ISO/IEC 19770-1:2017 Information technology — IT asset management Part 1: IT asset management systems — Requirements specifies requirements for an IT asset management system within the context of an organization. The standard can be applied to all types of IT assets and by all types and sizes of organizations.
ISO/IEC 19770-1 is intended to be used for managing IT assets, but it can be applied to other asset types. It could be suitable, in whole or in part, for managing embedded software and firmware. The standard is not intended for managing information assets as independent of hardware and software assets.
The standard does not specify financial, accounting, or technical requirements for managing specific IT asset types.
Table of Contents
| Introduction |
| 1 Scope |
| 1.1 Purpose |
| 1.2 Field of application |
| 1.3 Limitations |
| 2 Normative references |
| 3 Terms and definitions |
| 4 Context of the organization |
| 4.1 Understanding the organization and its context |
| 4.2 Understanding the needs and expectations of stakeholders |
| 4.3 Determining the scope of the IT asset management system |
| 4.4 IT asset management system |
| 5 Leadership |
| 5.1 Leadership and commitment |
| 5.2 Policy |
| 5.3 Organizational roles, responsibilities and authorities |
| 6 Planning |
| 6.1 Actions to address risks and opportunities for the IT asset management system |
| 6.2 IT asset management objectives and planning to achieve them |
| 7 Support |
| 7.1 Resources |
| 7.2 Competence |
| 7.3 Awareness |
| 7.4 Communication |
| 7.5 Information requirements |
| 7.6 Documented information |
| 8 Operation |
| 8.1 Operational planning and control |
| 8.2 Management of change |
| 8.3 Core data management |
| 8.4 License management |
| 8.5 Security management |
| 8.6 Other processes |
| 8.7 Outsourcing and services |
| 8.8 Mixed responsibilities between the organization and its personnel |
| 9 Performance evaluation |
| 9.1 Monitoring, measurement, analysis and evaluation |
| 9.2 Internal audit |
| 9.3 Management review |
| 10 Improvement |
| 10.1 Nonconformity and corrective action |
| 10.2 Preventive action |
| 10.3 Continual improvement |
| Annex A IT asset management operation processes and objectives |
| Annex B IT asset management tiers |
| Annex C Characteristics of IT Assets |
| Annex D Changes from ISO 55001 |
Implementation
Implementing an IT Asset Management (ITAM) system in conformity with ISO/IEC 19770 Part 1 involves several key steps.
Here are those steps.
Leadership and Commitment
- Demonstrate leadership commitment to IT asset management within the organization.
- Establish a policy that aligns with organizational goals for effective IT asset management.
Scope and Context
- Determine the scope of the ITAM.
- Understand the internal and external context, including legal and regulatory requirements related to IT asset management.
Legal and Regulatory Compliance
- Identify and comply with relevant legal and regulatory requirements related to IT asset management.
- Stay informed about changes in legislation that may impact IT asset management.
IT Asset Management Policy
Develop an IT asset management policy that outlines the organization’s commitment to effective management of IT assets.
Asset Identification and Classification
- Establish processes for the identification and classification of IT assets.
- Develop a comprehensive inventory of hardware, software, and associated components.
Asset Lifecycle Management
- Implement processes for managing the entire lifecycle of IT assets, from acquisition to disposal.
- Define clear procedures for asset procurement, deployment, maintenance, and retirement.
Data Accuracy and Integrity
- Ensure the accuracy and integrity of data in the ITAM.
- Regularly update asset information and conduct audits for data accuracy.
Access Controls and Security
- Implement access controls to ensure that only authorized personnel have access to IT asset management information.
- Establish security measures to protect sensitive data related to IT assets.
Software License Management
- Implement effective software license management processes.
- Ensure compliance with software licensing agreements and optimize software usage.
Documentation and Record-Keeping
- Develop and maintain documentation related to IT asset management policies, procedures, and practices.
- Keep records of asset acquisitions, deployments, changes, and disposals.
Training and Awareness
- Provide training to employees on IT asset management policies, procedures, and best practices.
- Raise awareness about the importance of accurate asset tracking and compliance.
Vendor Management
- Establish processes for managing relationships with IT asset vendors.
- Ensure effective communication with vendors regarding asset information, updates, and support.
Audit and Compliance Checks
- Conduct regular internal audits to assess compliance with IT asset management policies and procedures.
- Ensure that audits cover relevant legal and regulatory requirements.
Continual Improvement
- Establish processes for continual improvement of IT asset management practices.
- Regularly review and update asset management processes based on feedback and changing requirements.
Integration with Other IT Management Systems
Integrate IT asset management with other relevant IT management systems, such as IT service management or information security management.
Monitoring and Measurement
- Implement systems for monitoring and measuring IT asset management performance.
- Regularly assess the organization’s compliance with ITAM objectives and targets.
Communication and Stakeholder Engagement
- Communicate IT asset management policies and practices to relevant stakeholders.
- Engage with internal and external stakeholders to ensure collaboration and support.
In conclusion…
By following these steps, organizations can implement an effective ITAM system in conformity with ISO/IEC 19770-1. Regular reviews and updates are crucial to ensuring the continued effectiveness and relevance of IT asset management practices.
ISO 19770-1 can be purchased through the ISO.org website.
This Post Has 0 Comments