ISO 19770
Encyclopedia
ISO/IEC 19770 is an international standard about Software Asset Management
(SAM) and consists of three parts.
(SAM) processes to enable an organization to prove that it is performing software asset management to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. This part of ISO/IEC 19770-1 describes the life cycle processes for the management of software and related assets.
This process starts with the software manufacturer/publisher who will use this standard to enable their software to be accurately identified, making the software significantly more manageable from a software asset management perspective. Providing accurate software identification data also improves organizational security, and lowers the cost and increases the capability of many IT processes such as patch management, desktop management, help desk management, software policy compliance, etc. This standard provides much more than just software identification however, by allowing other members of the SAM eco-system to add their own attributes to the software identification process (including who distributed the software, who may have re-packaged the software, if the software is following an ISO 20000 / ITIL release process, etc.).
SWID tags can also be created by software purchasing organizations. Tags can be created for commercial software that is purchased but does not include a SWID tag. SWID Tags can also be utilized to track software built in-house as well.
A draft of this standard was initially developed by a committee of the International Business Software Managers Association (IBSMA). The last version of the draft standard created by the IBSMA committee went out for public review in May 2007.
In October 2007, members of ISO/IEC Working Group 21 (ISO/IEC JTC 1/SC 7/WG 21) met in Montreal and created an "other working group" (OWG) to continue the development of the 19770-2 standard with the goal of finalizing the standard in time for the ISO Plenary meeting to be held in May 2008 in Berlin. At that time, Steve Klos of Agnitio Advisors, was appointed as the convener of the other working group (OWG). In late December 2007, the OWG was allowed to restart work on the standard.
According to the schedule ISO/IEC JTC1/SC7 plenary meeting took place in Berlin May 18 – 23, 2008. The JTC1/SC7 resolutions included appointment of Krzysztof (Chris) Baczkiewicz, IT Standards Support Department Manager for Eracent, as the Project Editor of both 19770-2 Software Identification Tag and 19770-3 Software Entitlement Tag standards.
This standard was finalized and published in November 2009.
As the document was nearing publication, a non-profit organization called TagVault.org was formed. The organization was formed under IEEE-ISTO
with the initial founding members being Symantec, CA and ModusLinkOCS. The organization will act as a registration and certification authority for ISO/IEC 19770-2 software identifiation tags (SWID Tags) and will provide tools and services allowing all SAM eco-system members to take advantage of SWID tags faster, with a lower cost and with more industry compatibility than would otherwise be possible.
TagVault.org continues to promote the use of the standard by commercial organizations and has been recognized for its service to the software community by ISO/IEC JTC1 SC7 WG21. TagVault.org received the Platinum Contributor award for its efforts today - see http://www.19770.org/news/5/Tagvault_receives_platinum_contributor_award/ for more details.
Many software discovery tools already utilize SWID tags. These products include: Altiris, Aspera License Management, CA Technologies discovery tools, HP's DDMI and Software Management Suite.
Adobe has released multiple versions of their Creative Suites products with SWID tags. Symantec has also released multiple products that include SWID tags and is committed to helping move the software community to a more consistent and normalized approach to software identification and eventually to a more automated approach to compliance (see http://www.tagvault.org/sites/default/files/SYMC%20ISO-IEC%2019770-2%20Position%20Statement%2012-2-2010.pdf).
The ISO/IEC 19770-3 Other Working Group ("OWG") was convened by teleconference call on 9 September 2008. Seven subcommittees were defined and a regular meeting schedule was chosen. The mandate for this OWG will extend through the May 2009 ISO/IEC Plenary conference. It is anticipated that a Final Committee Draft will be submitted by the OWG to WG21 at that time.
John Tomeny of Sassafras Software Inc was appointed as the convener of the ISO/IEC 19770-3 Other Working Group by Working Group 21 (ISO/IEC JTC 1/SC 7/WG 21). In addition to WG21 members, other participants in the 19770-3 OWG may be any "individuals considered to have relevant expertise by the Convener".
Software Asset Management
Software asset management is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization...
(SAM) and consists of three parts.
- ISO/IEC 19770-1 is a process framework to enable an organization to prove that it is performing software asset management to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall.
- ISO/IEC 19770-2 provides a software asset management (SAM) data standard for software identification tags.
- ISO/IEC 19770-3 will provide a software asset management (SAM) data standard for software licensing entitlement tags.
ISO/IEC 19770-1: Processes
ISO/IEC 19770-1 is a framework of Software Asset ManagementSoftware Asset Management
Software asset management is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization...
(SAM) processes to enable an organization to prove that it is performing software asset management to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. This part of ISO/IEC 19770-1 describes the life cycle processes for the management of software and related assets.
ISO/IEC 19770-2: Software identification tag
ISO/IEC 19770-2 provides a software asset management (SAM) data standard for software identification (SWID) tags. Software ID tags provide authoritative identifying information for installed software or other licensable item (such as fonts, or copyrighted papers).This process starts with the software manufacturer/publisher who will use this standard to enable their software to be accurately identified, making the software significantly more manageable from a software asset management perspective. Providing accurate software identification data also improves organizational security, and lowers the cost and increases the capability of many IT processes such as patch management, desktop management, help desk management, software policy compliance, etc. This standard provides much more than just software identification however, by allowing other members of the SAM eco-system to add their own attributes to the software identification process (including who distributed the software, who may have re-packaged the software, if the software is following an ISO 20000 / ITIL release process, etc.).
SWID tags can also be created by software purchasing organizations. Tags can be created for commercial software that is purchased but does not include a SWID tag. SWID Tags can also be utilized to track software built in-house as well.
A draft of this standard was initially developed by a committee of the International Business Software Managers Association (IBSMA). The last version of the draft standard created by the IBSMA committee went out for public review in May 2007.
In October 2007, members of ISO/IEC Working Group 21 (ISO/IEC JTC 1/SC 7/WG 21) met in Montreal and created an "other working group" (OWG) to continue the development of the 19770-2 standard with the goal of finalizing the standard in time for the ISO Plenary meeting to be held in May 2008 in Berlin. At that time, Steve Klos of Agnitio Advisors, was appointed as the convener of the other working group (OWG). In late December 2007, the OWG was allowed to restart work on the standard.
According to the schedule ISO/IEC JTC1/SC7 plenary meeting took place in Berlin May 18 – 23, 2008. The JTC1/SC7 resolutions included appointment of Krzysztof (Chris) Baczkiewicz, IT Standards Support Department Manager for Eracent, as the Project Editor of both 19770-2 Software Identification Tag and 19770-3 Software Entitlement Tag standards.
This standard was finalized and published in November 2009.
As the document was nearing publication, a non-profit organization called TagVault.org was formed. The organization was formed under IEEE-ISTO
IEEE-ISTO
The IEEE Industry Standards and Technology Organization is a Federation of Programs that accelerates and extends standards and/or technology development and adoption activities for technology industry consortia....
with the initial founding members being Symantec, CA and ModusLinkOCS. The organization will act as a registration and certification authority for ISO/IEC 19770-2 software identifiation tags (SWID Tags) and will provide tools and services allowing all SAM eco-system members to take advantage of SWID tags faster, with a lower cost and with more industry compatibility than would otherwise be possible.
TagVault.org continues to promote the use of the standard by commercial organizations and has been recognized for its service to the software community by ISO/IEC JTC1 SC7 WG21. TagVault.org received the Platinum Contributor award for its efforts today - see http://www.19770.org/news/5/Tagvault_receives_platinum_contributor_award/ for more details.
Many software discovery tools already utilize SWID tags. These products include: Altiris, Aspera License Management, CA Technologies discovery tools, HP's DDMI and Software Management Suite.
Adobe has released multiple versions of their Creative Suites products with SWID tags. Symantec has also released multiple products that include SWID tags and is committed to helping move the software community to a more consistent and normalized approach to software identification and eventually to a more automated approach to compliance (see http://www.tagvault.org/sites/default/files/SYMC%20ISO-IEC%2019770-2%20Position%20Statement%2012-2-2010.pdf).
ISO/IEC 19770-3: Software entitlement tag
ISO/IEC 19770-3 will provide a software asset management (SAM) data standard for software licensing entitlement tags. Software entitlement tags are computer files that provide authoritative identifying information about software licensing rights.The ISO/IEC 19770-3 Other Working Group ("OWG") was convened by teleconference call on 9 September 2008. Seven subcommittees were defined and a regular meeting schedule was chosen. The mandate for this OWG will extend through the May 2009 ISO/IEC Plenary conference. It is anticipated that a Final Committee Draft will be submitted by the OWG to WG21 at that time.
John Tomeny of Sassafras Software Inc was appointed as the convener of the ISO/IEC 19770-3 Other Working Group by Working Group 21 (ISO/IEC JTC 1/SC 7/WG 21). In addition to WG21 members, other participants in the 19770-3 OWG may be any "individuals considered to have relevant expertise by the Convener".