Moving from SAM to ITAM: Repositioning of processes and tiers (part 3 of 3)

In this third, and last, blog we explain how the processes and tiers have been repositioned.

With the 2017 version of the ISO standard, and the change from ‘processes and tiered assessment’ to a ‘IT Asset Management system’, only three tiers remain. The management system is the basis and therefore not assigned to tiers.

 
The processes are repositioned and structured in a clearer and simpler way. Process requirements can no longer reference to different tiers. Tier 1 reflects the operation of SAM, tier 2 refers to the integration with the IT Asset Life Cycle, tier 3 shows the integration with adjacent functional management processes.

Note that executing the management processes and tier 1 are the responsibility of the ITAM team. Tier 2 and 3 reflect the interaction and integration of the ITAM team with existing processes and is a joint responsibility.

Tiers are now simply a groupings of processes, defined for simplicity of reference. They do no longer necessarily reflect the sequence in which processes have to be implemented.

Tier 1 – Trustworthy data is about knowing what you have so 
you can manage it. It is the collection of infrastructure and contract- and license data, reconciliation, analysis, advise and optimisation. It also includes the monitoring of changes in the infrastructure or organisation that can impact your ITAM practice, as well as securing the sensitive ITAM data against loss or unauthorised access.

Tier 2 – Life Cycle Integration is about achieving greater efficiency and cost-effectiveness in the IT asset life cycle, by assuring that IT assets are managed in the most effective way in each step of the life-cycle.

Tier 3 – Optimisation is about achieving greater efficiency and cost-effectiveness through functional focus. Focus on the contractual and financial side of IT assets, as well as the risks involved with using them.

Additional and updated requirements, new insights and technologies

With the change from ‘processes and tiered assessment’ to a ‘IT Asset Management system’ in the 2017 version of the ISO standard, and the emphasis lays on the management of the operation, rather than on the operation itself, the standard brings some additional and updated requirements.

Context of the organisation (chapter 4)

• Understanding the organisation and the needs and expectations of stakeholders (4.1 & 4.2).
• Determining and describing the scope of the IT Asset Management system (4.3).

Planning (chapter 6)

• More emphasis on the IT asset risk assessment & treatment (6.1).
• Creating a ‘Statement of Applicability’ which lists the objectives, with justification for inclusion and exclusion (6.2), this should, for completeness and communication, also include the description of the scope of the IT Asset Management system.

Support (chapter 7)

• Next to resources and competences, awareness (7.3) and communication (7.4) are now also required.

The operational section of the 2017 version of the ISO standard also shows that it has evolved with the trends of time, and brought new insights and refers to new technologies.

Operation (chapter 8)

• Outsourcing and services – management of cloud services (8.7).
• Mixed responsibilities between the organization and its personnel – managing BYOD (8.8).

Management of the operation (plan > do > check > act - PDCA) and understanding and integrating with the organisation (awareness & communication) is the key to the successful implementation and execution of IT Asset Management! Risk management is a great tool to get commitment from management, and making a Statement of Applicability (including scope & objectives) will help you to enhance the ITAM maturity, and is a great communication tool as well.

Even more than before the ISO/IEC standard for ITAM is a very valuable framework to get and keep control on your SAM / ITAM practice!