ITAMOrg® IT Asset Management Foundation Courseware E-Book

ITAMOrg® IT Asset Management Foundation Courseware

Colophon

Title:

IT Asset Management Foundation Courseware

Author:

Jan Oeberg

Publisher:

Van Haren Publishing, ‘s-Hertogenbosch

ISBN Hard Copy:

978 94 018 0698 5

Edition:

First edition, first print, September 2020

Design:

Van Haren Publishing, ‘s-Hertogenbosch

Copyright:

© Van Haren Publishing 2020

For further information about Van Haren Publishing please e-mail us at: [email protected] or visit our website: www.vanharen.net

All rights reserved. No part of this publication may be reproduced, distributed, stored in a data processing system or Published in any form by print, photocopy or any other means whatsoever without the prior written Consent of the authors and publisher.

Regulations and ISO-standards

Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from ITAMOrg.

Any references to ISO-standards in this material are made based on permission to do so given to ITAMOrg by the Danish ISO member body, Fonden Dansk Standard.

Copyright and Trademarks

Trademarks, Source books information

The content is a high-level description of each Frameworks, Methodology, and Practice which are referred to in the ITAMOrg guidance based on public information.

ITAMF is a registered trademark of ITAMOrg, used under permission of ITAMOrg Limited. All rights reserved.

ITIL® is a registered trademark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved.

Publisher about the Courseware

The Courseware was created by experts from the industry who served as the author(s) for this publication. The input for the material is based on existing publications and the experience and expertise of the author(s). The material has been revised by trainers who also have experience working with the material. Close attention was also paid to the key learning points to ensure what needs to be mastered.

The objective of the courseware is to provide maximum support to the trainer and to the student, during his or her training. The material has a modular structure and according to the author(s) has the highest success rate should the student opt for examination. The Courseware is also accredited for this reason, wherever applicable.

In order to satisfy the requirements for accreditation the material must meet certain quality standards. The structure, the use of certain terms, diagrams and references are all part of this accreditation. Additionally, the material must be made available to each student in order to obtain full accreditation. To optimally support the trainer and the participant of the training assignments, practice exams and results are provided with the material.

Direct reference to advised literature is also regularly covered in the sheets so that students can find additional information concerning a particular topic. The decision to leave out notes pages from the Courseware was to encourage students to take notes throughout the material.

Although the courseware is complete, the possibility that the trainer deviates from the structure of the sheets or chooses to not refer to all the sheets or commands does exist. The student always has the possibility to cover these topics and go through them on their own time. It is recommended to follow the structure of the courseware and publications for maximum exam preparation.

The courseware and the recommended literature are the perfect combination to learn and understand the theory.

-- Van Haren Publishing

Other publications by Van Haren Publishing

Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards within four domains:

- IT and IT Management

- Architecture (Enterprise and IT)

- Business Management and

- Project Management

Van Haren Publishing is also publishing on behalf of leading organizations and companies: ASLBiSL Foundation, BRMI, CA, Centre Henri Tudor, Gaming Works, IACCM, IAOP, IFDC, Innovation Value Institute, IPMA-NL, ITSqc, NAF, KNVI, PMI-NL, PON, The Open Group, The SOX Institute.

Topics are (per domain):

IT and IT Management

ABC of ICT

ASL®

CATS CM®

CMMI®

COBIT®

e-CF

ISO/IEC 20000

ISO/IEC 27001/27002

ISPL

IT4IT®

IT-CMFTM

IT Service CMM

ITIL®

MOF

MSF

SABSA

SAF

SIAMTM

TRIM

VeriSMTM

Enterprise Architecture

ArchiMate®

GEA®

Novius Architectuur

Methode

TOGAF®

Business Management

BABOK ® Guide

BiSL® and BiSL® Next

BRMBOKTM

BTF

EFQM

eSCM

IACCM

ISA-95

ISO 9000/9001

OPBOK

SixSigma

SOX

SqEME®

Project Management

A4-Projectmanagement

DSDM/Atern

ICB / NCB

ISO 21500

MINCE®

M_o_R®

MSP®

P3O®

PMBOK ® Guide

Praxis®

PRINCE2®

For the latest information on VHP publications, visit our website: www.vanharen.net.

Content – (ITAMF) IT Asset Management Foundation

Reflection

Agenda

Unit 1 – Introduction to ITAMF Course

IT Asset Management Introduction

Learning Objectives

Agenda

Get more information

ITAM definitions

Standards and best practices

ITAM Models

Quiz – what to remember

Answers and rationales

Unit 2 – Introduction to Hardware Asset Management

Hardware Asset Management Introduction

Learning Objectives

Hardware Asset Management definition

Hardware Asset Management lifecycle

Hardware disposal

Hardware leasing

Mobile Device Management

Quiz – what to remember

Answers and rationales

Unit 3 – Introduction to Software Asset Management

Software Asset Management Introduction

Learning Objectives

Software Asset Management definition

Software Asset Management lifecycle

Compliance

Software Audits

Software Asset Management processes

Process implementation approach

Quiz – what to remember

Answers and rationales

Unit 4 – Introduction to Service & Cloud

Service & Cloud Asset Management Introduction

Learning Objectives

Service & Cloud Asset Management definition

Services and Cloud Concept

Service & Cloud concept

Service & Cloud processes

Process implementation approach

Service & Cloud Compliance

Quiz – what to remember

Answers and rationales

Unit 5 – Introduction to People & Information Asset Management

People & Information Asset Management Introduction

Learning Objectives

People & Information Asset Management definition

Concept

Guiding Principles

Processes

Policies

Technologies

ISO27001

Services & Cloud and BOYD

Quiz – what to remember

Answers and rationales

Unit 6 – IT Asset Management interfaces

IT Asset Management interfaces Introduction

Learning Objectives

IT Asset Management approach

Example of IT Asset Manager job description

Governance

IT Asset Management preparation

Awareness and responsibility

Quiz – what to remember

Answers and rationales

ITAMF Sample Certification Paper A

ITAMF Correct Answers - Paper A

Syllabus

Self-Reflection of understanding Diagram

‘What you do not measure, you cannot control.’’ – Tom Peters

Fill in this diagram to self-evaluate your understanding of the material. This is an evaluation of how well you know the material and how well you understand it. In order to pass the exam successfully you should be aiming to reach the higher end of Level 3. If you really want to become a pro, then you should be aiming for Level 4. Your overall level of understanding will naturally follow the learning curve. So, it’s important to keep track of where you are at each point of the training and address any areas of difficulty.

Based on where you are within the Self-Reflection of Understanding diagram you can evaluate the progress of your own training.

Write down the problem areas that you are still having difficulty with so that you can consolidate them yourself, or with your trainer. After you have had a look at these, then you should evaluate to see if you now have a better understanding of where you actually are on the learning curve.

INDICATIVE AGENDA OF COURSE

This agenda is indicative only for students in IT Asset Management Foundation course. The agenda shows what is expected to be reviewed during a day. Times are flexible as teaching is dynamic and there must be room and opportunity for questions and talk that may be expected to occur as part of an ITAM Foundation course.

Day 1

Start

End

Introduction to IT Asset Management

09:00

11:00

Hardware Asset Management

11:00

12:00

Lunch

12:00

12:45

Hardware Asset Management cont.

12:45

14:00

Break

14:00

14:15

Software Asset Management

14:15

16:30

Key findings and questions

16:30

17:00

Day 2

Start

End

Services and Cloud Asset Management

09:00

11:15

People and information Asset Management (cont.)

11:15

12:15

Lunch

12:15

13:00

People and information Asset Management (cont.)

13:00

14:15

Break

14:15

14:30

IT Asset Management Interfaces

14:30

15:00

Exam preparation

15:00

15:15

Break

15:15

15:30

Exam

15.30

16.30

Unit 1 – Introduction to IT Asset Management

Learning Objectives

Agenda

Get more Information

ISO19770 (Standard for IT Asset Management)

Www.iso19770.org

ITIL4 – ITAM practices

https://www.axelos.com/welcome-to-itil-4

ITAM News and fees

www.itamchannel.com

ITAMOrg memberships and activities

www.itamorg.com

ITAM definitions

IT asset management (ITAM) is defined by a set of business principles that link technology and business strategy together.

Assets include all elements of software and hardware in the business environment, e.g. software contracts are viewed as a financial asset.

The purpose of ITAM includes improved efficiency, reduced waste, optimal use of the IT resources

The lifecycle from planning to disposal/or redistribution of hardware and software (licenses).

A successful ITAM program starts with planning and analysis of the organisational needs. E.g. Required IT assets to support sales, production, management etc. Documentation of the assets inhouse and awareness of redistribution potentials instead of disposal. How to avoid unnecessary asset purchases and under or over-licensing?

The area types cannot be separated due to their tight relation and their importance for the workflow in an organisation.

Many businesses, however, are characterised by a silo approach and mentality within these key ITAM areas. Thus, they miss optimisation potential and knowledge sharing that can lead to too many assets being procured or misunderstandings and pitfalls concerning the licensed needed for both mobile devices, Cloud, and hardware.

Key areas 1 and 2. The areas and their relationships will be expanded upon during the next two days. Hardware topics will also concern issues such as employees bringing their own mobile devices (BYOD).

You cannot use hardware without software and vice versa. Nevertheless, management of the two asset areas are characterised by different best practices and methods due to the significant differences in the procurement, implementation and disposal processes. The objective of the ITAM program is to link the two areas in the overall business management. This involves gathering detailed hardware and software inventory information, which is then used to make decisions about asset purchases and redistribution.

Key areas 3 and 4. These areas are also closely related to both hardware and software. At the same time, SEAM and PINAM can be associated with more service and policy related issues concerning availability, data hosting, differentiated access regulations depending on user types and functions.

A successful ITAM program enables organisations to manage their systems more efficiently and saves time and money by optimising existing resources and avoiding unnecessary asset purchases. Furthermore, the organisation can minimise financial and security risks by keeping the IT portfolio infrastructure up to date instead of incomplete and/or less accurate. Thus, a successful ITAM program is planned with respect to the key business drivers in the organisation in order to ensure coherence between acquisitions, implementations, licenses, policies and the long-term business strategies throughout the organisation by

▪ Forming an important element in a business strategy focusing on improved security and IT business value

▪ Enabling knowledge and information-based decisions about IT changes and strategies with respect to the key business drivers

▪ Ensuring proactive contract management and effective forecasting and planning for hardware and software replacements and purchases

▪ Aligning IT opportunities, performances, costs, risks with the organisational objectives to ensure business continuity and cost control

The stakeholders interfacing with the IT asset.

Sharing knowledge across functions and departments is indispensable to align the IT asset strategy with the needs and objectives of the organisation.

Even though the IT assets are crucial for the workflow and achievement of the organisational KPI’s, many businesses work with a silo approach between the IT service department, end-users, and management,

For instance, when signing a new asset contract (software licenses or hardware), expenses can be saved by taking the next years of organisational plans into account in order to apply long term purchases rather than purchasing software on an ad-hoc basis. The lack of long-term planning often leads to over disposal and unnecessary purchases when a new business strategy is submitted.

This is a key point in the understanding of ITAM: It is crucial to take all stakeholders, both external and internal, into account when managing IT assets.

•Corporate/board of directors: Responsibility toward owners and shareholders, financial responsibility, ensure growth and more for less”, defines business values, strategy, mission, and vision

•Management: Financial goals, sales budgets. Ensures that policies and strategy are implemented and that required processes are correctly followed, etc.

•Finance: Cost control, invoicing, budget planning and forecasting etc.

•Purchasing department: Can be a part of finance, but the purchasers are often located in different departments defined by business areas or in their own department. Solves purchase queries, purchase optimisation, contract agreements and negotiations

•Legal: Management of larger contracts, documentation, ensures that regulations and directives are obeyed (both towards society and publishers)

•IT department: Ensures the IT workflow and system implementation and maintenance, sustainable systems through long term IT planning and strategies. A key point here is knowledge sharing and alignment with the relevant key people in the organisation in relation to budget planning, acquisitions, business strategy, end user needs, etc.

•End-users: Represent the workforce and resources in the business using the IT assets to realise the business value. Request stable, secure, and sustainable IT systems and data access. Employees are increasingly demanding more and more independence in terms of bringing their own (mobile) devices and accessing IT systems, business information and infrastructure from home/outside the enterprise. This tendency raises issues of security policies, license management and availability - issues related to ITAM management

•Corporate Governance: The overarching area that links IT and the business together and ensures that the organisation has executed the strategy on all levels. Governance defines the collective directions, policies, and rules that the business and IT use to conduct their business. Governance should evaluate, direct, and monitor the strategy, policies and plans of an organisation. Governance includes defining roles and responsibilities, measuring, and reporting, and taking actions to resolve any issues identified

In addition, the stakeholders outside the enterprise need to be considered:

•Society surrounding the enterprise. The legislation and control representing copyrights, publication policies etc., that needs attention to avoid violation of laws and regulations. Examples where society has an impact on the IT approach: Regulations regarding CPR numbers in DK, the public register, medical industry, financial industry, DS 484, Sarbanes-Oxley

•Customers: External access to systems and IT platforms delivered by the enterprise – requires data-protection; availability and security policies; user-friendly interfaces etc., issues crucial for the revenue.

•Vendors and distributors: Are both often regarded as an advisor – but the vendors are basically salesmen with a budget and not neutral advisors

•Publishers: Producing and developing assets and they often define copyrights and license regulations etc. Therefore, these stakeholders can be associated with financial risks in terms of non-compliance, contract violation, etc.

•Partners: Related to electronic exchange of data, copyright issues, system alignments, data sharing and security issues, etc.

A key component in ITAM is to understand the goals, motivation, and key drivers of these different stakeholders inside and outside the enterprise. This knowledge enables clear and proactive communication, planning and information sharing to the benefit of the business and workflow.

This picture can be viewed in two ways – which one do you see first? Moreover, can you see the other?

Like a picture with several perspectives, a computer is also associated with various meanings depending on the individual looking at it.

Another way of saying it is:

If you are only equipped with a hammer, you will regard all problems as nails.

The point is that we all have different approaches to an area (corresponding to our knowledge, area of expertise and responsibility.)

Like a picture with several perspectives, a computer is also associated with various meanings depending on the individual looking at it. You need to be aware of the IT assets from different perspectives. Their impact on the business and how to link these areas and goals to ensure an increased IT business value, contributing to the overall business strategy.

The finance department regards the computer as a financial asset, while legal thinks of licenses, the IT department about service and tools and the end user as a working tool.

Managing IT assets is crucial to understanding these different points of views to avoid silo pitfalls. It is important to point out the IT key roles across functions and to ensure knowledge and information sharing.

Examples:

• If the IT department thinks of the computer as a tool to fix without taking the software licensing into account, they might install software as a service to the end-user, without paying attention to the license regulations. Thus, the enterprise runs an increased financial and legal risk

• The IT department stores broken and old hardware assets/computers in the basement without uninstalling the software. They do not have the knowledge about license regulations and thereby they increase the risk of non-compliance: In legal terms, the company is still using the licenses installed, despite the fact that the hardware asset is not in use

• The financial or procurement department seeing the computer as a financial asset, signs a new software contract without knowing the new IT strategy for the next two years. As a result, they overspend because the need to buy more licenses the year after, which initially could have been a part of an overall enterprise agreement

• The end user has his working tool, but also wishes to access the company network from home. Maybe the IT department helps him to access the network from his smartphone. They do not take security and legal precautions into account, such as data protection and the complex compliance regulations related to network access

The objective of ITAM is to ensure the communication between these three areas.

The Bermuda Triangle of SAM:

The tips and tricks mentioned below should help you to make sure that any data that gets entered into your SAM suite has passed through several quality assurance hoops before being considered fit for purpose, but one area that isn’t covered in best practice guides or standards is that of cooperation between departments, and this is what I like to call the Bermuda Triangle of SAM.

An employee within a company makes a request for the technology stack to underpin the major project he/she is charged with implementing. All they know is that they need a database at the back end of this technology stack, and so they make a recommendation to the business to go ahead and purchase the necessary hardware and software.

Procurement will check that the sum of the cost of the technology stack does not exceed set budgetary limits, but probably won’t make any checks to see whether the software already exists within the license pool.

The deployment/apps packaging team might receive notification of the requirement to deploy the software from the requested, and typically they will set about benchmarking the technology stack without either A: Checking for licensing to ensure that it is ok to deploy the database mentioned above, or B: to concern themselves with the architecture of the technology stack to ensure that virtualization does not invalidate any license that might eventually appear, or C: to check that the exact instance, version, edition and release of that database matches what they might keen to deploy “because we already have that database packaged and ready to go”.

So when a software vendor comes knocking, their request is received in all three departments and very quickly presents that company with a perfect storm.

1. Software Requests should have to get line management approval (to cut down on desktop envy, i.e. “my colleague got software title X, therefore I NEED it too”).

2. Licence Checks should be factored into any server/datacentre change management requests

3.When disposing of hardware, use your hardware disposal certificates as flags to remove those devices from your inventory tool

4. Recycle software if it is not used after xx no. of days (xx is a judgement call on your part)

5. Large-scale software deployments should be assessed for the quantity of total deployments achieved

6. Large-scale software deployments should be assessed for the intended devices against which they were supposed to be delivered to

7. SAM should be the driving force behind the creation and maintenance of a Supported Software Catalogue – these places a technical scope to the software that your SAM Framework should be looking after

8. Your Supported Software Catalogue should go through a further “rationalisation” process, to ensure that titles are compared to one another to derive a company standard (i.e. how many pdf readers does your company need?)

9. If you maintain a CMDB, ensure that you update your device schemas as titles get added or removed from your Supported Software Catalogue

10. Ensure you compare your inventory footprint to an equivalent source of IT inventory to corroborate you are capturing all devices in scope (e.g. comparing devices from your inventory system to the devices in your anti-virus system)This list is not exhaustive, but hopefully will get you thinking about data management and the impact change can have on that data

Standards and best practices

The application of an asset management system provides assurance that the objectives can be achieved consistently and sustainably over time.