SAM Standards round up from Dave Bicket

18 June 2012
4 minute read
Best practice

SAM Standards round up from Dave Bicket

18 June 2012
4 minute read

‘WG21’, the working group that drives development of the SAM standard, met in Jeju Island, Korea in May. This article is an abridged summary provided by Dave Bicket.

Enter Dave Bicket…

“The Working Group responsible for international SAM standards (ISO/IEC JTC1 SC7 WG21) met in May. It was a productive meeting, with ten individuals attending in person, and another five attending remotely, with representatives from seven national standards bodies (Denmark, India, Ireland (new!), Japan, Poland, UK, and US) and from three liaison organizations (BSA, IAITAM, and itSMFI).

Discussions were held related to the next face-to-face meeting of WG21 which will be in Palm Springs, California, USA 10-12 October, hosted by IAITAM in conjunction with the IAITAM annual US conference 17-19 October. There are also plans for a meeting on 16 October open to all to solicit views about “Emerging Software Asset Management (SAM) standard requirements”. Likewise, there is expected to be the first Annual General Meeting of the International SAM Standards User Group (ISSUG) after the open meeting, for those interested.

Click to Enlarge

SAM Process Standards (19770-1)

The first edition of the SAM process standard (ISO/IEC 19770-1) published in 2006 has been revised to provide four separate tiers, and has successfully passed all of its votes. ISO/IEC 19770-1 2012 available here.

SAM Tagging Standards (19770-2)

Market uptake of the ISO/IEC 19770-2 Software Identification Tag (‘SWID’ tag) is increasing, with the US government being particularly involved because of its security uses. Microsoft is the most recent publisher to announce support, most major installers now support SWID tags, and increasing numbers of software tools are also supporting SWID tags. There is further to go, and end-users are encouraged to ask all publishers to support the tags. See, for example, the open letter.

Approval was obtained in Korea from SC7 for a New Work Item submission to create an Amendment to ISO/IEC 19770-2 to formalize some of the desired enhancements identified over the last several years, e.g. to facilitate its use for improved security automation.

Software Entitlement Tags (19770-3)

Work on the Software Entitlement Tag (ISO/IEC 19770-3) is well advanced. It is expected that the 2nd Committee Draft of this standard will go out for vote and comments within the next two months.

Overview and Terminology (19770-5)

19770-5 should go out as a Draft International Standard for vote and comments within the next two months.

Embedded Software Tag (19770-6)

Preparatory work is proceeding on the Embedded Software Tag (conceptually the equivalent of ISO/IEC 19770-2 for embedded software). It is expected that the formal submission for vote on the New Work Item Proposal will happen within the next several months.

Tag Management Guidance (19770-7)

Work on Tag Management guidance is progressing, and it is expected that the second Working draft of this standard will go out for comments within the next four months.

Mapping ISO/IEC 19770 to other Frameworks (19770-8 tentative)

A call to national bodies had previously been made “to identify existing proprietary and industry-based schemes to be mapped to ISO/IEC 19770-1.

Candidates at present is the following:

  • Best Practice Library (from the International Association of IT Asset Managers)
  • CobiT v5 (from ISACA/ITGI)
  • IT Infrastructure Library (ITIL)
  • SAM Optimization Model (from Microsoft)
  • SAM Standard and Evaluation Criteria, (from The Association of SAM Assessment and Certification, Japan)

Work on these mappings will progress over the next several years. (Note that there is some limited mapping guidance in Annex C of ISO/IEC 19770-1:2012, but this is expected eventually to be superseded by the more detailed work indicated here.)

SAM for small organizations (19770-11)

Approval was obtained in Korea from SC7 for a New Work Item submission for “Guidelines for the application of ISO/IEC 19770-1 for small organizations”, to become ISO/IEC 19770-11.”

Full write up from Dave Bicket here.

Can’t find what you’re looking for?