iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 19770-5:2015

(Main)

Information technology — IT asset management — Part 5: Overview and vocabulary

Information technology — IT asset management — Part 5: Overview and vocabulary

ISO/IEC 19770-5:2015 provides a) an overview of the ISO/IEC 19770 family of standards, b) an introduction to IT asset management (ITAM) and software asset management (SAM), c) a brief description of the foundation principles and approaches on which SAM is based, and d) consistent terms and definitions for use throughout the ISO/IEC 19770 family of standards. ISO/IEC 19770-5:2015 is applicable to all types of organization (e.g. commercial enterprises, government agencies, and non-profit organizations).

Technologies de l'information — Gestion de biens de logiciel — Partie 5: Vue d'ensemble et vocabulaire

General Information

Status
Published
Publication Date
30-Jul-2015
ICS
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 7 - Software and systems engineering
Drafting Committee
ISO/IEC JTC 1/SC 7/WG 21 - Information technology asset management
Current Stage
Ref Project

Relations

Revises
ISO/IEC 19770-5:2013 - Information technology — Software asset management — Part 5: Overview and vocabulary
Effective Date
05-Nov-2015

Buy Standard

ISO/IEC 19770-5:2015 - Information technology -- IT asset managementISO/IEC 19770-5:2015 - Information technology -- IT asset management
PreviousNext
Standard
ISO/IEC 19770-5:2015 - Information technology -- IT asset management
English language
19 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 19770-5
Second edition
2015-08-01
Information technology — IT asset
management — Overview and
vocabulary
Technologies de l’information — Gestion de biens de logiciel — Vue
d’ensemble et vocabulaire
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 IT asset management (ITAM) and software asset management (SAM) .8
4.1 Introduction . 8
4.2 The need to manage software assets . 9
4.2.1 General. 9
4.2.2 Direct benefits . 9
4.2.3 Cost control .10
4.2.4 Risk management and mitigation .10
4.3 Foundation principles .11
4.4 Relationships to principles defined in other standards .11
4.4.1 Introduction .11
4.4.2 Relationship to ISO 9001 principles .11
4.4.3 Relationship to ISO/IEC 20000 principles .11
4.4.4 Relationship to ISO/IEC 27000 principles .11
4.4.5 Relationship to ISO 55000 principles .12
4.5 Principles of process definitions .12
4.6 Evaluation of process definition conformance .12
4.7 Principles of information structures .13
4.8 Evaluation of information structure definition conformance .13
4.9 Critical success factors .13
5 ITAM family of standards .14
5.1 General information .14
5.2 Standards specifying processes .14
5.2.1 ISO/IEC 19770-1:2006 .14
5.2.2 ISO/IEC 19770-1:2012 .15
5.2.3 ISO/IEC 19770-1:201x .15
5.3 Technical reports providing guidance for process standards .15
5.3.1 ISO/IEC 19770-8:201x .15
5.3.2 ISO/IEC 19770-11:201x .15
5.4 Standards specifying information structures .16
5.4.1 ISO/IEC 19770-2:2009 .16
5.4.2 ISO/IEC 19770-2:201x .16
5.4.3 ISO/IEC 19770-3:201x .16
5.4.4 ISO/IEC 19770-4:201x .17
5.4.5 ISO/IEC 19770-6:201x .17
5.5 Technical reports providing guidance for information structure standards.17
5.5.1 ISO/IEC 19770-7:201x .17
5.5.2 ISO/IEC 19770-22:201x .17
5.6 Overview standards .18
5.6.1 ISO/IEC 19770-5:2013 .18
5.6.2 ISO/IEC 19770-5:2015 (this standard).18
Bibliography .19
© ISO/IEC 2015 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee
SC 7, Software and systems engineering.
This second edition cancels and replaces the first edition (ISO/IEC 19770-5:2013), which has been
technically revised.
ISO/IEC 19770 consists of the following parts, under the general title Information technology — Software
asset management:
— Part 1: Processes and tiered assessment of conformance
— Part 2: Software identification tag
— Part 3: Software entitlement schema
— Part 5: Overview and vocabulary
The following parts are under preparation:
— Part 4: Resource Utilization Measurement (RUM)
— Part 7: Tag management
iv © ISO/IEC 2015 – All rights reserved

Introduction
Overview
International Standards in the ISO/IEC 19770 family of standards for software asset management
(SAM) address both the processes and technology for managing software assets and related IT assets.
Because IT is an essential enabler for almost all activity in today’s world, these standards must integrate
tightly into all of IT. For example, from a process perspective, SAM standards must be able to be used
with all Management System Standards, because software and software management are essential
components of any modern Management System. From a technology perspective, SAM standards for
information structures provide not only for data interoperability of software management data, but
also provide the basis for many related benefits such as more effective security in the use of software.
SAM standards for information structures also facilitate significant automation of IT functionality,
such as improved authentication of software and linking to national vulnerability databases for more
automated exposure identification and mitigation.
SAM family of standards
The ISO/IEC 19770 family of standards is intended to assist organizations of all types to implement and
operate a software asset management system using both process and technology. The ISO/IEC 19770
family of standards consists of the parts listed in the Foreword.
NOTE ISO/IEC 19770-4, ISO/IEC 19770-6, ISO/IEC 19770-9 and ISO/IEC 19770-10 are either related to
projects that have been withdrawn, or are reserved for future use.
Purpose of this part of ISO/IEC 19770
This part of ISO/IEC 19770 provides an overview of software asset management, which is the subject of
the ISO/IEC 19770 family of standards, and defines related terms.
This part of ISO/IEC 19770 is divided into the following clauses:
— Clause 1 is the scope;
— Clause 2 describes the normative references;
— Clause 3 describes the terms, definitions, symbols, and abbreviations;
— Clause 4 introduces software asset management, describes the alignment of SAM standards with
other ISO and ISO/IEC standards, and defines principles of SAM processes and data structures;
— Clause 5 gives an overview of the SAM standards family.
The terms and definitions provided in this part of ISO/IEC 19770
a) cover commonly used terms and definitions in the ISO/IEC 19770 family of standards,
b) will not cover all terms and definitions applied within the ISO/IEC 19770 family of standards, and
c) do not limit the ISO/IEC 19770 family of standards in defining terms for their own use.
To reflect the changing status of the SAM family of standards, this part of ISO/IEC 19770 is expected to
be updated on a more frequent basis than would normally be the case for other ISO/IEC standards.
© ISO/IEC 2015 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 19770-5:2015(E)
Information technology — IT ass
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 24773-2:2024(Main)
Software and systems engineering — Certification of software and systems engineering professionals — Part 2: Guidance regarding description of knowledge, skills, and competencies contained in schemes

This document contains guidance for certification that can be used by certification or qualification bodies regarding the description of knowledge, skill and competence within their particular schemes based on ISO/IEC 24773-1.

  • Standard
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-1-1:2024(Main)
Systems and software engineering — Lifecycle profiles for very small entities (VSEs) — Part 1-1: Overview

This document establishes the major concepts required to understand and use the ISO/IEC 29110 series. It specifies the characteristics and requirements of a VSE, and clarifies the rationale for VSE-specific profiles, documents, profile specifications and guidelines. This document introduces the taxonomy (catalogue) of ISO/IEC 29110 profiles and the ISO/IEC 29110 series. This document is applicable to a VSE but can also be used by an entity that is larger than a VSE.

  • Standard
    14 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-1-2:2024(Main)
Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 1-2: Vocabulary

This document defines the terms common to the ISO/IEC 29110 series. This document is applicable to very small entities (VSEs), and their customers, assessors, standards producers, tool vendors and methodology vendors.

  • Standard
    18 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 24748-1:2024(Main)
Systems and software engineering — Life cycle management — Part 1: Guidelines for life cycle management

This document provides guidance for the life cycle management of systems and software, complementing the processes described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207. This document: — addresses systems concepts and life cycle concepts, models, stages, processes, process application, key points of view, adaptation and use in various domains and by various disciplines; — establishes a common framework for describing life cycles, including their individual stages, for the management of projects that provide or acquire either products or services; — defines the concept of a life cycle; — supports the use of the life cycle processes within an organization or a project; organizations and projects can use these life cycle concepts when acquiring and supplying either products or services; — provides guidance on adapting a life cycle model and the content associated with a life cycle or a part of a life cycle; — describes the relationship between life cycles and their use in applying the processes in ISO/IEC/IEEE 15288 (systems aspects) and ISO/IEC/IEEE 12207 (software systems aspects); — shows the relationships of life cycle concepts to the hardware, human, services, process, procedure, facility and naturally occurring entity aspects of projects; — describes how its concepts relate to detailed process standards, for example, in the areas of measurement, project management, risk management and model-based systems and software engineering.

  • Standard
    76 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 24748-2:2024(Main)
Systems and software engineering — Life cycle management — Part 2: Guidelines for the application of ISO/IEC/IEEE 15288 (system life cycle processes)

The proposed project is a revision of ISO/IEC/IEEE 24748-2:2018, Systems and software engineering — Life cycle management — Part 2: Guidelines for the application of ISO/IEC/IEEE 15288 (System life cycle processes). There are no scope changes. ISO/IEC/IEEE 24748-2 is a guideline for the application of ISO/IEC/IEEE 15288. It addresses system, life cycle, organizational, project, and process, concept application, principally through reference to ISO/IEC/IEEE 24748-1 and ISO/IEC/IEEE 15288. It gives guidance on applying ISO/IEC/IEEE 15288 from the aspects of strategy, planning, application in organizations, and application on projects. It also provides comparison of the differences between ISO/IEC/IEEE 15288 current revision and the prior version, ISO/IEC 15288:2015.

  • Standard
    63 pages
    English language
    sale 15% off
ISO
ISO/IEC 25002:2024(Main)
Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Quality model overview and usage

This document establishes a framework for defining quality models which are composed of quality characteristics and sub-characteristics. In particular, this document provides: — the concept of a quality model; — the structure and semantics of quality models; — the relationship between quality models and the other concepts, including measurement, requirement definition, and evaluation; — guidelines, requirements and examples for using quality models.

  • Standard
    17 pages
    English language
    sale 15% off
ISO
ISO/IEC 19770-1:2017/Amd 1:2024(Amendment)
Information technology — IT asset management — Part 1: IT asset management systems — Requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC 19770-6:2024(Main)
Information technology — IT asset management — Part 6: Hardware identification tag

This document provides specifications for a transport format which enables the digital encapsulation of this data. This document refers to an encapsulation of hardware identification (HWID) data as a HWID tag, just as ISO/IEC 19770-2 refers to software identification (SWID) tags for software identification. This document applies to the following. — Tag producers: organizations that create HWID tags for use by others in the market. A tag producer can be part of the organization creating the hardware or a third-party organization. These organizations can be broken down into two major categories. — Device or component providers: entities responsible for the manufacturing or creation of the hardware device and/or associated operating system, virtual environment, or application platform. Platform providers which support this document can additionally provide tag management capabilities at the level of the platform or operating system. — Tag tool providers: entities that provide tools to create hardware identification tags. For example, tools within development environments that generate hardware identification tags, or installation tools that can create tags on behalf of the installation process, and/or desktop management tools that can create tags for underlying hardware, virtual machines, or platforms that did not originally have a hardware identification tag. — Tag consumers: tools and/or organizations who utilize information from HWID tags are broken down into the following two major categories. — Device or component consumers: entities that purchase, install, integrate, and/or otherwise deploy physical or virtual hardware or components. — IT discovery and processing tool providers: entities that provide tools to collect, store, and process hardware identification tags. These tools may be targeted at a variety of different market segments, including security, asset management, and logistics. This document deals only with hardware device or component identification. This document does not detail information technology asset management (ITAM) processes required for discovery and management of hardware (which is provided in ISO/IEC 19770-1) software identification tags (as defined by ISO/IEC 19770-2), entitlement tags (as defined by ISO/IEC 19770-3), or resource utilization measurements (as defined by ISO/IEC 19770-4).

  • Standard
    41 pages
    English language
    sale 15% off
ISO
ISO/IEC 25019:2023(Main)
Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Quality-in-use model

This document defines a quality-in-use model composed of three characteristics (which are further subdivided into sub-characteristics) that can influence stakeholders when products or systems are used in a specified context of use. This model is applicable to the entire spectrum of information system and IT service system, including both computer systems in use and software products in use. This document provides a set of quality characteristics for specifying, measuring, evaluating and improving quality-in-use. In this document, because context of use is specified as prerequisite of quality-in-use, context of use is necessary to be re-specified to change prerequisite when a product or service intend to fulfil to context of use changes. The model can be applied, in particular, by those responsible for specifying and evaluating software product quality, such as developers, acquirers, quality assurance and control staff, and independent evaluators. Activities during product development that can benefit from the use of the quality model can include, but are not limited to: — identifying requirements for information system and IT service system in use; — validating the comprehensiveness of a quality-in-use requirements specification; — identifying information system and IT service system design objectives for quality-in-use; — identifying quality-in-use control criteria as part of overall quality assurance; — identifying acceptance criteria for information system and IT service system or information systems; — establishing measures to address the consequences of using products in specified context-of -use; — presenting evaluation items for ethics considerations when using information system and IT service system; — supporting governance of digitalization activities.

  • Standard
    31 pages
    English language
    sale 15% off
ISO
ISO/IEC 25010:2023(Main)
Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Product quality model

This document defines a product quality model, which is applicable to ICT (information and communication technology) products and software products. The product quality model is composed of nine characteristics (which are further subdivided into subcharacteristics) that relate to quality properties of the products. The characteristics and subcharacteristics provide a reference model for the quality of the products to be specified, measured and evaluated. NOTE 1 In this document, a product refers to an ICT product that is part of an information system. ICT product components include subsystems, software, firmware, hardware, data, communication infrastructure, and other elements that are part of the ICT product. This model can be used for requirements specification and evaluation of the target products’ quality throughout their lifecycle by several stakeholders, including developers, acquirers, quality assurance and control staff and independent evaluators. Activities in the product lifecycle that can benefit from the use of this model include: — eliciting and defining product and information system requirements; — validating the comprehensiveness of requirements definition; — identifying product and information system design objectives, and design necessary process for achieving quality; — identifying product and information system testing objectives; — identifying quality control criteria as the part of quality assurance; — identifying acceptance criteria for a product and/or an information system; — establishing measures of product quality characteristics in support of these activities. NOTE 2 Usage of the quality model for measurement is explained in Annex C.

  • Standard
    22 pages
    English language
    sale 15% off