Change from ‘processes and tiered assessment’ to an ‘IT Asset Management system’
Last month, we published the first part of our series of blogs on "Moving from SAM to ITAM". In this second blog, we elaborate on the how the new ISO standard is designed as an IT Asset Management system.
The 2005 and 2012 versions of the ISO standard for SAM were merely an overview of all the processes involved, with their objectives and required outcomes listed. It is a very valuable framework to assess the maturity of the SAM operation and implement conform the ISO standard.
With the extension from SAM to ITAM, the 2017 version of ISO/IEC 19770-1 is designed to enable an organization to align and integrate its IT Asset Management system with related ISO systems like:
- ISO/IEC 20000 for IT Service Management;
- ISO/IEC 27001 for Information Security;
- ISO 55001 for Asset Management (non IT assets, like buildings, cars, etc.);
- ISO 73 for Risk management.
All of these standard have the same structure and chapter layout, where the emphasis lays on the management of the operation, rather than on the operation itself. The operational processes are still mentioned, and even structured in a clearer and simpler way, but the detailed outcome descriptions are missing, which makes the new version less descriptive. Instead, the new version really focusses on the way you manage your operation and lists requirements for the capabilities to establish policies and objectives, and processes to achieve those objectives.
The management system uses the Plan-Do-Check-Act (PDCA) model as a founding principle and process for continual improvement. The following elements need to be controlled in the PDCA-cycle:
Because the detailed outcome requirements are missing in the 2017 version of the ISO standard, which makes it less descriptive, the 2012 version remains valuable. The requirements of the older version can still be used for assessment of completeness and maturity, because we have mapped them to the processes of the new version.