iTeh Standards logo
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 19770-1:2017

(Main)

Information technology — IT asset management — Part 1: IT asset management systems — Requirements

Information technology — IT asset management — Part 1: IT asset management systems — Requirements

ISO/IEC 19770-1:2017 specifies requirements for an IT asset management system within the context of the organization. ISO/IEC 19770-1:2017 can be applied to all types of IT assets and by all types and sizes of organizations. NOTE 1 This document is intended to be used for managing IT assets in particular, but it can also be applied to other asset types. It can be suitable, in whole or in part, for managing embedded software and firmware, however its use for these purposes has not been determined. It is not intended for managing information assets per se, i.e. it is not intended for managing information as an asset independent of hardware and software assets. Certain types of data and information are covered, such as data and information about IT assets in scope, and depending on how the scope is defined, it can cover digital information content assets. See the Introduction for an explanation about IT assets. NOTE 2 This document does not specify financial, accounting, or technical requirements for managing specific IT asset types. NOTE 3 For the purposes of this document, the term "IT asset management system" is used to refer to a management system for IT asset management. ISO/IEC 19770-1:2017 is a discipline-specific extension of ISO 55001:2014, with changes, and is not a sector-specific application of that International Standard. ISO 55001:2014 is intended to be used for managing physical assets in particular, but it can also be applied to other asset types. This document specifies requirements for the management of IT assets which are additional to those specified in ISO 55001:2014. Conformance to this document does not imply conformance to ISO 55001:2014. ISO/IEC 19770-1:2017 can be used by internal and external parties to assess the organization's ability to meet the organization's own IT asset management requirements.

Technologies de l'information — Gestion de biens de logiciel — Partie 1: Titre manque

General Information

Status
Published
Publication Date
06-Dec-2017
ICS
03.100.70 - Management systems
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 7 - Software and systems engineering
Drafting Committee
ISO/IEC JTC 1/SC 7/WG 21 - Information technology asset management
Current Stage
9093 - International Standard confirmed
Start Date
10-May-2024
Completion Date
30-Oct-2025
Ref Project

Relations

Amended By
ISO/IEC 19770-1:2017/Amd 1:2024 - Information technology — IT asset management — Part 1: IT asset management systems — Requirements — Amendment 1: Climate action changes
Effective Date
18-Nov-2023
Revises
ISO/IEC 19770-1:2012 - Information technology — Software asset management — Part 1: Processes and tiered assessment of conformance
Effective Date
05-Nov-2015
ISO/IEC 19770-1:2017 - Information technology — IT asset management — Part 1: IT asset management systems — Requirements Released:12/7/2017ISO/IEC 19770-1:2017 - Information technology — IT asset management — Part 1: IT asset management systems — Requirements Released:12/7/2017
PreviousNext
Standard
ISO/IEC 19770-1:2017 - Information technology — IT asset management — Part 1: IT asset management systems — Requirements Released:12/7/2017
English language
37 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 19770-1
Third edition
2017-12
Information technology — IT asset
management —
Part 1:
IT asset management systems —
Requirements
Technologies de l'information — Gestion des actifs logiciels —
Partie 1: Procédés et évaluation progressive de la conformité
Reference number
©
ISO/IEC 2017
© ISO/IEC 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
1.1 Purpose . 1
1.2 Field of application . 1
1.3 Limitations . 1
2 Normative references . 2
3 Terms and definitions . 2
4 Context of the organization .12
4.1 Understanding the organization and its context .12
4.2 Understanding the needs and expectations of stakeholders .12
4.3 Determining the scope of the IT asset management system .13
4.4 IT asset management system .13
5 Leadership .13
5.1 Leadership and commitment .13
5.2 Policy .14
5.3 Organizational roles, responsibilities and authorities.14
6 Planning .15
6.1 Actions to address risks and opportunities for the IT asset management system .15
6.1.1 General.15
6.1.2 IT asset risk assessment .15
6.1.3 IT asset risk treatment . .16
6.2 IT asset management objectives and planning to achieve them .16
6.2.1 IT asset management operation process specification .16
6.2.2 IT asset management objectives for operation processes .17
6.2.3 Overall IT asset management objectives .17
6.2.4 Planning to achieve IT asset management objectives.17
7 Support .18
7.1 Resources .18
7.2 Competence .18
7.3 Awareness .19
7.4 Communication .19
7.5 Information requirements .19
7.6 Documented information .20
7.6.1 General.20
7.6.2 Traceability of ownership and responsibility .20
7.6.3 Audit trails of authorizations and execution of authorizations .21
7.6.4 Creating and updating .21
7.6.5 Control of documented information .21
8 Operation .22
8.1 Operational planning and control .22
8.2 Management of change .22
8.3 Core data management .22
8.4 License management .22
8.5 Security management .23
8.6 Other processes .23
8.7 Outsourcing and services .23
8.8 Mixed responsibilities between the organization and its personnel .24
9 Performance evaluation .24
9.1 Monitoring, measurement, analysis and evaluation .24
9.2 Internal audit .25
© ISO/IEC 2017 – All rights reserved iii

9.3 Management review .25
10 Improvement .26
10.1 Nonconformity and corrective action .26
10.2 Preventive action .26
10.3 Continual improvement .26
Annex A (normative) IT asset management operation processes and objectives .27
Annex B (informative) IT asset management tiers .31
Annex C (informative) Characteristics of IT Assets .33
Annex D (informative) Changes from ISO 55001 .35
Bibliography .37
iv © ISO/IEC 2017 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and system engineering. Participation and contributions were requested in
particular from ISO/IEC JTC 1/SC 27 IT Security Techniques, ISO/IEC JTC 1/SC 40 IT Service Management
and IT Governance, and ISO/TC 251 Asset Management.
This third edition cancels and replaces the second edition (ISO/IEC 19770-1:2012), which has been
technically revised to be a Management System Standard.
A list of all parts in the ISO/IEC 19770 series can be found on the ISO website.
© ISO/IEC 2017 – All rights reserved v

Introduction
This document specifies the requirements for the establishment, implementation, maintenance and
improvement of a management system for IT asset management (ITAM), referred to as an “IT asset
management system” (ITAMS).
This document provides additional requirements to ISO 55001:2014 which specifies the requirements
for the establishment, implementation, maintenance and improvement of a management system for
asset management, referred to as an “asset management system”. This document includes additional
or more detailed requirements which are considered necessary for the management of IT assets.
The primary differentiator is the need to manage software assets, with their specific characteristics.
Although ISO 55001:2014 can be used to manage software assets if organizations define their scope
and relevant requirements appropriately, it is primarily focused on physical assets with little provision
for the management of software assets.
There are a number of characteristics of IT assets which create these additional or more detailed
requirements. These are described in Annex C. As a result of these characteristics of IT assets, a
management system for IT assets will consequently have explicit requirements additional to those in
ISO 55001:2014 dealing with:
— controls over software modification, duplication and distribution, with particular emphasis on
access and integrity controls;
— audit trails of authorizations and of changes made to IT assets;
— controls over licensing, underlicensing, overlicensing, and compliance with licensing terms and
conditions;
— controls over situations involving mixed ownership and responsibilities, such as in cloud computing
and with ‘Bring-Your-Own-Device’ (BYOD) practices; and
— reconciliation of IT asset management data with data in other information systems when justified
by business value, in particular with financial information systems recording assets and expenses.
Furthermore, because information associated with IT assets is typically voluminous, highly complex
and fast-changing, it is likely that organizations with such information will need to make use of
automated information systems.
Another difference between ISO 55001:2014 and this document is that this document provides
optionally for multiple explicit groupings of process objectives (or 'tiers'). The most important of these
is the basic tier called 'trustworthy data', which is the most important to most end-user organizations
and also software publishers. Tier two is for ‘life cycle integration’, and tier three is for ‘optimization’.
More information about the tiers and their respective groupings of objectives is given in Annex B.
Since major physical assets increasingly incorporate or depend on software, it is likely that the
additional requirements of this document will be relevant in such situations. It is likely that most
organizations with major physical assets will need management systems meeting a mixture of 'pure'
ISO 55001:2014 requirements and also of the additional requirements from this document.
IT assets encompass a wide variety of asset types. Figure 1 indicates the principal IT asset types
diagrammatically.
vi © ISO/IEC 2017 – All rights reserved

Figure 1 — Principal types of IT assets
© ISO/IEC 2017 – All rights reserved vii

This document can be used by any organization and can be applied to all types of IT assets. The
organization determines to which of its IT assets this document applies.
This document is primarily intended for use by:
— those involved in the establishment, implementation, maintenance, and improvement of an IT asset
management system;
— those involved in delivering IT asset management activities, including service providers;
— internal and external parties to assess the organization’s ability to meet legal, regulatory and
contractual requirements and the organization’s own requirements.
The order in which requirements are presented in this document does not reflect their importance or
imply the order in which they are to be implemented.
Further guidance regarding the application of the requirements within this document shared with
ISO 55001:2014 is provided in ISO 55002.
General information on asset management and on IT asset management, and information on
the terminology applicable to this document, is provided in ISO 55000 and in ISO/IEC 19770-5.
Organizations can find that these documents will assist in the development of IT asset management in
their organization.
This document applies the definition of "risk" given in ISO 31000:2009 and ISO/IEC Guide 73:2009. In
addition, it uses the term “stakeholder” rather than “interested party”.
This document is designed to enable an organization to align and integrate its IT asset management
system with related management system requirements, for example those specified by ISO/IEC 27001
and ISO/IEC 20000-1.
This document is not intended to be in conflict with any organization's policies, procedures and
standards. Any such conflict should be resolved before using this document.
viii © ISO/IEC 2017 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 19770-1:2017(E)
Information technology — IT asset management —
Part 1:
IT asset management systems — Requirements
1 Scope
1.1 Purpose
This document specifies requirements for an IT asset management system within the context of the
organization.
This document can be applied to all types of IT assets and by all types and sizes of organizations.
NOTE 1 This document is intended to be used for managing IT assets in particular, but it can also be applied
to other asset types. It can be suitable, in whole or in part, for managing embedded software and firmware,
however its use for these purposes has not been determined. It is not intended for managing information assets
per se, i.e. it is not intended for managing information as an asset independent of hardware and software assets.
Certain types of data and information are covered, such as data and information about IT assets in scope, and
depending on how the scope is defined, it can cover digital information content assets. See the Introduction for
an explanation about IT assets.
NOTE 2 This document does not specify financial, accounting, or technical requirements for managing specific
IT asset types.
NOTE 3 For the purposes of this document, the term “IT asset management system” is used to refer to a
management system for IT asset management.
This document is a discipline-specific extension of ISO 55001:2014, with changes, and is not a sector-
specific application of that International Standard. ISO 55001:2014 is intended to be used for managing
physical assets in particular, but it can also be applied to other asset types. This document specifies
requirements for the management of IT assets which are additional to those specified in ISO 55001:2014.
Conformance to this document does not imply conformance to ISO 55001:2014.
This document can be used by internal and external parties to assess the organization’s ability to meet
the organization’s own IT asset management requirements.
1.2 Field of application
This document applies to IT asset management processes and can be implemented by organizations to
achieve immediate benefits.
This document can be applied to all IT assets. For example, it can be applied to not only IT hardware
but also to executable software (such as application programs and operating systems) and non-
executable software (such as fonts and configuration information). It can be applied to all technological
environments and computing platforms (e.g. virtualized software applications, on-premises or software-
as-a-service; it is equally relevant in cloud computing as it is in legacy computing environments).
1.3 Limitations
This document does not detail the IT asset management processes in terms of methods or procedures
required to meet the requirements for outcomes of a process.
This document does not specify the sequence of steps an organization should follow to implement IT
asset management.
© ISO/IEC 2017 – All rights reserved 1

This document does not detail documentation in terms of name, format, explicit content and
recording media.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
For the purposes of this document, the following terms and definitions apply.
Some of these terms are repeated from ISO 55000:2014, and refer to assets in general. These terms are
usable for IT assets when used in the context of IT asset management, with ‘asset’ being understood
as referring to ‘IT asset’. In some cases, terms specific to IT assets have been added. No specific
interpretation is intended based on whether an IT-specific term has been defined or not.
3.1
asset
item, thing or entity that has potential or actual value to an organization (3.38)
Note 1 to entry: Value can be tangible or intangible, financial or non-financial, and includes consideration of risks
(3.48) and liabilities. It can be positive or negative at different stages of the asset life (3.2).
Note 2 to entry: Physical assets usually refer to equipment, inventory and properties owned by the organization.
Physical assets are the opposite of intangible assets, which are non-physical assets such as leases, brands, digital
assets, use rights, licences, intellectual property rights, reputation or agreements.
Note 3 to entry: A grouping of assets referred to as an asset system (3.7) could also be considered as an asset.
[SOURCE: ISO 55000:2014, 3.2.1]
3.2
asset life
period from asset (3.1) creation to asset end-of-life
[SOURCE: ISO 55000:2014, 3.2.2]
3.3
asset management
coordinated activity of an organization (3.38) to realize value from assets (3.1)
Note 1 to entry: Realization of value will normally involve a balancing of costs, risks (3.48), opportunities and
performance (3.42) benefits.
Note 2 to entry: Activity can also refer to the application of the elements of the asset management system (3.5).
Note 3 to entry: The term “activity” has a broad meaning and can include, for example, the approach, the planning,
the plans and their implementation.
[SOURCE: ISO 55000:2014, 3.3.1]
2 © ISO/IEC 2017 – All rights reserved

3.4
asset management plan
documented information (3.19) that specifies the activities, resources and timescales required for an
individual asset (3.1), or a grouping of assets, to achieve the organization’s (3.38) asset management
(3.3) objectives (3.37)
Note 1 to entry: The grouping of assets may be by asset type (3.8), asset class, asset system (3.7) or asset
portfolio (3.6).
Note 2 to entry: An asset management plan is derived from the strategic asset management plan (3.53).
Note 3 to entry: An asset management plan may be contained in, or may be a subsidiary plan of, the strategic
asset management plan.
[SOURCE: ISO 55000:2014, 3.3.3]
3.5
asset management system
management system (3.33) for asset management (3.3) whose function is to establish the asset
management policy (3.43) and asset management objectives (3.37)
Note 1 to entry: The asset management system is a subset of asset management.
[SOURCE: ISO 55000:2014, 3.4.3]
3.6
asset portfolio
assets (3.1) that are within the scope of the asset management system (3.5)
Note 1 to entry: A portfolio is typically established and assigned for managerial control purposes. Portfolios for
physical hardware might be defined by category (e.g. plant, equipment, tools, land). Software portfolios might be
defined by software publisher, or by platform (e.g. PC, server, mainframe).
Note 2 to entry: An asset management system can encompass multiple asset portfolios. Where multiple asset
portfolios and asset management systems are employed, asset management (3.3) activities should be coordinated
between the portfolios and systems.
[SOURCE: ISO 55000:2014, 3.2.4]
3.7
asset system
set of assets (3.1) that interact or are interrelated
[SOURCE: ISO 55000:2014, 3.2.5]
3.8
asset type
grouping of assets (3.1) having common characteristics that distinguish those assets as a group or class
EXAMPLE Physical assets, information assets, intangible assets, critical assets (3.15), enabling assets, linear
assets, information and communications technology (ICT) assets, infrastructure assets, moveable assets.
[SOURCE: ISO 55000:2014, 3.2.6]
3.9
audit
systematic, independent and documented process (3.46) for obtaining audit evidence and evaluating it
objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),
and it can be a combined or integrated audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.
© ISO/IEC 2017 – All rights reserved 3

Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
[SOURCE: ISO 55000:2014, 3.1.1, modified — Note 2 to entry has been added for conformance with
Annex SL]
3.10
capability
measure of capacity and the ability of an entity (system, person or organization
(3.38)) to achieve its objectives (3.37)
Note 1 to entry: Asset management (3.3) capabilities include processes (3.46), resources, competences (3.11) and
technologies to enable the effective and efficient development and delivery of asset management plans (3.4) and
asset life (3.2) activities, and their continual improvement (3.13).
[SOURCE: ISO 55000:2014, 3.1.2]
3.11
competence
ability to apply knowledge and skills to achieve intended results
[SOURCE: ISO 55000:2014, 3.1.3]
3.12
conformity
fulfilment of a requirement (3.47)
[SOURCE: ISO 55000:2014, 3.1.4]
3.13
continual improvement
recurring activity to enhance performance (3.42)
[SOURCE: ISO 55000:2014, 3.1.5]
3.14
corrective action
action to eliminate the cause of a nonconformity (3.36) and to prevent recurrence
Note 1 to entry: In the case of other undesirable outcomes, action is necessary to minimize or eliminate the
causes and to reduce the impact or prevent recurrence. Such actions fall outside the concept of corrective action,
in the sense of this definition.
[SOURCE: ISO 55000:2014, 3.4.1]
3.15
critical asset
asset (3.1) having potential to significantly impact on the achievement of the organization’s (3.38)
objectives (3.37)
Note 1 to entry: Assets can be safety-critical, environment-critical or performance-critical (3.42) and can relate
to legal, regulatory or statutory requirements (3.47).
Note 2 to entry: Critical assets can refer to those assets necessary to provide services to critical customers.
Note 3 to entry: Asset systems (3.7) can be distinguished as being critical in a similar manner to individual assets.
[SOURCE: ISO 55000:2014, 3.2.7]
4 © ISO/IEC 2017 – All rights reserved

3.16
data
facts about an object
Note 1 to entry: In the context of IT asset management systems (3.28), data may be a captured, measured or
recorded representation of information, before it is analysed, interpreted or processed. Data may relate to
objects such as facts, events, things, processes, or ideas, including concepts that within a certain context have a
particular meaning related to IT assets.
[SOURCE: ISO 9000:2015, 3.8.1, modified — Note 1 has been added, modified from ISO 15784-1 and
ISO/IEC 2382]
3.17
digital asset
IT asset (3.25) expressed electronically in a digital format
Note 1 to entry: Digital assets include software assets (3.50), and digital information content assets (3.18).
3.18
digital information content asset
digital asset (3.17) with information content
EXAMPLE Documents, audio, video, graphics, databases, free-standing dictionaries; often licensed.
Note 1 to entry: ITAM can include management of these assets as whole entities, e.g. for license compliance, but
excludes management of the content.
3.19
documented information
information required to be controlled and maintained by an organization (3.38) and the medium on
which it is contained
Note 1 to entry: Documented information can be in any format and media and from any source.
Note 2 to entry: Documented information can refer to:
— the management system (3.33), including related processes (3.46);
— information created in order for the organization to operate (documentation);
— evidence of results achieved (e.g. records, key performance indicators).
[SOURCE: ISO 55000:2014, 3.1.6]
3.20
effectiveness
extent to which planned activities are realized and planned results achieved
[SOURCE: ISO 55000:2014, 3.1.7]
3.21
hardware
physical equipment used to process, store, or transmit computer programs or data
[SOURCE: ISO/IEC/IEEE 24765:2010, 3.1278]
3.22
incident
unplanned event or occurrence resulting in damage or other loss
[SOURCE: ISO 55000:2014, 3.1.8]
© ISO/IEC 2017 – All rights reserved 5

3.23
information
meaningful data
Note 1 to entry: In the context of IT asset management systems (3.28), information may be data that has been
converted, analysed, interpreted or compiled, to which meaning is assigned, according to context and assumed
conventions. The underlying data may relate to objects such as facts, events, things, processes, or ideas, including
concepts, that within a certain context have a particular meaning related to IT assets (3.25).
Note 2 to entry: In the context of IT asset management systems, information may be recorded digitally or
physically (e.g. on paper).
[SOURCE: ISO 9000:2015, 3.8.2, modified — Note 1 to entry modified from ISO/TR 12037, ISO/TR 21089
and ISO/IEC 2382) and Note 2 to entry has been added.]
3.24
information technology
IT
development, maintenance, and use of technology to acquire, process, store and distribute digital
information
Note 1 to entry: This excludes the use of technology to acquire, process, store and distribute information which
is not digital, such as paper-based information. Examples which are excluded when not digitally captured are
books, manuals, manuscripts, and whiteboards. For the purposes of this definition, 'digital' is equivalent to
'electronic'.
3.25
IT asset
item, thing, or entity that can be used to acquire, process, store and distribute digital information and
has potential or actual value to an organization.
Note 1 to entry: IT assets include:
— software (3.49);
— media (physical and digital);
— IT equipment (physical and virtual);
— licenses (including proof of license);
— contracts; and
— ITAM system management assets (including ITAM systems and tools, and the metadata needed to manage all
IT assets).
Note 2 to entry: Services to meet IT asset management (3.26) requirements (3.47), typically externally supplied,
can also be considered IT assets, such as 'software-as-a-service', hardware maintenance, software support, and
training.
Note 3 to entry: Digital information content assets (3.18) are files or other entities with information content,
but they are not considered software. For example, there may be collections of standards in digital form; media
collections; and credit agency rating information. Such assets may be licensed, and therefore may benefit from
being managed using the discipline of IT asset management.
Note 4 to entry: Information per se, independent of IT hardware and software assets, can be considered an asset
(3.1), but it is not considered an IT asset.
Note 5 to entry: The collective set of IT assets is also referred to as the IT infrastructure (3.30).
3.26
IT asset management
ITAM
coordinated activity of an organization (3.38) to realize value from IT assets (3.25)
6 © ISO/IEC 2017 – All rights reserved

3.27
IT asset management plan
documented information (3.19) that specifies the activities, resources and timescales required for
an individual IT asset (3.25), or a grouping of IT assets, to achieve the organization’s (3.38) IT asset
management (3.26) objectives (3.37)
Note 1 to entry: The grouping of assets may be by asset type (3.8), asset class, asset system (3.7) or IT asset
portfolio (3.29).
Note 2 to entry: An IT asset management plan is derived from the strategic IT asset management plan (3.54).
Note 3 to entry: An IT asset management plan may be contained in, or may be a subsidiary plan of, the strategic
IT asset management plan.
[SOURCE: ISO 55000:2014, 3.3.3, modified — asset management plan has become IT asset management
plan and all notes have been made discipline-specific]
3.28
IT asset management system
ITAMS
management system (3.33) for IT asset management (3.26) whose function is to establish the IT asset
management policy (3.43) and IT asset management objectives (3.37)
Note 1 to entry: The asset management system is a subset of asset management.
[SOURCE: ISO 55000:2014, 3.4.3, modified — asset management system has become IT asset
management system and definition as well as notes have become discipline-specific]
3.29
IT asset portfolio
IT assets (3.25) that are within the scope of the IT asset management system (3.28)
Note 1 to entry: A portfolio is typically established and assigned for managerial control purposes. Portfolios
for IT hardware might be defined by category (e.g. servers, PCs, mobile devices). Software portfolios might be
defined by software publisher, or by platform (e.g. PC, server, mainframe).
Note 2 to entry: An IT asset management system can encompass multiple IT asset portfolios.
Note 3 to entry: See also asset portfolio (3.6).
3.30
IT infrastructure
combined set of IT assets (3.25) for developing, maintaining, and using IT services
3.31
level of service
parameters, or combination of parameters, which reflect social, political, environmental and economic
outcomes that the organization (3.38) delivers
Note 1 to entry: The parameters can include safety, customer satisfaction, quality, quantity, capacity, reliability,
responsiveness, environmental acceptability, cost and availability.
[SOURCE: ISO 55000:2014, 3.3.6]
3.32
life cycle
stages involved in the management of an asset (3.1)
Note 1 to entry: The naming and number of the stages and the activities under each stage usually vary in different
industry sectors and are determined by the organization (3.38).
[SOURCE: ISO 55000:2014, 3.2.3]
© ISO/IEC 2017 – All rights reserved 7

3.33
management system
set of interrelated or interacting elements of an organization (3.38) to establish policies (3.43) and
objectives (3.37) and processes (3.46) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning,
and operation, etc.
Note 3 to entry: The scope of a management system may include the whole of the organization, specific and
identified functions of the organization, specific and identified sections of the organization, or one or more
functions across a group of organizations.
[SOURCE: ISO 55000:2014, 3.4.2, modified — ‘and’ has been added to Note 2 to entry for conformance
with Annex SL]
3.34
measurement
process (3.46) to determine a value
[SOURCE: ISO 55000:2014, 3.1.10]
3.35
monitoring
determining the status of a system, a process (3.46) or an activity
Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.
Note 2 to entry: For the purposes of asset management, monitoring may also refer to determining the status of an
asset. This is typically referred to as “condition monitoring” or “performance monitoring”.
[SOURCE: ISO 55000:2014, 3.1.9]
3.36
nonconformity
non-fulfilment of a requirement (3.47)
Note 1 to entry: Nonconformity can be any deviation from asset management system (3.5) requirements, or from
relevant work standards, practices, procedures, legal requirements, etc.
[SOURCE: ISO 55000:2014, 3.1.11]
3.37
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical or operational.
Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and
environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and
process (3.46)).
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an
operational criterion, as an asset management (3.3) objective or by the use of other words with similar meaning
(e.g. aim, goal, or target).
Note 4 to entry: In the context of asset management systems (3.5), asset management objectives are set by the
organization (3.38), consistent with the organizational objectives (3.39) and asset management policy (3.43), to
achieve specific measurable results.
[SOURCE: ISO 55000:2014, 3.1.12, modified — ‘as’ has been added to Note 3 for conformance with
Annex SL]
8 © ISO/IEC 2017 – All rights reserved

3.38
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives (3.37)
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation, firm,
enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated
or not, public or private.
[SOURCE: ISO 55000:2014, 3.1.13]
3.39
organizational objective
overarching objective (3.37) that sets the context and direction for an organization’s (3.38) activities
Note 1 to entry: Organizational objectives are established through the strategic level planning activities of the
organization.
[SOURCE: ISO 55000:2014, 3.1.14]
3.40
organizational plan
documented information (3.19) that specifies the programmes to achieve the organizational
objectives (3.39)
[SOURCE: ISO 55000:2014, 3.1.15]
3.41
outsource (verb)
make an arrangement where an external organization (3.38) performs part of an organization’s function
or process (3.46)
Note 1 to entry: An external organization is outside the scope of the management system (3.33), although
the outsourced function or process is within the scope if its activities influence the effectiveness of the asset
management system (3.5).
[SOURCE: ISO 55000:2014, 3.1.16]
3.42
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to the management of activities, processes (3.46), products (including
services), systems or organizations (3.38).
Note 3 to entry: For the purposes of asset management (3.3), performance can relate to assets (3.1) in their ability
to fulfil requirements (3.47) or objectives (3.37).
[SOURCE: ISO 55000:2014, 3.1.17, modified — the spelling of ‘measurable’ has been changed for
conformance with Annex SL]
3.43
policy
intentions and direction of an organization (3.38), as formally expressed by its top management (3.55)
[SOURCE: ISO 55000:2014, 3.1.18, modified — a comma has been added for conformance with Annex SL]
© ISO/IEC 2017 – All rights reserved 9

3.44
predictive action
action to monitor the condition of an asset (3.1) and predict the need for preventive action (3.45) or
corrective action (3.14)
Note 1 to entry: Predictive action is also commonly referred to as either “condition monitoring” or “performance
monitoring”.
[SOURCE: ISO 55000:2014, 3.3.5]
3.45
preventive action
action to eliminate the cause of a potential nonconformity (3.36) or other undesirable potential situation
Note 1 to entry: This definition is specific to asset management (3.3) activities only.
Note 2 to entry: There can be more than one cause for a potential nonconformity.
Note 3 to entry: Preventive action is taken to prevent occurrence and to preserve an asset’s (3.1) function,
whereas corrective action (3.14) is taken to prevent recurrence.
Note 4 to entry: Preventive action is normally carried out while the asset is functionally available and operable
or prior to the initiation of functional failure.
Note 5 to entry: Preventive action includes the replenishment of consumables where the consumption is a
functional requirement (3.47).
[SOURCE: ISO 55000:2014, 3.3.4]
3.46
process
set of interrelated or interacting activities which transforms inputs into outputs
[SOURCE: ISO 55000:2014, 3.1.19]
3.47
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

ISO
ISO/IEC 19770-1:2017/Amd 1:2024(Amendment)
Information technology — IT asset management — Part 1: IT asset management systems — Requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 90003:2018(Main)
Software engineering — Guidelines for the application of ISO 9001:2015 to computer software

This document provides guidance for organizations in the application of ISO 9001:2015 to the acquisition, supply, development, operation and maintenance of computer software and related support services. It does not add to or otherwise change the requirements of ISO 9001:2015. Annex A provides a table pointing to additional guidance on the implementation of ISO 9001:2015, available in ISO/IEC JTC 1/SC 7, ISO/IEC JTC 1/SC 27 and ISO/TC 176 International Standards. The guidelines provided in this document are not intended to be used as assessment criteria in quality management system registration/certification. However, some organizations can consider it useful to implement the guidelines proposed in this document and can be interested in knowing whether the resultant quality management system is compliant or not with this document. In this case, an organization can use both this document and ISO 9001 as assessment criteria for quality management systems in the software domain.

  • Standard
    69 pages
    English language
    sale 15% off
ISO
ISO 21224:2025(Main)
Evaluation of centreline segregation of continuously cast slabs

This document specifies a procedure for the evaluation of centreline segregation of continuously cast slabs, including sampling, sample preparation and evaluation method. This document is applicable for low carbon steel slabs for pipe production manufactured by continuous casting. These steels have a typical chemical composition as follows (mass percentages): — C ≤ 0,12 % — Mn ≤ 2,0 % — Si ≤ 0,5 % — Ti + Nb + V ≤ 0,2 % The common dimensions of these slabs are in the following ranges: — Slab width: 800 mm to 2 600 mm — Slab thickness: 150 mm to 450 mm The evaluation methods covered by this document are based on macroscopic etching of slab samples followed by visual inspection by means of human eye or camera systems. The procedures for sampling described in 5.1 to 5.3 of this document are applicable to steels slabs in general (e. g. other steel grades or dimensions). However, the etching procedure (see 5.4) in combination with the evaluation methods described in Clause 6 have been developed especially for the application on pipeline steels as given above. Thus, they are not applicable to other steel grades, product types or dimensions without a prior validation. Any extension or modification beyond the scope of this document necessitates a separate agreement between producer and customer.

  • Standard
    19 pages
    English language
    sale 15% off
ISO
ISO 18589-7:2025(Main)
Measurement of radioactivity in the environment — Soil — Part 7: In situ measurement of gamma-emitting radionuclides

This document specifies the identification of radionuclides and the measurement of their activity in soil using in situ gamma spectrometry with portable systems equipped with germanium or scintillation detectors. This document is suitable to rapidly assess the activity of artificial and natural radionuclides deposited on or present in soil layers of large areas of a site under investigation. This document can be used in connection with radionuclide measurements of soil samples in the laboratory (see ISO 18589-3) in the following cases: — routine surveillance of the impact of radioactivity released from nuclear installations or of the evolution of radioactivity in the region; — investigations of accident and incident situations; — planning and surveillance of remedial action; — decommissioning of installations or the clearance of materials. It can also be used for the identification of airborne artificial radionuclides, when assessing the exposure levels inside buildings or during waste disposal operations. Following a nuclear accident, in situ gamma spectrometry is a powerful method for rapid evaluation of the gamma activity deposited onto the soil surface as well as the surficial contamination of flat objects. NOTE The method described in this document is not suitable when the spatial distribution of the radionuclides in the environment is not precisely known (influence quantities, unknown distribution in soil) or in situations with very high photon flux. However, the use of small volume detectors with suitable electronics allows measurements to be performed under high photon flux.

  • Standard
    54 pages
    English language
    sale 15% off
  • Standard
    55 pages
    French language
    sale 15% off
ISO
ISO 18953:2025(Main)
Steel structures — Structural bolting — Test methods to determine loss of pretension from faying surface coatings

This document specifies test methods to determine loss of pretension in high-strength bolts due to the presence of coatings on the faying surface(s) of a bolted joint to be used in structural steelwork, when any of the coatings are thick enough to affect the pretension in a bolt in the short term, or can show significant deformation over time under sustained loads (creep-prone materials). The presence within the grip of the bolt of other materials having considerably smaller stiffness than steel, such as insulation, is not included in this test method.

  • Standard
    11 pages
    English language
    sale 15% off
ISO
ISO 18243:2025(Main)
Electrically propelled mopeds and motorcycles — Test specifications and safety requirements for lithium-ion battery systems

This document specifies the test procedures for lithium-ion battery packs and systems used in electrically propelled mopeds and motorcycles. The specified test procedures enable the user of this document to determine the essential characteristics on performance and safety of lithium-ion battery packs and systems. It is also possible to compare the test results achieved for different battery packs or systems. This document enables setting up a dedicated test plan for an individual battery pack or system subject to an agreement between customer and supplier. If required, the relevant test procedures and/or test conditions of lithium-ion battery packs and systems are selected from the standard tests provided in this document to configure a dedicated test plan. NOTE 1 Electrically power-assisted cycles (EPAC) cannot be considered as mopeds. The definition of electrically power-assisted cycles can differ from country to country. An example of definition can be found in Reference [ REF Reference_ref_12 \r \h 7 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310032000000 ]. NOTE 2 Testing on cell level is specified in the IEC 62660 series.

  • Standard
    46 pages
    English language
    sale 15% off
ISO
ISO 11929-2:2025(Main)
Determination of the characteristic limits (decision threshold, detection limit and limits of the coverage interval) for measurements of ionizing radiation — Fundamentals and application — Part 2: Advanced applications

The ISO 11929 series specifies a procedure, in the field of ionizing radiation metrology, for the calculation of the “decision threshold”, the “detection limit” and the “limits of the coverage interval” for a non-negative ionizing radiation measurand when counting measurements with preselection of time or counts are carried out. The measurand results from a gross count rate and a background count rate as well as from further quantities on the basis of a model of the evaluation. In particular, the measurand can be the net count rate as the difference of the gross count rate and the background count rate, or the net activity of a sample. It can also be influenced by calibration of the measuring system, by sample treatment and by other factors. ISO 11929 has been divided into four parts covering elementary applications in ISO 11929-1, advanced applications on the basis of the GUM Supplement 1 in this document, applications to unfolding methods in ISO 11929-3, and guidance to the application in ISO 11929-4. ISO 11929-1 covers basic applications of counting measurements frequently used in the field of ionizing radiation metrology. It is restricted to applications for which the uncertainties can be evaluated on the basis of the ISO/IEC Guide 98-3 (JCGM 2008). In ISO 11929-1:2025, Annex A, the special case of repeated counting measurements with random influences is covered, while measurements with linear analogous ratemeters are covered in ISO 11929-1:2025, Annex B. ISO 11929-3 deals with the evaluation of measurements using unfolding methods and counting spectrometric multi-channel measurements if evaluated by unfolding methods, in particular, for alpha- and gamma‑spectrometric measurements. Further, it provides some advice on how to deal with correlations and covariances. ISO 11929-4 gives guidance to the application of ISO 11929, summarizes shortly the general procedure and then presents a wide range of numerical examples. Information on the statistical roots of ISO 11929 and on its current development may be found elsewhere[ REF Reference_ref_37 \r \h 30 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00330037000000 ][ REF Reference_ref_38 \r \h 31 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00330038000000 ]. ISO 11929 also applies analogously to other measurements of any kind especially if a similar model of the evaluation is involved. Further practical examples can be found, for example, in ISO 18589[ REF Reference_ref_8 \r \h 1 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0038000000 ], ISO 9696[ REF Reference_ref_9 \r \h 2 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0039000000 ], ISO 9697[ REF Reference_ref_10 \r \h 3 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310030000000 ], ISO 9698[ REF Reference_ref_11 \r \h 4 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310031000000 ], ISO 10703[ REF Reference_ref_12 \r \h 5 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310032000000 ], ISO 7503[ REF Reference_ref_13 \r \h 6 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310033000000 ], ISO 28218[ REF Reference_ref_14 \r \h 7 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310034000000 ] and ISO 11665[ REF Reference_ref_15 \r \h 8 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310035000000 ]. NOTE A code system, named UncertRadio, is available for calculations according t

  • Standard
    40 pages
    English language
    sale 15% off
  • Standard
    41 pages
    French language
    sale 15% off
ISO
ISO 18990:2025(Main)
Measurement of radioactivity in urine-238Pu, 239Pu and 240Pu — Test method using alpha spectrometry or ICP-MS

This document specifies approaches for the determination of plutonium isotopes (238Pu, 239Pu and 240Pu) in urine using alpha spectrometry or inductively coupled plasma mass spectrometry (ICP-MS). It is applicable to the measurement of plutonium isotopes at levels which are appropriate for — workers handling plutonium in planned exposure situations, where detection limits are sufficiently low to be in accordance with dose limits, and — workers, members of the public and emergency responders in emergency exposure situations, where required detection limits can be much higher, and results need to be reported in a short timescale. This document does not provide information on when monitoring is carried out or the interpretation of the results in terms of dose or biological effects.

  • Standard
    37 pages
    English language
    sale 15% off
  • Standard
    39 pages
    French language
    sale 15% off
ISO
ISO/IEC 19583-27:2025(Main)
Information technology — Concepts and usage of metadata — Part 27: Mapping between metamodel for computable data registration and bioinformatics analyses by high-throughput sequencing (HTS)

This document provides a mapping between the ISO/IEC 11179-34 metamodel for computable data registration and the IEEE 2791 standard for bioinformatics analyses generated by high-throughput sequencing (HTS), to facilitate the production of IEEE 2791 objects from instances of ISO/IEC 11179-34 metamodel and the registration of IEEE 2791 objects as computable data within an MDR conforming to ISO/IEC 11179-34. This document is applicable to those who are submitting data to organizations that require metadata submissions in IEEE 2791 compliant format, as well as those aiming to register IEEE 2791 objects into an MDR that conforms to ISO/IEC 11179-34.

  • Standard
    50 pages
    English language
    sale 15% off
ISO
ISO 13144:2025(Main)
Textiles — Determination of quinoline, isoquinoline and certain derivatives

This document specifies a method for the qualification and quantification of certain quinoline derivatives in textile products by means of extraction with methanol and gas chromatography with mass selective detector or liquid chromatography with mass selective detector. The method is applicable to all kinds of textile products consisting of natural or artificially dyed textile fibres and fabrics. It is further applicable to dyestuff powder used as textile auxiliary for dyeing and printing.

  • Standard
    16 pages
    English language
    sale 15% off
  • Standard
    18 pages
    French language
    sale 15% off