Embed Size (px)
DESCRIPTION
Software Asset Management ISO19770. itSMF Konference 2012. Indhold. Kunde historier Standardiserings arbejdet ISO19770 familien Fremtid. Kunde historier. Licens-rod kostede myndighed millioner - PowerPoint PPT Presentation
Citation preview
1
Software Asset ManagementISO19770
itSMF Konference
2012
2
Indhold
• Kunde historier• Standardiserings arbejdet• ISO19770 familien• Fremtid
3
Kunde historier
Licens-rod kostede myndighed millionerLicensgennemgang hos en myndighed viste sig at blive en dyr fornøjelse. Region Hovedstaden har fået tjekket sine licenser af IBM, der har haft revisionshuset Deloitte med inde over. Kr. 28 mill. Kilde: Computerworld 17. juli 2012
Her er regningen til Statens IT efter licens-kontrolEn licenskontrol hos Statens It er endt med en regning på køb af licenser for et større millionbeløb. Kr. 26 mill. Kilde: Computerworld 3. juli 2012
Microsoft: Kundernes systemer giver licensproblemerVores licensregler er simple. Det er noget andet, som gør området kompliceret, mener Microsoft. Kilde: Computerworld 17. juli 2012
4
Standardiseringsarbejdet
ISO arbejdsgruppe struktur og ansvar
5
WG21 historien
• ISO19770 arbejder i WG21 under ISO• Etableret i 2001• Første standard 19770-1 frigivet 2006• Ledes i dag af David Bicket
Arbejdsform
• 2 årlige møder af en uges varighed• 13 lande repræsenteret i arbejdet• Ca. 20 deltagere pr. møde• Udviklingsarbejdet foregår i mellem møderne• Resultater sendes i nationalt review (via DS)• Review svar og kommentarer behandles på årlige
møder
6
Standardisering Struktur
ISO/IEC
SC7
WG21
Dansk standard
itSMF
Reference gruppe
RepræsentantDeltager i fysiske møder. Er DS repræsentant
Deltager i review.Gerne flere deltagere
International arbejdsgruppe
7
19770 familien
Software Asset Management
8
19770 familien
• 19770-1 – Software Asset Management processer• 19770-2 – Software Identification Tag• 19770-3 – Software Entitlement Tag• 19770-5 – Terminologi / overblik• 19770-6 – Embedded Software Tag• 19770-7 – Tag Management
9
19770-1 SAM proces struktur (Frigivet)
Organizational management processes for SAM 4.2 Control environment for SAM
Corporate governance processes for SAM Roles & responsibilities CompetencesPolicies, processes and procedures
4.3 Planning and implementation processes for SAMPlanning for SAM Implementation of SAM Monitoring and review of SAMContinual improvement of SAM
Core SAM processes
4.4 Inventory processes for SAMSoftware asset identification
Processes for SAM
Software Asset inventory Software Asset control
4.5 Verification and Compliance processes for SAMSoftware Asset record verification Software licensing compliance
Software Asset security complianceConformance verification for SAM
4.6 Operations Management processes and interfaces for SAMRelationship and Contract Management for SAM Financial Management for SAM Service Level Management for SAMSecurity Management for SAM
Primary process interfaces for SAM
4.7 Life cycle process interfaces for SAM Change Management process Software development process Software deployment processAcquisition process Software Release process Incident Management process
Problem Management processRetirement process
10
Fire implementeringstrin
Trin 2Trin 3
Trin 4
Trin 1
Troværdige data.Man ved hvad
man har, så man kan styre og
kontrollere det
Praktisk ledelse.Forbedre ledelses
kontrol & umiddelbare forbedringer
Operationel integration.Forbedrer
effektivitet og anvendelighed
Fuld ISO/IEC SAM overholdelse.Opnår Best-in-Class strategisk
SAM
11
Trin 1 processerEksempel
Organizational management processes for SAM 4.2 Control environment for SAM
Corporate governance processes for SAM Roles & responsibilities CompetencesPolicies, processes and procedures
4.3 Planning and implementation processes for SAMPlanning for SAM Implementation of SAM Monitoring and review of SAMContinual improvement of SAM
Core SAM processes
4.4 Inventory processes for SAMSoftware asset identification
Processes for SAM
Software Asset inventory Software Asset control
4.5 Verification and Compliance processes for SAMSoftware Asset record verification Software licensing compliance Software Asset security
complianceConformance verification for SAM
4.6 Operations Management processes and interfaces for SAMRelationship and Contract Management for SAM Financial Management for SAM Service Level Management for SAMSecurity Management for SAM
Primary process interfaces for SAM
4.7 Life cycle process interfaces for SAM Change Management process Software development process Software deployment processAcquisition process Software Release process Incident Management process
Problem Management processRetirement process
12
19770-2 Software IdentificationTags (Frigivet)
• Specificerer en XML-baseret struktur med metadata til kontrol af installeret software
• Formål er at skabe sporbarhed mellem software entiteter
• Markedsudbredelsen varetages af en non-profit organisation TagVault
13
TagVault.org• Certificeringsmyndighed til software
identifikationsmærke• Non-profit• Medlemsdrevet• Fokus på markedets krav (Autoritativ og
konsistens)• Supporterer SAM Eco-system
– Certificerings process– Software tag bibliotek– Software værktøjer og Services– Best practices
Nuværende bestyrelse er: Symantec, CA Technologies, Moduslink, Microsoft
14
19770-3Software Entitlement Tag (under udvikling)
• Specificerer en XML-baseret struktur med metadata til kontrol af software brugsrettigheder
• Formål er at skabe sporbarhed mellem software entiteter og brugslicenser
15
19770-5Overblik og terminologi (Frigivet)
• Definition af terminologi anvendt i SAM• Overblik og sammenhænge mellem de enkelte
standarder i SAM familien
16
19770-6 Embedded devices (under udvikling)
• Sammen koncept som for Software Identification Tag (ISO19770-2)
• Fokus er styring og kontrol af Software installeret på Embedded devices
17
19770-7 Tag management (under udvikling)
• Etablerer en guide og baseline for styring og kontrol af alle Software Tags defineret i ISO/IEC 19770 standarden.
• Fokus området er: – Hvordan data sammenlignes korrekt i forhold til, hvad der er installeret og taget i brug imod licens og
korrekt anvendelsesmåde
– Hvordan man anvender SAM tagging data i nye teknologi miljøer, som f.eks. Virtualisering og Cloud.
– Hvordan SAM tagging data anvendes succesfuld og korrekt, som en del af distribution, implementering og udfasning
– Hvordan man anvender SAM tagging data til interne / eksterne audits
– Hvordan man anvender og håndhæver standarder i forbindelse med software arkitektur design
– Hvordan man opnår ensartede og nøjagtige data på tværs af software forsyningskæden
18
Fremtiden
19
Fremtiden• Tilpasning til ISO20000 • Tilpasning til ITIL og COBIT• Organisatorisk og proces vurderingsmodel baseret på ISO15504
og ISO33002• Certificeringsprogram • Vejledninger til implementering i forskellige organisatoriske
miljøer• ISO19770 og BYOD• Metadata standarder f.eks.
– Medie Tags– Device Tags– Adaptability Tags
20
COBIT – SAM – ITILEksempel
COBIT 5 Code
COBIT Process Name ISO/IEC 19770 Alignment ITIL v3 Process
EDM04 Ensure Resource Optimisation Software Asset Identification
Software Asset Control
Software Asset Record Verification
Software Licensing Compliance
Conformance Verification for SAM
Software Asset Inventory Management
Capacity Management
Configuration Management
MEA01 Monitor, Evaluate and Assess Performance and Conformance
Corporate Governance Process for SAM
Competence in SAM
Monitoring and Review of SAM
Service Reporting
Service Measurement
APO01 Manage the IT Management Framework Roles and Responsibilities for SAM
Continual Improvement of SAM
Policies, Processes and Procedures for SAM
Continual Service Improvement
APO06 Manage Budget and Costs Financial management for SAM Financial Management
APO07 Manage Human Resources Planning for SAM
Roles and Responsibilities for SAM
Skills Framework for the Information Age (SFIA)1
APO09 Manage Service Agreements Service Level Management for SAM Demand Management
Service Portfolio Management
Service Catalogue Management
Service Level Management
Service Reporting
APO12 Manage Risk Change Management Process
Software Deployment Process
Change Management
Release and Deployment
BAI04 Manage Availability and Capacity Software Asset Inventory Management Availability Management
Capacity Management
BAI06 Manage Changes Change Management Process Change Management
BAI07 Manage Change Acceptance and Transitioning
Software Release Management Process
Software Deployment Process
Transition Planning and Support
Release and Deployment
Service Validation and Testing
Service Evaluation
BAI09 Manage Assets Software Licence Compliance
Software Asset Inventory Management
Acquisition Process
Retirement Process
Configuration Management
BAI10 Manage Configuration Software Asset Identification
Software Asset Control
Software Asset Record Verification
Software Licensing Compliance
Conformance Verification for SAM
Configuration Management
DSS02 Manage Service Requests and Incidents Incident Management Process Incident Management
Request Fulfilment
21
Yderligere information
• ISO19770.org (Officielle web site)• WIKI ISO19770• TagVault.org (Software Tag non-profit organisation)• IAITAM.org (International netværksorganisation med
fokus på Software & Hardware Asset Management)• itSMF.dk
22
www.oberg-partners.com
