Commitment Trumps Best Practice Frameworks
This article has been contributed by Rory Canavan of FAST Limited.
My current role involves going about organisations in the North of the UK and advising them on best practice in regards to software asset management. “Do we go down the FAST route? Or do we follow ITIL? Or perhaps we should consider ISO certification?” Of course, some organisations are legally bound to follow regulations pertaining to Sarbanes Oxley, or NHS Connect.
To consider software as an asset (in isolation) could be a good starting point, but as IT matures and infrastructures grow, keeping track of software could be as troublesome as platting sand. I have seen some organisations that are FAST compliant but who have taken 20 minutes to find a licence; others who say that ITIL is the way forward, yet upon closer scrutiny they have “cherry picked” the elements that serve their immediate purposes. I have also been into companies that say they are ISO 27001 compliant, but when I ask them how many installs of MS Office they have, the IT Manager concerned shuffles like a school boy awaiting punishment from a headmaster. And let’s not forget, as a publicly listed company on Wall Street Lehman Brothers was SOX compliant, and had additional constraints placed on it by the SEC.
So with all these standards abounding, and seemingly falling short, what is it that distinguishes those organisations that are well run, and perhaps those that might be ticking boxes to ensure they have a certificate on the wall?
Regardless of the approach adopted, IT should support business strategy first and foremost, but then ensure that its own strategy means it is open to scrutiny. Remember, if a software vendor comes knocking, no amount of umms and errs are going to have them looking at the next company down the street.
Once IT is comfortable supporting a business, it should then consider what operations it needs to conduct to keep performance at an optimal level, bearing in mind that change is a constant factor to watch out for. Software should be managed at every stage of its lifecycle through a company: Requisition, acquisition, testing, installation, movement/change, upgrade/transfer, retirement and finally disposal.
Whichever benchmarks are chosen to ensure that software is effectively deployed and properly utilised, do it with passion and commitment. Principles borrowed from the Deming cycle (plan, do check and act and back to plan again) should ensure that we don’t rely on facts and figures from when software was first installed, or that we trust blindly to a “true up” in a few years time. The ideas of systematic auditing and reconciliation are crucial to demonstrate not just that a company was once compliant 12 months ago, but that it is still compliant and still in control of its assets.
This article has been contributed by Rory Canavan of FAST Limited.
Related articles:
About Martin Thompson
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.
Rory makes some excellent points. All too often I see companies get tied
up in their “framework” and their tools and start relying on data that was inaccurate to begin with. That’s how million dollar surprises
happen – remember that SAM is typically a combination of automated and manual controls and consider the original source of the
information prior to relying on it.