Sassafras K2 supports ISO 19770-2 and 19770-3 standards for Software Asset Management

I think it was sometime in the spring of 2006 that a seemingly unremarkable decision happened in a committee meeting that destined a small group of us to forever change the way that Software Asset Managers do their jobs. The meeting was the development group for the ISO/IEC 19770-2 SWID (software identification) standard.

It was Steve Klos who spoke first about a topic that had been growing in my thoughts in recent weeks. We eventually described it as a way to “digitally encapsulate” the definition of any type of software license – a way for computers to understand how to measure consumption of software licensing.

This was the genesis of the software entitlement standard that would be introduced to accompany the software ID (SWID) standard. In our standards group, we saw this as the ultimate automation of software asset management. Already, software programs were ‘discoverable’ and we in the 19770-2 Working Group were moving toward making software products identifiable under a definitive standard.

But machines could not read and interpret software license entitlement details. Software licenses were only human readable in the form of contracts and license agreements. We knew that if we could encapsulate the ‘metrics’ of a license agreement into machine readable form, we could move the industry forward in a giant step toward automation.

Two years later, after the publication of 19770-2, I was invited by Dave Bicket, the chairman of WG21, to convene a working group and lead the effort to develop the “entitlements standard”. You can read the announcement here. WG21 is the international Working Group charged with responsibility for developing ITAM industry standards.

The development group that I convened was charged with the responsibility to design a schema that could encapsulate the entitlement rights and limitations of software license agreements. Our goal was clear: to quantify a standard that could move the industry closer to fully automated solutions for proof of compliance and to reveal opportunities for cost reduction. After the combined efforts of more than 40 people over eight years, ISO/IEC 19770-3 was published on April 15, 2016. The finished standard is here.

As IT managers improve their asset management practices, one of the major hurdles they face is transforming the hundreds, often thousands, of licensing agreements into machine readable metrics. This is an important step in the quest for accurate reconciliation of licensing.

Of the many hundreds of organizations I have worked with over the years, I have observed that licensing records are often stored in spreadsheets or procurement systems with inherently inadequate metrics that are necessary to measure compliance and opportunities for optimization. The 19770-3 entitlement standard can’t help with legacy entitlements that have already been transferred from vendor to customer, but it promises to bring meaningful advances in automation going forward.

To that end, Sassafras K2 supports these two important industry standards: ISO/IEC 19770-2 & 19770-3. K2 collects and references 19770-2 SWID tags to inform software product identification; helping to ensure your team receives trustworthy data. This augments an already rich discovery repository held by K2 from other data sources.

Sassafras K2 collects data from multiple sources on audited computers for software program/product identification. The primary identifying data is taken from numerous internal file properties. This insures positive identification and an absence of false-positives and false-negatives that are common with other methods. Once an executable/application is confirmed, additional supporting information may be consulted, including: installer receipts, MSI information, Add/Remove program entries, Start Menu entries, ISO/IEC 19770-2 Software ID tags, publisher specific data from registry/files/databases, and other system variables.

K2 also reads 19770-3 “ENT” files and automatically imports them to purchase records so you can easily manage software licensing. The ISO/IEC 19770-3 “ENT” standard digitally encapsulates software license rights, and limitations used to measure consumption, compliance and optimization of software licensing for cost reduction.

Finally, to round out our complete support for the ISO standards, Sassafras has also published our own 19770-2 SWID tags which provide definitive identification of our K2 SAM solution products.

“I’m extremely pleased to see industry support mounting behind the ISO standards that enable automation of Software Asset Management and Security processes.”, said Steve Klos, Executive Director at, “As Sassafras K2 joins the ever growing number of tool providers, standards groups and industry & governmental organizations that recognize the value of authoritative meta data for software identification and entitlements, software vendors have a tough choice – join in an effort to automate SAM and security processes and support their customers, or be left behind.”

Feel free to comment here or contact me if you’d like more information either about the ISO 19770 standards or how Sassafras supports the standards in K2, our integrated SAM tool.


No comments yet.

Leave a Reply