In a previous blog about SAM processes I mentioned the Human Resources department (HR) as a major participant. Last week I met an HR Manager of a midsize company. Among other topics we talked about my statements regarding the role of HR in SAM processes. She appears to have a good relationship with the IT […]
It’s getting more and more common these days. An organization that makes use of Saas software of a particular vendor next to subscription and perpetual licenses from tht same vendor. As we’ve seen in the past the registration of the perpetual and subscription licenses were already quite some burden for the publishers and the vendors. […]
Although ISO19770 (IT asset management) is a relative young standard, it has been there since the SAM market started to be lively at the midst of the zeroes of the new millennium. Since a few years, I’m the delegated member of the Dutch National standards Body at the WG21-{WG21 is Workgroup 21 under SubCommission 7 […]
In the previous blogs in this series I described my favorite SAM Process model and organizational units that are involved. ISO 19770 is the standard that should support organizations to prove that their processes comply to globally accepted recommendations. Unfortunately, certification is not yet possible (see also ‘Although ISO 19770’ by my colleague Nico […]
After reading my previous blog in this series, for the observant reader the conclusion will be that managing software compliance requires a combination of SAM-tooling and processes, and not only the processes that are supported directly by the tooling. I introduced my favorite SAM process model and the SAM Core processes. In this subsequent blog, […]
Yesterday I had a meeting with a member of the Legal Department in our organization to discuss a number of issues in a (purchase) contract software. It struck me that the colleague had a good eye for all legal snags in the contracts when it comes to penalty clauses. In general, within a legal department […]
When you’re involved in IT&SAM in Europe you have probably heard of the new General Data Protection Regulation. In this post, I’d like to shine some light on how this new ruleset affects your job, and how you should adapt to it. When you’re in IT&SAM outside of the EC you will be affected (maybe) less. When you’re in an organization that’s acting global, and in the EC, you must navigate between various regulations that are valid in different parts of the world.
As SAM practitioners may involve internal staff, sometimes hired experts or employees of a SAM service provider, it’s of the highest priority to find out what role you have according the new GDPR. And at times there will be a combination of roles, between data processor and/or data controller.
First you need to know that the regulation started on May 18th of this year (2016) in Europe, and will be effective as of May 25th, 2018. In the meantime, organizations have time to adapt to the new regulation, train people, assign accountable and responsible. Last week I read that it was to be expected that between 26.00 and 74.000 new Data Protection Officers will need to be added in organizations, in the years to come.
As IT&Software Asset manager you’re using lots of data sources. Incorporated in some of these sources is personal information and other data that is subject to the new GDPR. And it doesn’t matter anymore if your part of the data controlling organization or a service provider, or any other function. If you’re handling GDPR affected data, you need to comply! (more…)
Many organizations struggle with software licenses and only few succeed in managing software compliance. Often the advice is to get the Software Asset Management processes properly implemented. But then many questions arise. Process models like ISO 19770 or ITIL-SAM identify processes but don’t provide support for specification and implementation. In a series of articles, I will discuss SAM processes and an approach to implement them.
Many, even most organizations, are periodically audited by software vendors. The huge amounts that must be paid for licenses and fines – which are, by the way, in many cases compensated by investments in new, unwanted software – are triggers to reflect. Some organizations choose ‘all you can eat contracts’ (expensive, but no risk for claims afterwards) or doing nothing (accept the cost for the short term and resolve the problem later; don’t cross the bridges before you come to them). The majority select a SAM tool vendor and have them their tool implemented. The implementation approach implies processes but, in fact, limited to the ability of using the software. I know many examples of organizations that after one year are frustrated by the tool and decide to select another tool. In most cases, this decision is not justified. The differences between tools are small and the results will likely be the same the next time. Probable conclusions are that input data is not reliable or SAM operators are not capable to process the data. In both cases implementing SAM processes may be the solution.
Following the first two parts in this series about the journey into SAM I want to talk a little more about the fact that you are only “as good as your information”. This means that when you want to have a reliable or effective SAM practice you first need to get the basic information fully reliable. And just gathering basic reliable information is one of the toughest jobs there is in SAM. So let’s see this step as getting your tickets and preparing your luggage.
Imagine that you want to know everything there is to know about the usage of your software and I really mean the nitty-gritty details. You’ll need to know everything about your infrastructure, your users, your connections or connectors and about the access policy for each software title. To be able to refine the details even more you need some more information, but let’s keep it as it is for now as it is a journey and we learn along the ride. (more…)
In my previous post I wrote on how to start with IT & Software Asset Management. I wrote that the most important thing was STARTING. And where to start is a big question for a lot of companies.
The easiest way to plan your journey in IT&SAM is having your current state of IT&SAM affairs checked. IT&SAM processes however, cannot be examined as ‘standalone’ processes. In fact being meta processes, they are strongly related to or even part of many business and IT processes, processes that most organizations have pretty well in place already.
Assessing your organization on the IT&SAM capabilities includes checking the relates processes. You’ll see that the results vary by IT&SAM component and related process. And that’s why it’s important to know your starting position. If you have the outcome of (more…)
Nederlands