The ISO/IEC 19770-1 Standard: A Conversation with ISO’s Current ITAM Standards Committee Chair

Software tools are an integral and undeniable asset of modern business. The largest organizations sometimes manage more than 1,000 software publishers and software spend is a major portion of IT budgets. With software usage on the rise, organizations are taking newfound interest in getting set up with effective software asset management (SAM). Not only does SAM help with managing security and reducing IT costs, it also helps prepare organizations to embrace future technology innovation that will support business growth.


First developed in 2006, and most recently revised in 2017, the IT asset management (ITAM) standard, ISO/IEC 19770-1, establishes best practices and guidelines to help businesses take a structured approach to SAM that supports company goals.

BSA Verafirm spoke with the International Standards Organization (ISO) IT Asset Management committee chair, Ron Brill, about the standard and how it can help businesses address key challenges around ITAM/SAM.

Why Is the ISO/IEC 19770-1 Standard Needed?

The creation of an ISO standard for ITAM, by itself, established the importance and global recognition of ITAM as a key IT competency. Ron noted that “Many of the challenges organizations face related to ITAM stem from a lack of awareness by executive management for what ITAM is and why it is a pivotal competency.” Many ITAM/SAM programs are under-funded, operate in a silo, or are limited to a few tactical activities such as audit defense — if the program exists at all. But effective ITAM/SAM forms the foundation of both strong IT security and many cost-saving measures when executed well.

ISO’s ITAM Standards Committee is an invaluable forum for global experts to come together to exchange ideas and bring ITAM best practices to the fore. At its core, the ISO/IEC ITAM standards provides global businesses with:

  • Common global terminology for all ITAM practitioners and stakeholders;
  • Best practices around a management system framework for an organization’s ITAM function;
  • A common “measuring stick” for the relative ITAM maturity of organizations;
  • A common data schema for the capture and exchange of ITAM-related data between software publishers, SAM tool vendors, end-user organizations, and service providers; and
  • An understanding of the foundational nature of ITAM in support of other IT functions and other standards, governance frameworks, and regulatory requirements which are dependent on ITAM.

What Changed in 2017?

Development of the 2017 edition of the ISO/IEC 19770-1 standard was led by David Bicket, Yoshinori Takahashi and Jintaro Shinoda. This third update of the standard was focused on the overall management system, unlike previous editions. ISO/IEC 19770-1 was completely re-written to conform to the ISO “Management System Standard” (MSS) format, which “specifies repeatable steps that organizations consciously implement to achieve their goals and objectives.”

In doing so, the standard no longer operated in a silo and could be jointly implemented alongside other ISO standards, which are in the MSS format, such as ISO/IEC 27001 for Information Security. Ron pointed out that “This feature is very helpful to organizations given the significant overlap in requirements between the two standards.”

What Are the Benefits of Applying SAM/ITAM Best Practices?

The ISO/IEC 19770-1 standard is a culmination of experiences of many organizations and represents proven approaches for SAM/ITAM. As software licensing rules expand and the number of evolving technologies and operating environments grow increasingly complex, taking a best practice approach is becoming increasingly necessary and allows business to reap multiple benefits.

When done effectively, SAM can result in double-digit savings in an organization’s annual software spend. Ron shared with us the story of a Fortune 50 organization that achieved thirty percent cost savings on their software spend as a result of their SAM program. These cost benefits can be realized by optimizing software spend, reducing shelf-ware and being able to negotiate with software vendors from a position of knowledge.

From a risk mitigation perspective, benefits include ensuring software license compliance, avoiding audit surprises and unplanned expenditures, and having greater control over IT assets. Bringing ITAM best practices to your organization through ISO/IEC 19770-1 allows you to get ahead of the curve, making your business agile, compliant, and effective.

The Role of Certifications in Advancing International Standards

Ron noted that certification plays a critical role in the industry. “Much like the standards, which underlie them, certifications validate the SAM domain and serve to educate on best practices and promote consistent terminology and interoperability,” Ron said.

Further, “of the various SAM certifications available on the market today,” Ron said, “the BSA SAM training and certification is unique in that it is the only one that is 100% structured around — and compliant with — the ISO/IEC 19770-1:2017 standard.”

Planning, building, operating, and continuously improving a SAM system are skills that every organization needs. Find out more about bringing ITAM best practices to your business and what is included in the BSA Verafirm SAM Certification program.

Back to all posts

Subscribe Here!

Recent Posts