Develop the Organizational Management Checklist

Software asset management begins with organization support, in the form of authority to implement and enforce the program for the organization. The outcomes for a control environment for SAM identified are:

• Corporate governance process
• Roles and responsibilities
• Policies, processes and procedures
• Competence

Corporate Governance

Formal recognition for the governance of software and related assets is emphasized, along with the development of the policies that are the foundation for any successful SAM program. Governance is tied closely to the assessment of risk in the standard so that the relationship between the program and the purpose it serves (reducing risk) is clearly defined at the corporate level. No statement of authority is complete without clarifying the scope and responsibilities to go along with that authority and a checklist developed from the standard would ensure these essential elements are part of the organizational statement.

Roles and Responsibilities

The owner for SAM responsibilities is the next facet of organizational management required by the standard, assuring that an individual has been identified who will develop management goals for SAM and then develops a plan to execute on those goals. The standard highlights the importance of planning and identifying the resources to complete it. The standard completes the identification of responsibilities with the need to measure and to communicate results against the plan.

Policies, Processes and Procedures

This section of the standard addresses the structure that is necessary to develop the rules and documentation that are the foundation for software asset management. Policies are the essential governing document, identifying the responsibilities of each individual in the organization regarding assets and their use. Processes are defined by outcomes, while procedures are the tasks that accomplish those outcomes. Although the standard does not list all policy topics necessary for a SAM program, it does specifically mention the importance of:

• Corporate governance and the responsibilities of software and related asset management
• Compliance to legal and regulatory requirements
• Rules guiding procurement
• Requiring approvals
• Enforcement for violation

Competencies in SAM

The control or structure section of ISO 19770 ends with a set of outcomes directed at ensuring that the individuals responsible for software asset management have the training and certifications necessary to perform the work. Education on licensing is mentioned as software manufacturer-specific and mentions the need to understand what constitutes “proof of licensing” for each software manufacturer.

Planning

The organizational management describes the planning and implementation processes for SAM. Focus is placed on the structure for software asset management that is necessary for goal achievement. The relationship to the well-known planning elements of ISO 9001 is clear and referenced in the document.

Of special note in this section is the acknowledgement of the value of automation, ensuring that processes are efficient and less error prone.

Implementation

Implementation structure is presented as the mechanisms for collecting information and reporting through regular status reports. With the depth of structure already described in this standard as well as other standards for project planning, there is little to add regarding implementation that has not already been covered. ISO 19770 refers to local SAM owners throughout the document, a practical addition to the standard since software asset management responsibilities are often distributed by location for today’s multi-location and multi-national corporations.

Monitoring and Review

Monitoring includes the evaluation of everything developed to perform software asset management, auditing the structural elements for efficacy at meeting the management objectives for SAM. It establishes the requirement for periodic review, approval by the SAM owner and notes the possibility that service level agreements need to be considered during this process.

Continual Improvement

This section recognizes the importance of cyclical review and improvement, requiring a mechanism to collect and document suggestions throughout the year.