(Part 3 of 3) In our previous blogs you could read how the new ISO standard moved from SAM to ITAM, and how it changed from ‘processes and tiered assessment’ to an ‘IT Asset Management system’. In this third, and last, blog we explain how the processes and tiers have been repositioned.
With the 2017 version of the ISO standard, and the change from ‘processes and tiered assessment’ to a ‘IT Asset Management system’, only three tiers remain. The management system is the basis and therefore not assigned to tiers.
The processes are repositioned and structured in a clearer and simpler way. Process requirements can no longer reference to different tiers. Tier 1 reflects the operation of SAM, tier 2 refers to the integration with the IT Asset Life Cycle, tier 3 shows the integration with adjacent functional management processes.
Note that executing the management processes and tier 1 are the responsibility of the ITAM team. Tier 2 and 3 reflect the interaction and integration of the ITAM team with existing processes and is a joint responsibility.
Tiers are now simply a groupings of processes, defined for simplicity of reference.
Tiers do no longer necessarily reflect the sequence in which processes have to be implemented.
Additional and updated requirements, new insights and technologies
With the change from ‘processes and tiered assessment’ to a ‘IT Asset Management system’ in the 2017 version of the ISO standard, and the emphasis lays on the management of the operation, rather than on the operation itself, the standard brings some additional and updated requirements.
Context of the organization (chapter 4)
- Understanding the organization and the needs and expectations of stakeholders (4.1 & 4.2).
- Determining and describing the scope of the IT Asset Management system (4.3).
Planning (chapter 6)
- More emphasis on the IT asset risk assessment & treatment (6.1).
- Creating a ‘Statement of Applicability’ which lists the objectives, with justification for inclusion and exclusion (6.2), this should, for completeness and communication, also include the description of the scope of the IT Asset Management system.
Support (chapter 7)
- Next to resources and competences, awareness (7.3) and communication (7.4) are now also required.
The operational section of the 2017 version of the ISO standard also shows that it has evolved with the trends of time, and brought new insights and refers to new technologies.
Operation (chapter 8)
- Outsourcing and services – management of cloud services (8.7).
- Mixed responsibilities between the organization and its personnel – managing BYOD (8.8).
Management of the operation (plan > do > check > act) and understanding and integrating with the organisation (awareness & communication) is the key to the successful implementation and execution of IT Asset Management! Risk management is a great tool to get commitment from management, and making a Statement of Applicability (including scope & objectives) will help you to enhance the ITAM maturity, and is a great communication tool as well.
Even more than before the ISO/IEC standard for ITAM is a very valuable framework to get and keep control on your SAM / ITAM practice!
More interesting blogs
- ISO/IEC 19770-1:2017 moving from SAM to ITAM
- Change from ‘processes and tiered assessment’ to an ‘IT Asset Management system’