ISO/IEC 19770-3 Convened

The ISO/IEC 19770-3 Other Working Group (“OWG”) was convened on September 9, 2008. Over thirty Software Asset Management (SAM) industry participants had joined the work as of that date and more are continuing to join. The Working Group has been tasked with drafting an international data standard for software license entitlement tags.

As I have been preparing to convene the 19770-3 working group this year, I have been receiving a steady stream of questions from many corners of the SAM industry. For the benefit of all, I will address a few of the most common questions here. If you have more questions after reading this article, you are welcome to send an email to me at my contact information below.

How do 19770-2 and 19770-3 fit into the SAM eco-system?

ISO/IEC 19770-1 is a baseline of outcomes-focused SAM best practices. It was published in May 2006 and was developed to enable organizations to demonstrate that they are performing software asset management to a standard sufficient to satisfy corporate governance requirements and to ensure effective support for IT Service Management (ITSM) overall. 19770-1 describes an integrated set of requirements that should be considered as a starting point for organizational SAM programs. Using common best practices from IT disciplines, the authors structured the standard into 27 process areas for SAM, which are divided into six categories.

To characterize 19770-1 as an outcomes focused standard is to say that instead of providing detailed process and procedure descriptions to support effective SAM, it describes outcomes that should be experienced from effective SAM. This allows each organization the freedom to build their own processes to fit best with their organizational culture. 19770-1 operates independently of 19770-2 and 19770-3.

ISO/IEC 19770-2 is a standard that specifies the structure of software identification tags. Quoting from the introduction to the draft standard: “The software identification tag is an XML file containing identification and management information about a software product, which is installed onto a computing device together with the software product. The tag may be created as part of the installation process, or added later for software already installed without tags. However, it is expected more commonly that the tag will be created when the software product is originally developed, and then be distributed and installed together with the software product.

ISO/IEC 19770-3 will provide a standard to specify the structure of software entitlement tags. Software entitlement tags are computer files that provide authoritative identifying information about software licensing rights. The degree of an organization’s software license compliance for “in-scope” (targeted) licensing configurations can be demonstrated when 19770-3 entitlement tags are reconciled with 19770-2 identification tags.

We sometimes refer to 19770-2 and 19770-3 as “data standards”. They are that, however in both cases they are more than data guidelines. They will also provide process and adoption guidance for industry professionals wishing to utilize the standards. As the industry adopts the 19770-2 and 19770-3 standards, some of the outcomes in 19770-1 will be more easily achieved. But adoption of 19770-2 and 19770-3 is unnecessary to experience the value of 19770-1 best practices.

Electronic discovery of software licensing rights is non-existent today. Entitlements data is commonly found in printed documents – purchase orders, invoices, and purchase receipts. Standardization of entitlement data tags will provide uniform, discoverable data for the license compliance processes of SAM.

We often use the expression “optimized SAM”. A convenient way of thinking of this is “automated” SAM where computer processes (SAM tools) that support the -2 and -3 standards are able to do the repetitive tasks of discovery, identification, and reconciliation with little or no human interaction.

While each part of 19770 stands on its own and provides benefits independent of the other parts, the combined benefits for all of the parts of 19770 can be thought of as effective support for ITSM and optimized SAM. These two disciplines, ITSM and SAM, have emerged to be understood as umbrellas for a myriad of IT management processes. But as David Bicket points out; IT Asset Management (ITAM) is intrinsically a more inclusive term than SAM.

What are the prospects for adoption of 19770-2 and -3?

Several major software manufacturers have already begun the adoption process to conform the production and delivery of their software products to the draft 19770-2 standard. Microsoft Corporation included important supporting API’s in Vista to facilitate use of the tags. Adobe Systems recently began shipping Adobe Acrobat 9 – the first product to utilize ISO/IEC 19770-2 software identification tags.

A non-profit organization known as TagVault (www.tagvault.org) has emerged to serve as a software-tag issuer/clearinghouse to support the adoption of ISO/IEC 19770-2 specifications. Other software manufacturers are working toward adoption and are expected to make public announcements within the next year.

Software manufacturers will include 19770-2 identification and 19770-3 entitlement tags in their shipping products and through their order fulfillment systems. This process will help SAM tool providers and SAM practitioners to accurately identify and manage software and licensing deployed onto managed computers.

It is not critical, however, for software manufacturers to adopt the 19770-3 standard in order for SAM practitioners to experience the benefits of this work. ISO/IEC 19770-3 will be designed to allow full implementation by others. If any number of software vendors are unable or unwilling to participate, the industry can still produce viable tags. There will be a provision for end users to build their own tags for legacy software. This provision will make it possible for end-user and tool vendor adoption in absence of publisher adoption. In fact, the need to support legacy software may inspire development of new SAM tools that will serve as engines to generate correctly formatted data tags.

How can we ensure adoption of the standards?

While interest in SAM standards is rapidly growing among SAM practitioners and SAM tool vendors, there are still countless software manufacturers who can benefit from this work if they are informed. I encourage all SAM professionals to become familiar with the ISO/IEC SAM standards work and to spread the word to other parts of the software industry. You can refer them to this article and other materials located at http://www.sassafras.com/iso/.

I have spoken with a few major government and corporate software buyers who are considering a possible response to software publishers who include compliance audit clauses in their licensing contracts. The buyers plan to begin negotiating adoption clauses for volume licensing agreements that require software manufacturers to adopt the two 19770 data standards – ostensibly to ensure convenient and successful audits. This may be an effective method that your own organization can use to encourage adoption.

Software manufacturers may be able to gain market advantage by supporting their volume purchase customers’ expectations.

Participation is open – join us now.

Participation in the 19770-3 OWG is open to any qualified individuals with relevant expertise in software asset management, software licensing, software manufacturing, and related disciplines. We also welcome editorial help from individuals who have technical documentation experience. All OWG members are required to sign a statement acknowledging that the results of the work being done shall be copyright of ISO/IEC. Copyright in all drafts shall be held by ISO/IEC. All 19770-3 OWG members shall be expected to contribute meaningful content to the standard and remain active in order to maintain their membership status. See the instructions at the end of this article to volunteer for the ISO/IEC 19770-3 OWG.

Tentative Agenda.

The main work expected to be completed is the following, although this is subject to revision by the members of the OWG:

  • Create a taxonomy (schema) for the entitlement data tag
  • Define conformance details and scoping requirements
  • Build an implementation guide
  • Define examples (use cases) to accompany implementation guidance
  • Specify the standard’s alignment with other standards
  • Generate an XML schema definition for entitlement tag creation

If you would like to volunteer to work on the ISO/IEC 19770-3 OWG, or simply receive public notices of its progress, you may contact John at sales@sassafras.com or by telephone in the US at 603-643-3351. Important: in order for your email to safely make the trip through spam filters, please include “19770-3” in the subject of your message.


John Tomeny of Sassafras Software Inc is a sixteen-year veteran of the Software Asset Management industry, an IAITAM Fellow, the Convener of the ISO/IEC 19770-3 working group on Software Entitlement Tags, a recipient of the 2007 SAM Practitioner of the Year award, a member of the International Association of IT Asset Managers (IAITAM), a member of the IT Service Management Forum (itSMF), and a founding member of the International Business Software Manager’s Association (IBSMA).

Portions of this article were first published in IAITAM’s September 2008 ITAK Magazine. http://www.iaitam.org/ITAK.htm

No comments yet.

Leave a Reply