10th Jan 2008
Starting out on a Software Asset Management project can feel
like a journey into the unknown… but it doesn’t have to be a high
risk venture.
A bit of shrewd project planning and a best practice approach,
based on the FAST Standard for Software Compliance and the new
ISO/IEC Standard for Software Asset Management, will give you all
the confidence you need to manage your risks, control your costs
and achieve competitive advantage.
Why standards matter
In any field of business, standards are a powerful tool. They
define important aspects of safety, reliability and quality and
enable organisations to operate in global markets. Standards
deliver market credibility and integrity by demonstrating an
organisation’s commitment to ‘product’ and customer service
excellence. They also help reduce costs and increase competitive
edge.
In the fast-moving world of IT, standards are essential and
impartial bodies like the BSI (British Standards Institute) play a
critical role in shaping the agenda. By offering access to
knowledgeable IT experts who are able to counsel on the key issues
governing technology today, the BSI is able to represent UK
interests across the full range of European/ International
Standards Organisations and their Working Groups.
As you might imagine, rolling out an IT Standard from inception
to resolution is a thought-provoking process that takes time,
effort and focus. In order to ensure that the end-product is fair
and just, international standards development follows a highly
regulated structure that must conform to rigorous processes and
methodologies.
Managing risk, reducing costs
If you’re in business, you’ll already know that Software Asset
Management (SAM) matters. Yet, while we all know that an effective
and smooth-running IT environment is essential if you want to
achieve optimum business performance and staff productivity, it can
be tricky to gain (and then maintain) control over your IT assets
unless you have a clear strategy and rigorous policies and
procedures to support you.
Back in January 2005 FAST and BSI Professional Services
teamed up to launch FSSC-1 (the FAST Standard
for Software Compliance v1). Created in the wake of research
showing that nearly half of all UK companies were
vulnerable to legal action (unlimited fines and up to 10 years
in prison for company directors) due to software
non-compliance, FSSC-1 was designed to eliminate legal
risks and improve business profitability.
Now, more than 3,000 FAST customers are well on
their way towards accreditation.
Understanding ISO/IEC 19770-1
Crafted by ISO (the International Organisation for
Standardisation) and IEC (the International Electrotechnical
Commission), who together create the framework for worldwide
Standardisation, ISO/IEC 19770 is all about helping organisations
to achieve a high degree of confidence about their ability to
manage risks, control costs and achieve competitive advantage.
ISO/IEC 19770 Part 1 (launched in May 2006) helps businesses
prove that they are performing SAM to a standard sufficient to
satisfy corporate governance requirements, and ensure effective
support for IT service management overall. Part 2, now coming into
force, will simplify and support the software inventory process by
standardising and formalising how software is labelled enabling
easier identification and reconciliation.
By providing an internationally-recognised benchmark for
organisation-wide Software Asset Management ISO/IEC 19770-1 enables
organisations to:
- Increase awareness of the importance of a
standardised IT (environment and processes)
- Improve IT environment and purchase volume
control
- Enhance internal processes for monitoring and
administrating installed software and licences
- Strengthen software forecasting and
budgeting
- Minimise over-licensing and remove
under-licensing
- Guard against prosecutions, lawsuits and
fines
- Prepare software inventories in advance of
potential mergers, de-mergers or acquisitions
However, the journey towards ISO/IEC 19770-1 compliance is not
without its challenges. If you want to be as prudent as possible
with the financial and people resources that have been allocated to
your software compliance project, you would be well advised to find
out more about introducing a best practice approach to SAM project
planning before you begin.
Expedition unknown!
Establishing a legally compliant software environment takes
time, energy, and laser-like concentration. Unfortunately, many
organisations considerably under-estimate the full scope of the
software compliance challenge and rush into their SAM programmes
without taking the time to do any risk analysis or contingency
planning - and that’s when it can start to get both expensive and
frustrating.
Coping with a company-wide SAM programme - especially one
that will eventually lead to ISO/IEC 19770-1 certification - is a
bit like preparing for long-haul expedition into unknown territory.
To succeed on a journey that may well throw up a few wild beasts
and some complicated team challenges along the way, you’ll need to
do ample preparation up front and then put in place a carefully
constructed journey plan with clear milestones!
In essence, the key steps in shrewd SAM project planning are
simply good business sense; if you want to be sure of reaching your
destination, you first need to be clear about where you want to get
to - and then build a detailed project plan that considers the
disciplines involved at every stage, as well as the potential
pitfalls and obstacles that may occur. That way, you’ll be
minimising the potential risks involved, making sure you keep to
your business aims and project objectives as you go, and giving
yourself the best chance of sidestepping any problems that do arise
before they have a chance to make a negative impact.
A SAM Gap
Analysis is the ideal tool for making sure that your project
towards ISO/IEC 19770-1 compliance stays on track. Properly
conducted it should pinpoint your essential steps to success
by:
- Carrying out a high-level review of your existing IT
infrastructure
- Identifying the critical vulnerability points and areas of
unmanaged risk in your business
- Assessing the potential gaps in your resourcing, budget, or
management information armoury.
By providing you with a perfect understanding of your
organisation’s software compliance start-point and then mapping
this analysis across into a bespoke project plan (which can be
reviewed at regular intervals against your business goals), a
risk-based SAM Gap Analysis will ensure that your company stays on
target to achieve a fully compliant software position that is
ISO/IEC 19770-1 ready.
Achieve your competitive edge
UK companies have paid more than £1.8 million in fines to the
Business Software Alliance for using unlicensed software and
more than £7.3 million has been recovered as a result of
FAST activities. Yet, in the same period, FAST research
has revealed that 41% of UK businesses are annually wasting
thousands of pounds through over-licensing.
The release of the ISO/IEC 19770-1 Standard is great news for
organisations who want to reduce their risks and increase their
competitive advantage… but it needs to be carefully combined with a
best practice approach to project planning if you want to get to
your end-destination as quickly and cost-effectively as
possible.