May 10, 2006 2:40 PM PDT

An end to the software police?

After months of delay, the ISO has finally published a standard for software asset management that may protect companies from legal and financial threats over licensing issues.

The International Standards Organization finally published its standard for software asset management on Monday.

In the last few years, software asset management (SAM) has become a key issue for companies trying to keep track of what tools they are using, how much they are paying in software licensing costs and, crucially, what they could save by better use of those assets.

The issue has been brought into sharper focus through the activities of the Business Software Alliance (BSA), the U.K.-based Federation Against Software Theft (FAST) and companies such as Microsoft that have made clear the penalties for companies that use improperly licensed software.

The new standard, called ISO/IEC 19770-1, is published jointly by the ISO and the International Electrotechnical Commission. It had been due for arrival this March, after missing its original 2005 release date.

Investors in Software is one of the organizations involved in the development of the standard, which it has been working on for four years.

The group said in a statement on its Web site: "The underlying justification for SAM is the need to apply good governance to software assets--without it, organizations could be subjected to significant risks, including legal and financial exposure."

Shawn Frohlich of IIS is delighted the standard has been finally accepted. "Until Monday night, companies had no way of establishing that they were properly managing their assets. They had no way of proving it. Now they do," Frohlich said. "There is a standard to work towards."

However, ISO has only published Part 1, which covers processes. The second part of the standard, covering tools, is expected later this year.

Part 1 is divided into risk management, cost control and competitive advantage.

For Frohlich, risk management is a key area. "You couldn't demonstrate a clean bill of health before," he said.

Risk management covers issues that could arise from improper licensing, such as interruption or deterioriation of IT services, legal and regulatory exposure and damage to public image.

It is the latter two areas that have focused CIOs and IT managers on software asset management. Businesses that have been caught infringing on software licenses have suffered high-profile, and often very expensive, humiliation at the hands of Fast and the BSA.

Frohlich believes both interest groups will welcome the new standard: "The BSA has already welcomed it, and I believe Fast is preparing something as well."

Neil MacBride, BSA's vice president of legal affairs, said in a statement that the organization is "delighted that the ISO has launched this standard, and we congratulate all those in the standards and software asset management community around the world who have worked so hard to bring this to fruition."

MacBride said it was a milestone in the global development of software management best practices and would help organizations of all sizes to ensure that they are fully software compliant and making best use of their software assets.

According to the ISO, the standard will "enable an organization to prove that it is performing SAM to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall."

Colin Barker reported for ZDNet UK in London.

See more CNET content tagged:
risk management, standard, asset, organization, information technology

6 comments

Join the conversation!
Add your comment
If only you use Open Sorurce exclusively,
...we wouldn't need things like this. Does anyone know of an all-open-source company?
Posted by jazzcat (4 comments )
Reply Link Flag
Free open source software is licensed
Free open source software is licensed, and organizations need to make sure they comply with those licenses just as they need to make sure they comply with any other kind of software license.

Free software is copyrighted. If you use Gnu/Linux and do not 100% comply with the GPL you are infringing the rights on the copyright holder, and the copyright owner/s can sue you (e.g. the free software foundation can sue you for using Gnu sotware and not complying with the GPL.
Posted by hadaso (468 comments )
Link Flag
Free open source software is licensed
Free open source software is licensed, and organizations need to make sure they comply with those licenses just as they need to make sure they comply with any other kind of software license.

Free software is copyrighted. If you use Gnu/Linux and do not 100% comply with the GPL you are infringing the rights on the copyright holder, and the copyright owner/s can sue you (e.g. the free software foundation can sue you for using Gnu sotware and not complying with the GPL.
Posted by hadaso (468 comments )
Link Flag
CNet misprint: It's ISO/IEC 19770-1:2006
Information technology -- Software asset management -- Part 1: Processes is ISO/IEC 19770-1:2006, not 17990-1 as stated in the article. More info at <a class="jive-link-external" href="http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=33908&#38;ICS1=35&#38;ICS2=80&#38;ICS3=#top" target="_newWindow">http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=33908&#38;ICS1=35&#38;ICS2=80&#38;ICS3=#top</a>
Posted by (2 comments )
Reply Link Flag
Thanks for the catch
Sorry for the typo that caused this confusion, and many thanks for pointing out the error.
Posted by KarenSaid (17 comments )
Link Flag
Piracy=Symptom. Standards=Great BUT, recognize & treat the disease first.
While I believe that ISO standards are a great step toward more effective compliance, the core message we should pick up is not that someone is setting standards for technology asset management processes but that too few companies will actually perform those processes.

You see, processes for effectively managing the entire life cycle of IT assets have existed for quite some time. Those processes, most of which we within The Business Technology Consumer Network have been teaching for six to eight years, are already here and pretty well broken out. The problem isnt in the processes: The problem is that, in a majority of cases, IT asset management has yet to be interpreted into language that is compatible with executive management goals &#38; initiatives. As a result, effective management of technology assets remains on the back burner of corporate prioritieseven when folksre offering $200,000 rewards for reporting your company for piracy.

Essentially, this means that, until ownership and management get on board--no, I mean, REALLY get on board--it simply isnt going to happen. Codifying standards through the ISO might bring a few more companies closer to managing tech--but no more so than all of those punitive copyright laws and enforcement confrontations have managed.

We need to convince management that controlling the IT portfolio is the only cure for nearly all of the ITAM disease symptomsfrom piracy, to copyright violations, to poorly negotiated agreements, to heightened patch management expenses, to near zero ROI, to unfavorable support &#38; maintenance agreements, even to many failed implementations. The money we are collectively throwing away when we fail to control the life cycles of technology assets is massive compared to the peanuts we lose in non compliance or piracy litigation events.

It is great that ISO has begun formalizing and communicating its own process guidelines. However, guidelines are virtually useless if the individuals being guided refuse to reach out and grab onto the guideline. Obviously there is much more to all this than I could possibly place in this brief comment. The bottom lines are this:

1.) Only executive management can establish and enforce the expectation that standards or standard processes will be adopted and followed, (and)&
2.) Only when companies of all sizes fully realize how much scarce revenue they are literally throwing away by not managing their tech assets&
--- Only then will we even begin to gain momentum in our efforts to cut costs, improve services, enhance tech ROI, and avoid non compliance.

You are welcome to contact me with questions.

With Respect,
Al Plastow
Founder,
The Business Technology Consumer Network
aplastow@biztechnet.org
Posted by BizTechNet (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.