Many organizations struggle with software licenses and only few succeed in managing software compliance. Often the advice is to get the Software Asset Management processes properly implemented. But then many questions arise. Process models like ISO 19770 or ITIL-SAM identify processes but don’t provide support for specification and implementation. In a series of articles, I will discuss SAM processes and an approach to implement them.
Why SAM processes?
Many, even most organizations, are periodically audited by software vendors. The huge amounts that must be paid for licenses and fines – which are, by the way, in many cases compensated by investments in new, unwanted software – are triggers to reflect. Some organizations choose ‘all you can eat contracts’ (expensive, but no risk for claims afterwards) or doing nothing (accept the cost for the short term and resolve the problem later; don’t cross the bridges before you come to them). The majority select a SAM tool vendor and have them their tool implemented. The implementation approach implies processes but, in fact, limited to the ability of using the software. I know many examples of organizations that after one year are frustrated by the tool and decide to select another tool. In most cases, this decision is not justified. The differences between tools are small and the results will likely be the same the next time. Probable conclusions are that input data is not reliable or SAM operators are not capable to process the data. In both cases implementing SAM processes may be the solution.
The SAM Process Model
The first question is which processes we are talking about. Many methods (e.g. ISO, ITIL) and consulting firms designed process models to answer this question. They are quite similar and most will satisfy. I prefer the model below. This model comes close to the new ISO 19770 model, which will be the topic of a next blog in this series.
SAM is strongly related to other domains, e.g. IT, Procurement and Finance. In fact, only a few processes are real SAM. Most processes, which together form the SAM process model, are subject to other domains.
SAM Core processes
The SAM Core processes are depicted in the center of the model. Core Data Management is all about gathering reliable data regarding contracts and licenses (entitlement) and usage (deployment). License Management processes the data in order to determine and optimize the software compliance position. Operational License Management may be a License Desk or a portal, where employees can request licenses.
Most SAM tools support the SAM Core processes, at least Core Data Management and Compliance Reporting. They provide numerous interfaces to systems in other domains, resulting into huge amounts of data. Despite the high quality of the SAM tool processing of these data requires skilled people. The old adage “a fool with a tool is still a fool” is still valid.
Then there is a second argument to invest in processes. As the SAM process model shows Software Asset Management is much more than the SAM Core processes. In the next blog I will explain how significant benefits can be achieved by integrating these processes.
Hans van der Zanden
Co-owner and CFO of In2SAM BV, The Netherland
Process guru for 25 years
Member of ISO Workgroup 21, co-editor of additions to ISO 19770