A third version of the ISO standard for SAM is being developed. This article provides an overview of updates and how you can review the latest drafts and provide your feedback. If you have any questions please contact me.
New ISO/IEC 19770-1 Draft Updates
The ISO SAM process standard is being revised to cover full ITAM and to integrate with the standards for Information Security, Service Management, Quality Management and others.
This will be edition 3 of ISO/IEC 19770-1. The expectation is that the revised ITAM standard will formally be published in early 2017, but that it will be usable before then. The latest draft is available for public review and comment through 12 February.
Some notable features of this proposed revision are:
- The revision maintains continuity with the principles of edition 2, i.e. with the 2012 edition of ISO/IEC 19770-1. Any organization which has used edition 2 for self-assessment, improvement, or certification should find it easy to transition to edition 3.
- Improved Tiers. The revision continues the use of tiers, but has revised them to be more intuitive. There are now just three tiers, which are trustworthy data (as with edition 2); life-cycle integration; and optimization.
- Integrated Use with Other Standards. The revision is being rewritten using a new high-level structure and common wording required by ISO for every ‘Management System Standard’ (MSS). ISO 9001 (Quality Management), ISO/IEC 27001 (Information Security Management) and a number of others have already been revised and re-issued. ISO/IEC 20000-1 (Service Management) is also being revised at present. This new approach will facilitate the Integrated Use of Management Systems (IUMS – another ISO acronym). Particular focus is being given to ensure easy integration with Information Security Management and Service Management.
- Leveraging on Physical Asset Management. The revision uses as its basis a new standard for generic asset management (ISO 55001) which was developed primarily for physical asset management, but with the involvement of SAM/ITAM experts to ensure it was a suitable basis for ITAM as well.
- Addressing Additional Requirements for SAM and ITAM. The revision adds to ISO 55001 requirements to meet the special or more demanding characteristics of SAM and ITAM. In particular, these include controls over:
- Software, which has major exposures relating to possible unauthorized modification, duplication and distribution
- Complex organizational ownership/responsibility scenarios, such as for cloud computing
- Mixed organizational/personal responsibility scenarios, such as for BYOD
How to review and provide feedback
There are multiple ways of reviewing the draft and of submitting comments.
- The ‘Committee Draft’ is available for public review at http://isotc.iso.org/livelink/livelink/Open/17495669. The technical specification for it is available at http://isotc.iso.org/livelink/livelink/Open/17496551.
- Members of the public may review the draft and submit comments through 12 February via the British Standards Institution’s web site, using this URL: http://drafts.bsigroup.com/Home/Details/55799. This website requires registration, but otherwise anyone may submit comments using it.
- If you are a member of a national standards body (such as the BSI, ANSI, or DIN) or if you are a member of a liaison organization with the responsible ISO committee SC7WG21 (such as ISACA, itSMFI, IAITAM, SAMAC or TCG) you can submit comments via them. Such comments should be provided using the template that is available from http://isotc.iso.org/livelink/livelink/Open/16689282. Please note that recommendations for change need to be include specific replacement text; it is not sufficient simply to say that something should be ‘considered’ or ‘reviewed’.
- Tags: ISO/IEC 19770-1
About Martin Thompson
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.