On day two of the Lansweeper 360 User Conference 2022, we welcomed Christian Oudenbroek, CEO of Brand Compliance Services Group BV to our breakout room to talk about the recently created certification scheme for ISO 19770-1, the ISO standard for IT Asset Management. Brand Compliance is an accredited Certification Body specialized in quality, information security, and privacy. They developed the new certification scheme in collaboration with the ITAM Forum.
Where Does This New ISO Certification Come From?
Over the last couple of years, companies and organizations have started devoting more attention to their IT Asset Management. Thanks to rising awareness surrounding cybersecurity risks and further spurred on by the sudden shift to working-from-home and hybrid environments, stakeholders have become increasingly interested in knowing what IT assets they have. However, ITAM is a surprisingly complex matter, so the need for a standard presented itself, and ISO delivered on this need with the ISO 19770-1 Standard.
The ISO 19770-1 Standard drew the attention of the ITAM Forum, an organization founded by professionals in the field of ITAM, and supported by corporations that recognize the importance of ITAM. They want to use it to elevate the acceptance and importance of ITAM practices in the real world. In order to do so, they approached Brand Compliance, an organization with experience in the creation of certification schemes, to deliver a certification scheme to audit against the standard. This resulted in the certification 19770-11, plus an add-on for specifications. Brand Compliance was then approved by the ITAM Forum as a certification body.
Watch the webinar about the ISO 19770-1 Standard for ITAM
Why You Need the ISO 19770-1 Standard for ITAM
- Reduce IT Spending: Effective IT Asset Management allows you to better manage your IT assets and resources, reducing unnecessary spending.
- Reduce License Compliance Risk: Avoid being over- or under-licensed by knowing exactly what is installed and licensed in your network.
- Operational Efficiency: Create 1 single pane of glass to give you insight into your entire IT environment.
- Information Security: ITAM is the foundation of your IT security, as you may know from the security-focused ISO 27000 standard. You can't secure what you don't know you have.
- Sustainability: Track your assets' lifecycle from specifications all the way to retirement.
Why Get Certified?
Once you have your IT Asset Management implemented, you can get certified, which will prove to your stakeholders, both internal and external that you are not only in control, but best in class at it.
- The Board: Show that you are in control of your IT environment.
- The Finance Department: Keep an inventory of all of your assets to back your financial statements.
- The Information Security Department: Provide insight into all your IT assets to prevent security breaches.
- License Vendors: Show that you are in control of your IT assets and on top of your license compliance.
- Customer: Show that you are in control of your customer data and that it is accurate.
Getting Ready For ISO 19770-1 Certification
ISO 19770-1 uses the same approach as all other ISO management systems, the so-called PDCA cycle: Plan, Do, Check, Act. To start off, your will need to define your scope. What assets are you working with, and which ones are the most important to you? The ISO 19770-1 standard has already provided an overview of IT assets, divided into different classes, that you can use as your base. Once you know what you are working with, it is time to define your policies. How will you be managing these assets?
ISO 19770-1 implements a risk approach, not only for the ITAM risks but also for those that tie in with different business processes like information security or finance. Finally, there is also attention for the lifecycle approach. Consider in your policies, your assets from specifications, acquisition, or development all the way to their retirement.
Once you have everything planned out, the next steps are fairly simple. Implement your management system and check if your objectives are met. If that is the case, you are ready for certification. Although this may sound like a lot of work, it mainly requires only 2 things. That is control over your IT assets and a management system. Most corporations already have a management system in place, all that's left to do is to widen the scope, and include an automated discovery and inventory solution for IT Asset Management.