ISO/IEC 19770 Roundup – Report on the October 2013 WG21 Meeting in Dublin, Ireland

ISODUBLINThis update on ISO activity has kindly been provided by David Bicket. See previous updates relating to ISO here: https://www.itassetmanagement.net/category/isoiec-19770/


“The Working Group responsible for international ITAM and SAM standards (ISO/IEC JTC1 SC7 WG21) met in Dublin, Ireland from 30 September through 4 October 2013.

It was a productive meeting, with sixteen individuals attending in person, and another two attending remotely, with representatives from five national standards bodies (Ireland, Japan, Switzerland, UK, and US) and from three liaison organizations (BSA, DMTF, and itSMFI).

WG21 meetings are not intended to do detailed standards editing, but rather to advance work procedurally for which the detailed work is being done separately; to coordinate; and to consider new work. For the purposes of this report, it is easiest to summarize status by broad areas of work. Explanations of the different stages of standards development are available elsewhere, including in the document “ISS-N002 How ISO SAM Standards are Created” on 19770.org, and in the detailed ISO directives available at iso.org/directives.

Overview and Terminology

19770-5: The Editor reported on the progress of the successful DIS ballot (with no objections) to go forward to publication.  This is expected within the next few months.  A request has been made to JTC1 for this standard to be made freely available (i.e. downloadable for free), so we hope that it will be widely available to help market SAM/ITAM standards.

SAM/ITAM Process Standard

19770-1 Generation 2. ISO/IEC 19770-1:2012 is now in the market with tiers which make it more readily achievable by all organizations.  This standard is the basis of the BSA’s on-line training course ‘SAM Advantage’, plus the organizational certification called Verafirm Certified, which includes all of Tier 1 plus a limited number of additional requirements from other Tiers.

19770-1 Generation 3.  Work is starting on the next generation of this standard, led by the Japanese national body.  This is intended to be rewritten as a full Management System Standard in the same way as ISO 9001 (quality management), ISO/IEC 27001 (IT security management), and ISO 55001 (asset management).  This process is expected to take several years until publication.

SAM/ITAM Information Structure Standards

19770-2 SWID Tag: Market uptake of the ISO/IEC 19770-2 Software Identification Tag (‘SWID’ tag) is steadily increasing, with Microsoft for example now issuing SWIDs with its new products (Windows 8 was the first), and an increasing number of SAM/ITAM tools making use of this. A draft revision to this standard is nearly ready to go out for its first vote, incorporating enhancements to facilitate security automation – e.g. linking to vulnerability databases, and for integrity validation.  (The US government is expected to mandate SWID tags in its software purchases after this revision is published.)

19770-3 ENT Schema: Work on the Software Entitlement Schema (ISO/IEC 19770-3) has progressed, with further intensive work on-going with Committee Draft 2 expected to be sent for a vote by 15 December.  This standard has the potential to significantly reduce the effort required to manage licenses and the major compliance requirements associated with them.

19770-4 Resource Utilization Meter (‘RUM’): This is a new proposed standard, and part of the overall architecture of information structures needed to manage software and its utilization.  Initial work will be based on equivalent structures which IBM is already producing for many of its products.

19770-7 Tag Management:  This is a proposed Technical Report with guidance on how to use the information structures, in particular of 19770-2 and 19770-3.  Comments on the existing Working Draft are being resolved, but then the project will be placed on temporary hold pending the stabilization of 19770-2 and 19770-3.

19770-22 SWIDs and Cybersecurity: This is a new proposed Technical Report with guidance on how to use the revised SWID tag in cybersecurity.

Other

SC7 Study Group on “Emerging Software Asset Management (SAM) standard requirements”:  This survey has closed, and the results will be presented to SC7 at the Sydney meeting in June 2014.  One of the main findings is that we need better marketing of SAM and ITAM standards!

WG21 Strategic Plan: The WG21 Strategic Plan was reviewed and updated.  The latest version is available on www.19770.org.

Anyone interested in helping in the development or evangelism of international SAM standards should let us know via the contact form on the 19770.org website.

David Bicket”


If you would like to learn more about benchmarking your SAM practice against ISO/IEC 19770 please give me a shout ~ Martin .

email

Share this post:

Related Posts

Leave a Comment