This standard specifies the requirements for the establishment, implementation, maintenance, and improvement of a management system for IT asset management (ITAM), referred to as an IT asset management system.
When an organization is certified to ISO/IEC 20000-1:2018 and ISO/IEC 27001:2013 they have many types of software assets they are using to support their business and their clients. To manage those assets, many organizations implement ISO/IEC 19770-1:2017 ITAM to ensure they are actively and safely managing these assets.
ISO 19770-1:2017 specifies the requirements for the establishment, implementation, maintenance and improvement of a management system for asset management, referred to as an “asset management system”.
This standard includes additional or more detailed requirements that are considered necessary for the management of IT assets.
There are a number of characteristics of IT assets which create these additional or more detailed requirements. As a result of these characteristics of IT assets, a management system for IT assets will consequently have explicit requirements dealing with:
This document can be used by any organization and can be applied to all types of IT assets.
The organization determines to which of its IT assets this document applies. This document is primarily intended for use by:
Software Asset Management (SAM) markets are dominated by some vendor-specific approaches for licensing, license management and asset optimization.
Each approach is unique and employs its terminology and technology. While this approach may foster innovation, it also results in a software consumer being required to deal with each of those vendors on a separate basis, which leads to significant inefficiencies and prevents easy comparisons.
Adopting 19770-1:2017 can greatly assist in limiting these inefficiencies and allowing comparisons due to an internationally-recognized framework for adopting and implementing ITAM.
This ISO standard allows for standardization in IT asset management by allowing for a common, standardized, and measurable approach. But the standard simultaneously allows organizations to adopt a flexible tier-based approach to ITAM. It is useful for every organization looking to ensure maximum value from IT assets while reducing a variety of IT-related risk, including security-related risks.
Having a standardized approach also allows for certification which will be useful for ensuring partners and potential partners have these processes in place; thereby reducing your risk.
This Platform is a 90-day ISO Implementation process which ISOP performs a 3-step ISO implementation. This means ISOP creates, delivers and trains the client on how to use the clients ISO manuals and completes a one-time 3rd party accredited registration audit. Each deferred Platform includes:
All which are invoiced over a 36-month payment plan.
ISOP Premiere is designed for the businesses that want both implementation and cash flow assistance, continued ISO audit support and a online Learning Management System (LMS) to continually educate their employees.
Additional ISOP Audit Manager and Learning Management System Licenses may be purchased separately.
4 audits over 3 years:
1. Certification audit;
2. First Annual surveillance audit;
3. Second Annual surveillance audit;
4. Re-certification audit.
These are performed in this sequence only if the company passes each audit.
Official ISO/IEC 17021-1:2015 answer:
Clause 9.1.3 Audit Program
188.8.131.52 The audit program for the initial certification shall include a two-stage initial audit, surveillance audits in the first and second years following the certification decision, and a re-certification audit in the third year prior to expiration of certification. The first three-year certification cycle begins with the certification decision. Subsequent cycles begin with the re-certification decision.
184.108.40.206 Surveillance audits shall be conducted at least once a calendar year, except in re-certification years. The date of the first surveillance audit following initial certification shall not be more than 12 months from the certification decision date.
Sign up to hear from us about specials, sales, and events.