An end to the software police?

ISO publishes a standard for software asset management to protect companies from legal and financial threats over licensing issues.

Colin Barker Special to CNET News
3 min read
After months of delay, the ISO has finally published a standard for software asset management that may protect companies from legal and financial threats over licensing issues.

The International Standards Organization finally published its standard for software asset management on Monday.

In the last few years, software asset management (SAM) has become a key issue for companies trying to keep track of what tools they are using, how much they are paying in software licensing costs and, crucially, what they could save by better use of those assets.

The issue has been brought into sharper focus through the activities of the Business Software Alliance (BSA), the U.K.-based Federation Against Software Theft (FAST) and companies such as Microsoft that have made clear the penalties for companies that use improperly licensed software.

The new standard, called ISO/IEC 19770-1, is published jointly by the ISO and the International Electrotechnical Commission. It had been due for arrival this March, after missing its original 2005 release date.

Investors in Software is one of the organizations involved in the development of the standard, which it has been working on for four years.

The group said in a statement on its Web site: "The underlying justification for SAM is the need to apply good governance to software assets--without it, organizations could be subjected to significant risks, including legal and financial exposure."

Shawn Frohlich of IIS is delighted the standard has been finally accepted. "Until Monday night, companies had no way of establishing that they were properly managing their assets. They had no way of proving it. Now they do," Frohlich said. "There is a standard to work towards."

However, ISO has only published Part 1, which covers processes. The second part of the standard, covering tools, is expected later this year.

Part 1 is divided into risk management, cost control and competitive advantage.

For Frohlich, risk management is a key area. "You couldn't demonstrate a clean bill of health before," he said.

Risk management covers issues that could arise from improper licensing, such as interruption or deterioriation of IT services, legal and regulatory exposure and damage to public image.

It is the latter two areas that have focused CIOs and IT managers on software asset management. Businesses that have been caught infringing on software licenses have suffered high-profile, and often very expensive, humiliation at the hands of Fast and the BSA.

Frohlich believes both interest groups will welcome the new standard: "The BSA has already welcomed it, and I believe Fast is preparing something as well."

Neil MacBride, BSA's vice president of legal affairs, said in a statement that the organization is "delighted that the ISO has launched this standard, and we congratulate all those in the standards and software asset management community around the world who have worked so hard to bring this to fruition."

MacBride said it was a milestone in the global development of software management best practices and would help organizations of all sizes to ensure that they are fully software compliant and making best use of their software assets.

According to the ISO, the standard will "enable an organization to prove that it is performing SAM to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall."

Colin Barker reported for ZDNet UK in London.