An end to the software police?

After months of delay, the ISO has finally published a standard for software asset management that may protect companies from legal and financial threats over licensing issues

The International Standards Organisation (ISO) finally published its standard for software asset management (SAM) on Monday.

SAM has become a key issue for companies in the last few years as they try to keep track of what software assets they are using, how much they are paying in licence costs and, crucially, what they could save by better deployment of those assets.

The issue has been brought into sharper focus through the activities of the Business Software Alliance (BSA) and the Federation Against Software Theft (Fast), and companies like Microsoft that have made clear the penalties for companies that use improperly licensed software.

The new standard, called ISO/IEC 19770-1, is published jointly by the ISO and the International Electrotechnical Commission. It had been due this March after missing its original 2005 release date.

The main driver for 19770 has been the need for companies to demonstrate good corporate governance. Investors in Software (IiS) is one of the organisations involved in the development of the standard, which it has been working on for four years.

IiS said in a statement on its Web site: "The underlying justification for SAM is the need to apply good governance to software assets -- without it, organisations could be subjected to significant risks including legal and financial exposure."

Shawn Frohlich, chair of IiS, is delighted the standard has been finally accepted: "Until Monday night, companies had no way of establishing that they were properly managing their assets. They had no way of proving it. Now they do. There is a standard to work towards."

However, ISO has still only published part one, covering processes. The second part, covering tools, is expected later this year.

Part one is divided into risk management, cost control, and competitive advantage.

For Frohlich, risk management is a key area. "You couldn’t demonstrate a clean bill of health before," he told ZDNet UK.

Risk management covers issues that could arise from improper licensing, such as interruption or deterioriation of IT services, legal and regulatory exposure, and damage to public image.

It is the latter two areas that have focused CIOs and IT managers on software asset management. Firms that have been caught infringing software licences have suffered high-profile, and often very expensive, humiliation at the hands of Fast and the BSA.

Frohlich believes both interest groups will welcome the new standard: "The BSA has already welcomed it, and I believe Fast is preparing something as well."

Neil MacBride, BSA vice-president of legal affairs, said in a statement that his organisation is "delighted that the ISO has launched this standard and we congratulate all those in the standards and software asset management community around the world who have worked so hard to bring this to fruition".

MacBride said it was "a milestone in the global development of software management best practice" and would "help organisations of all sizes to ensure that they are fully software compliant and making best use of their software assets".

According to the ISO, the standard will "enable an organisation to prove that it is performing SAM to a standard sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall".