This post is prompted by a thought provoking article posted in The ITAM Review. To quickly summarise, the author proposes 6 steps to get started on the SAM road, focussing your SAM efforts at delivering results fast, hence providing quick and good satisfaction.
The six proposed steps are:
1. Key Vendor Compliance – An ongoing view of compliance against your most important vendors
2. Accurate Asset Database – Maintain an accurate database of all company IT assets.
3. Software Reclaim – The proactive practice of removing unused software
4. Vendor Consolidation – Identifying feature or vendor overlap and removing redundancy
5. Software Catalogue – A dynamic portfolio of applications aligned to user requirements
6. Software Request System – The ability to fulfill new software requests in an automated fashion
ISO 19770-1 and Running Your SAM Department
I like the simple step approach, I’d be further inclined to re-dress the steps in line with ISO 19770-1 once that is re-published with the tiered approach to SAM, always assuming the republication follows along the lines of the 2010 consultative document.
Four tiers of Software Asset Management were proposed, with the intention of allowing companies to demonstrate quickly compliance with the standard, which then provides a roadmap to improved process.
ISO 19770 is expanded and commented upon at the very useful and informative 19770.org, which is where the following tier definitions can be found.
The four tiers in the 2010 consultative document were :
Tier 1: Trustworthy Data – Knowing what you have so you can manage it.
Tier 2: Practical Management – Improving management controls and driving immediate benefits
Tier 3: Operational Integration – Improving effeciency and effectiveness
Tier 4: Full ISO/IEC SAM conformance – Acheiving best-in-class strategic SAM.
My response and comment
My take on the 6 steps from ITAM Review, compared and contrasted in line with the ISO 19970-1 tiers, is thus:
Tier 1 Trustworthy Data – akin to step 2 Accurate Asset Database. Step 1 Key Vendor Management flows from this, I would say, rather than placing Key Vendor Management first.
I would suggest that you can’t manage your vendor, until you know what your vendor is really providing you with, and what you’re using. This information stems from having accurate information in some form of database. Improving the accuracy of this database will be an ever present goal, since things can move very quickly in the software implementation and installation world.
Tier 2 Practical Management – similar to step 3 Software Reclaim – this is correct and good, and means we’re immediately producing results that will further justify fuller provision of a SAM service.
Please note I include the word service here – the whole point of you undertaking SAM for your company is that results will be delivered that will do all three of
– improve your company’s bottom line, by not needing to over purchase extra unneeded software tools
– reduce risk exposure of incorrect asset management (important in today’s litigious age), and
– increase opportunities for work portability (if you know where a tool is used, and where there are spare licenses, work can be moved to other people with the tools, and if necessary spare tools can be provided
Tier 3 Operational Integration – this is pretty much an expansion on Tier 2, as such lines up with Step3 Software Reclaim (expanding to more tools) and Step 4 Vendor Consolidation.
Once you’ve embedded SAM process, you have the basics in place for providing a decent service. By now you’ll be starting to recognise duplication of tool capabilities, and will be wanting to select single tools for certain tasks. This has proved contentious in some areas of my organisation when I’ve attempted this, and can lead to religious wars between vendor-preferring camps. I’ve avoided this in the most part through logic, persuasion and empathy – not always successfully!. I would say a last resort is to use a “company mandate”, this relies on positional authority, and means you’ve lost the war, let alone an individual battle.
Tier 4 Full ISO/IEC SAM conformance is more of the same, yet the way this pans out will be extremely hard to achieve; take a look at the current ISO19770-1 standard (2006) – Tier 4 is essentially being compliant with all of the current standard, which has proved pretty impractical in most cases, even though this is a desire for all of us involved with Software Asset Management. I’d say that Steps 3 and 4 again apply here, only now you’re expanding this across every single tool and vendor you have, aiming for 100% coverage. That’s one of my criticisms of the majority of SAM comments, particularly from vendors, that 100% is required to avoid audit. This is pretty much impossible, though 100% for any one vendor can be practical, for a moment in time.
The ITAM review article Steps 5 Software Catalogue and 6 Software Request System go above and beyond the Tiers provisioned for in the revised ISO 19770-1, yet these are absolutely essential in providing a decent service to your company, namely your internal customers. Again, you’re doing SAM because maybe your company has been audited and doesn’t want the expense and hassle again, or they want to preclude an audit to avoid the expense and hassle. Rather than just “ticking the box” that you can demonstrate you’re in control of your assets, steps 5 & 6 turn that around into truer service provision, thereby increasing your value to yourself, your colleagues, and your company.