1、BSI Standards Publication BS ISO/IEC 19770-5:2015 Information technology IT asset management Part 5: Overview and vocabularyBS ISO/IEC 19770-5:2015 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 19770-5:2015. It supersedes BS ISO/IEC 19770-5:2013 which i
2、s withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/15, Software and systems engineering. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provis
3、ions of a contract. Users are responsible for its correct application. The British Standards Institution 2015. Published by BSI Standards Limited 2015 ISBN 978 0 580 89364 3 ICS 35.080 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was publish
4、ed under the authority of the Standards Policy and Strategy Committee on 30 September 2015. Amendments issued since publication Date Text affectedBS ISO/IEC 19770-5:2015 Information technology IT asset management Overview and vocabulary Technologies de linformation Gestion de biens de logiciel Vue d
5、ensemble et vocabulaire INTERNATIONAL STANDARD ISO/IEC 19770-5 Reference number ISO/IEC 19770-5:2015(E) Second edition 2015-08-01 ISO/IEC 2015 BS ISO/IEC 19770-5:2015ii ISO/IEC 2015 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015, Published in Switzerland All rights reserved. Unless ot
6、herwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the addres
7、s below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 19770-5:2015(E)BS ISO/IEC 19770-5:2015ISO/IEC 19770-5:2015(E)Foreword iv I
8、ntroduction v 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 1 4 IT asset management (IT AM) and software asset management (SAM) .8 4.1 Introduction 8 4.2 The need to manage software assets . 9 4.2.1 General 9 4.2.2 Direct benefits 9 4.2.3 Cost control .10 4.2.4 Risk management and
9、mitigation 10 4.3 Foundation principles 11 4.4 Relationships to principles defined in other standards .11 4.4.1 Introduction 11 4.4.2 Relationship to ISO 9001 principles 11 4.4.3 Relationship to ISO/IEC 20000 principles .11 4.4.4 Relationship to ISO/IEC 27000 principles .11 4.4.5 Relationship to ISO
10、 55000 principles .12 4.5 Principles of process definitions 12 4.6 Evaluation of process definition conformance .12 4.7 Principles of information structures .13 4.8 Evaluation of information structure definition conformance .13 4.9 Critical success factors 13 5 IT AM family of standards 14 5.1 Gener
11、al information 14 5.2 Standards specifying processes .14 5.2.1 ISO/IEC 19770-1:2006 14 5.2.2 ISO/IEC 19770-1:2012 15 5.2.3 ISO/IEC 19770-1:201x 15 5.3 Technical reports providing guidance for process standards .15 5.3.1 ISO/IEC 19770-8:201x 15 5.3.2 ISO/IEC 19770-11:201x .15 5.4 Standards specifying
12、 information structures 16 5.4.1 ISO/IEC 19770-2:2009 16 5.4.2 ISO/IEC 19770-2:201x 16 5.4.3 ISO/IEC 19770-3:201x 16 5.4.4 ISO/IEC 19770-4:201x 17 5.4.5 ISO/IEC 19770-6:201x 17 5.5 Technical reports providing guidance for information structure standards17 5.5.1 ISO/IEC 19770-7:201x 17 5.5.2 ISO/IEC
13、19770-22:201x .17 5.6 Overview standards .18 5.6.1 ISO/IEC 19770-5:2013 18 5.6.2 ISO/IEC 19770-5:2015 (this standard).18 Bibliography .19 ISO/IEC 2015 All rights reserved iii Contents PageBS ISO/IEC 19770-5:2015ISO/IEC 19770-5:2015(E) Foreword ISO (the International Organization for Standardization)
14、 and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal
15、 with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC
16、 have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should b
17、e noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible fo
18、r identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the
19、convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: For
20、eword - Supplementary information The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and systems engineering. This second edition cancels and replaces the first edition (ISO/IEC 19770-5:2013), which has been technically revised. ISO/IEC
21、19770 consists of the following parts, under the general title Information technology Software asset management: Part 1: Processes and tiered assessment of conformance Part 2: Software identification tag Part 3: Software entitlement schema Part 5: Overview and vocabulary The following parts are unde
22、r preparation: Part 4: Resource Utilization Measurement (RUM) Part 7: Tag managementiv ISO/IEC 2015 All rights reservedBS ISO/IEC 19770-5:2015ISO/IEC 19770-5:2015(E) Introduction Overview International Standards in the ISO/IEC 19770 family of standards for software asset management (SAM) address bot
23、h the processes and technology for managing software assets and related IT assets. Because IT is an essential enabler for almost all activity in todays world, these standards must integrate tightly into all of IT. For example, from a process perspective, SAM standards must be able to be used with al
24、l Management System Standards, because software and software management are essential components of any modern Management System. From a technology perspective, SAM standards for information structures provide not only for data interoperability of software management data, but also provide the basis
25、 for many related benefits such as more effective security in the use of software. SAM standards for information structures also facilitate significant automation of IT functionality, such as improved authentication of software and linking to national vulnerability databases for more automated expos
26、ure identification and mitigation. SAM family of standards The ISO/IEC 19770 family of standards is intended to assist organizations of all types to implement and operate a software asset management system using both process and technology. The ISO/IEC 19770 family of standards consists of the parts
27、 listed in the Foreword. NOTE ISO/IEC 19770-4, ISO/IEC 19770-6, ISO/IEC 19770-9 and ISO/IEC 19770-10 are either related to projects that have been withdrawn, or are reserved for future use. Purpose of this part of ISO/IEC 19770 This part of ISO/IEC 19770 provides an overview of software asset manage
28、ment, which is the subject of the ISO/IEC 19770 family of standards, and defines related terms. This part of ISO/IEC 19770 is divided into the following clauses: Clause 1 is the scope; Clause 2 describes the normative references; Clause 3 describes the terms, definitions, symbols, and abbreviations;
29、 Clause 4 introduces software asset management, describes the alignment of SAM standards with other ISO and ISO/IEC standards, and defines principles of SAM processes and data structures; Clause 5 gives an overview of the SAM standards family. The terms and definitions provided in this part of ISO/I
30、EC 19770 a) cover commonly used terms and definitions in the ISO/IEC 19770 family of standards, b) will not cover all terms and definitions applied within the ISO/IEC 19770 family of standards, and c) do not limit the ISO/IEC 19770 family of standards in defining terms for their own use. To reflect
31、the changing status of the SAM family of standards, this part of ISO/IEC 19770 is expected to be updated on a more frequent basis than would normally be the case for other ISO/IEC standards. ISO/IEC 2015 All rights reserved vBS ISO/IEC 19770-5:2015BS ISO/IEC 19770-5:2015Information technology IT ass
32、et management Overview and vocabulary 1 Scope This part of ISO/IEC 19770 provides a) an overview of the ISO/IEC 19770 family of standards, b) an introduction to IT asset management (ITAM) and software asset management (SAM), c) a brief description of the foundation principles and approaches on which
33、 SAM is based, and d) consistent terms and definitions for use throughout the ISO/IEC 19770 family of standards. This part of ISO/IEC 19770 is applicable to all types of organization (e.g. commercial enterprises, government agencies, and non-profit organizations). 2 Normative references The followin
34、g documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 55000:2014, Ass
35、et management Overview, principles and terminology RFC 3986, Uniform Resource Identifier (URI): Generic Syntax, January 2005 1) 3 T erms a nd definiti ons For the purposes of this document, the following terms and definitions apply. 3.1 application system for collecting, saving, processing, and pres
36、enting data by means of a computer. SOURCE: ISO/IEC/IEEE 24765:2010, 3.119, definition 1 3.2 asset item, thing, or entity that has potential or actual value to an organization Note 1 to entry: Value can be tangible or intangible, financial, or non-financial, and includes consideration of risks and l
37、iabilities. It can be positive or negative at different stages of the asset life. Note 2 to entry: Physical assets usually refer to equipment, inventory, and properties owned by the organization. Physical assets are the opposite of intangible assets, which are non-physical assets such as leases, bra
38、nds, digital assets, use rights, licences, intellectual property rights, reputation, or agreements. Note 3 to entry: A grouping of assets referred to as an asset system could also be considered as an asset. Note 4 to entry: ISO/IEC 19770-5:2013 incorporated a slightly different definition of asset,
39、taken from a development version of ISO 55000. This definition is sourced from the published version. 1) http:/tools.ietf.org/html/rfc3986 INTERNATIONAL ST ANDARD ISO/IEC 19770-5:2015(E) ISO/IEC 2015 All rights reserved 1BS ISO/IEC 19770-5:2015ISO/IEC 19770-5:2015(E) SOURCE: ISO 55000:2014, 3.2.1, m
40、odifiedNote 4 has been added. 3.3 asset management coordinated activity of an organization to realize value from assets (3.2) SOURCE: ISO 55000:2014, 3.3.1, modified The Notes have been deleted. 3.4 baseline formally approved version of a configuration item (3.7), regardless of media, formally desig
41、nated and fixed at a specific time during the configuration items life cycle SOURCE: ISO/IEC/IEEE 24765:2010, 3.240, definition 2 3.5 bundle grouping of products which is the result of a marketing/licensing strategy to sell entitlements to multiple products as one purchased item Note 1 to entry: A b
42、undle can be referred to as a “suite”, if the products are closely related and typically integrated (such as an office suite containing a spreadsheet, word processor, presentation, and other related items). Note 2 to entry: Bundles can also refer to software titles that are less closely related such
43、 as a game, a virus scanner and a utility “bundled” together with a new computer, or to groups of entitlements, such as multiple entitlements for a backup software product. 3.6 computing device functional unit that can perform substantial computations, including numerous arithmetic operations and lo
44、gic operations with or without human intervention Note 1 to entry: A computing device can consist of a stand-alone unit, or several interconnected units. It can also be a device that provides a specific set of functions, such as a phone or a personal organizer, or more general functions such as a la
45、ptop or desktop computer. SOURCE: ISO/IEC/IEEE 24765:2010, 3.513 (computer), modified “with or” has been added to the definition. 3.7 c on f i g u r at ion i t e m CI component of an infrastructure or an item which is or will be, under control of configuration management Note 1 to entry: Configurati
46、on items may vary widely in complexity, size and type, ranging from an entire system including all hardware, software and documentation, to a single module or a minor hardware component. Note 2 to entry: Configuration items are commonly defined as part of service management practice and can vary wid
47、ely in complexity, size, and type, ranging from an entire system including all hardware, software and documentation, to a single module or a minor hardware component. SOURCE: ISO/IEC/IEEE 24765:2010, 3.563, definition 3, modified Note 2 to entry has been added 3.8 c o n f i g u r a t i o n m a n a g
48、 e m e n t d a t a b a s e CMDB database containing all the relevant details of each configuration item (3.7) and details of the important relationships between them Note 1 to entry: When aligning service management with SAM, it may be convenient for the organization to ensure that CIs cover all sof
49、tware within the scope of SAM, i.e. it may be an advantage for anticipated manifestations of controlled/licensed software usage to be fully mapped to CIs and so accountable through all the service management processes using CIs.2 ISO/IEC 2015 All rights reservedBS ISO/IEC 19770-5:2015ISO/IEC 19770-5:2015(E) SOURCE: ISO/IEC/IEEE 24765:2010, 3.566, modified Note 1 to entry has been added. 3.9 corporate board or equivalent body person or group of people who
