsoft. Retrieved 2008-03-19. 
  4. ^ International Standard ISO/IEC 19770-1 (2012-06-13). "Information technology — Software asset management-- Part 1: Processes and tiered assessment of conformance". International Organization for Standardization and International Electrotechnical Commission: vi.