ITAMOrg® Software Asset Management Specialist Courseware E-Book

ITAMOrg® Software Asset Management Specialist Courseware

Colophon

Title:

ITAMOrg® Software Asset Management Specialist Courseware

Author:

Jan Øberg

Publisher:

Van Haren Publishing, ‘s-Hertogenbosch

ISBN Hard Copy:

978 94 018 0719 7

Edition:

First edition, first print, October 2020

Design:

Van Haren Publishing, ‘s-Hertogenbosch

Copyright:

© Van Haren Publishing 2020

For further information about Van Haren Publishing please e-mail us at: [email protected] or visit our website: www.vanharen.net

All rights reserved. No part of this publication may be reproduced, distributed, stored in a data processing system or Published in any form by print, photocopy or any other means whatsoever without the prior written Consent of the authors and publisher.

Regulations and ISO-standards

Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from ITAMOrg.

Any references to ISO-standards in this material are made based on permission to do so given to ITAMOrg by the Danish ISO member body, Fonden Dansk Standard.

Copyright and Trademarks

Trademarks, Source books information

The content is a high-level description of each Frameworks, Methodology, and Practice which are referred to in the ITAMOrg guidance based on public information.

ITAMF is a registered trademark of ITAMOrg, used under permission of ITAMOrg Limited. All rights reserved.

ITIL® is a registered trademark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved.

Publisher about the Courseware

The Courseware was created by experts from the industry who served as the author(s) for this publication. The input for the material is based on existing publications and the experience and expertise of the author(s). The material has been revised by trainers who also have experience working with the material. Close attention was also paid to the key learning points to ensure what needs to be mastered.

The objective of the courseware is to provide maximum support to the trainer and to the student, during his or her training. The material has a modular structure and according to the author(s) has the highest success rate should the student opt for examination. The Courseware is also accredited for this reason, wherever applicable.

In order to satisfy the requirements for accreditation the material must meet certain quality standards. The structure, the use of certain terms, diagrams and references are all part of this accreditation. Additionally, the material must be made available to each student in order to obtain full accreditation. To optimally support the trainer and the participant of the training assignments, practice exams and results are provided with the material.

Direct reference to advised literature is also regularly covered in the sheets so that students can find additional information concerning a particular topic. The decision to leave out notes pages from the Courseware was to encourage students to take notes throughout the material.

Although the courseware is complete, the possibility that the trainer deviates from the structure of the sheets or chooses to not refer to all the sheets or commands does exist. The student always has the possibility to cover these topics and go through them on their own time. It is recommended to follow the structure of the courseware and publications for maximum exam preparation.

The courseware and the recommended literature are the perfect combination to learn and understand the theory.

-- Van Haren Publishing

Other publications by Van Haren Publishing

Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards within four domains:

- IT and IT Management

- Architecture (Enterprise and IT)

- Business Management and

- Project Management

Van Haren Publishing is also publishing on behalf of leading organizations and companies: ASLBiSL Foundation, BRMI, CA, Centre Henri Tudor, Gaming Works, IACCM, IAOP, IFDC, Innovation Value Institute, IPMA-NL, ITSqc, NAF, KNVI, PMI-NL, PON, The Open Group, The SOX Institute.

Topics are (per domain):

IT and IT Management

ABC of ICT

ASL®

CATS CM®

CMMI®

COBIT®

e-CF

ISO/IEC 20000

ISO/IEC 27001/27002

ISPL

IT4IT®

IT-CMFTM

IT Service CMM

ITIL®

MOF

MSF

SABSA

SAF

SIAMTM

TRIM

VeriSMTM

Enterprise Architecture

ArchiMate®

GEA®

Novius Architectuur

Methode

TOGAF®

Business Management

BABOK ® Guide

BiSL® and BiSL® Next

BRMBOKTM

BTF

EFQM

eSCM

IACCM

ISA-95

ISO 9000/9001

OPBOK

SixSigma

SOX

SqEME®

Project Management

A4-Projectmanagement

DSDM/Atern

ICB / NCB

ISO 21500

MINCE®

M_o_R®

MSP®

P3O®

PMBOK ® Guide

Praxis®

PRINCE2®

For the latest information on VHP publications, visit our website: www.vanharen.net.

Table of Content

Reflection

Agenda

Introduction to SAM Course

Safety

Involvement

Present yourself

Course objectives

Challenges

Outline

Certification

Get more Information

Unit 1 - Key concept of SAM

Learning objectives

Why SAM

SAM Governance

ITAM dimensions

Organization and People

Information and technology

Partners and suppliers

Processes and value

External influence of the dimensions

Purpose of Software Management

Scope of Software Asset Management

Objective of Software Asset Management

Software Asset Management principles

Software Asset Management Activities

Alignment between ITAM vs. ITSM vs. ITSS

Potential problems with SAM

Challenge to organize SAM

Objective of Software Asset Management

Objective of Risk Management

SAM benefits of managing risk

SAM benefits of managing cost

Compliance

Definition – Compliance

SAM compliance myths

SAM non-compliance

Asset disposal and compliance

External stakeholders

Software industry

Anti-piracy organizations

Software

Definition of Software

Benefits of Software Assets

Characteristics of Software Assets

Potential problems with Software Assets

Licenses

Definition - ‘Proof of License’

Definition Licenses

Required Licenses documentation

Types of licenses

Physical management of licenses

Legal and Audit

Legal context

Content of Terms and Conditions

Violation

Risk of legislation

Definition – Software Audit

Statistic - Unlicensed software

Value of Unlicensed software

Consequence of violation or audit

PUB Quiz

PUB Quiz – answer

Unit 2 - SAM principals

Learning objectives

ISO19770

ISO19770 purpose

ISO19770 family

ISO19770-1 Asset types

ITAM System maturity implementation model

ITAM process areas by process type

ITAM process areas by tier

Processes

Process definition

Objective policies; processes; procedures

Process characteristics

Definition – CSF and KPI

Performance Metrics and Continual Improvement

Example CSF and KPI

Example of KPI

Change (Organizational & People)

Definition of a Change

Change People and organization

Change people and organization (low maturity)

Change people and organization (high maturity)

People & Organizational Change (ABC)

Policies

Definition – Policies

Policies and procedures

Creating policies

Example: Creating a SAM Governance policy

Example: Creating a SAM compliance policy

Roles and Responsibilities

Purpose of Roles and Responsibilities

Objective of Roles and Responsibilities

Definition – RACI

RACI structure

Example: RACI matrix

Definition – Function

Definition Roles

Objective SAM competencies

Generic Roles

Primary Roles

Complementary Roles

SAM Business Case

Purpose of Business case

Objective of a SAM Business Case

What is a Business case?

Content of a SAM Business case

Approach to the SAM Business case

Develop and maintain the SAM Business case

Develop the SAM Business case

Investigate the issues

Pub Quiz

Correct answers to PUB quiz

End of Day 1

Unit 3 - SAM Practices

SAM implementation approach

Objective planning for SAM

Implementation approach

ITAM Processes by Process type

IT Asset Functional Management Process Area

Practical definition

SAM information structure

SAM preparing implementation

SAM Continual improvement

SAM project verification

SAM Case study

Company Information

Situation and Challenge

Exercise

Exercise highlight findings

Unit 4 - SAM Implementation Tier 1 practice

Learning objectives

Objective and scope at Tier 1

Outcome of Tier 1 implementation

Identify GAPs between Tier 0 and Tier 1

SAM Tier 1 processes

Objective of Change Management

Objective Core Data Management

Core data

Objective License Management

Objective Security Management

Specific roles at Tier 1

Roles and responsibilities at Tier 1

Exercise Tier 1 – RACI

Risk Assessment of Tier 1

Exercise Tier 1 - Risk Assessment

Keep it simple and practical

Optimize

Automate

Automation and tooling

Optimize and Automate

Policies at Tier 1

Approach to Policies and procedures

Competences at Tier 1

Planning for SAM at Tier 1

Core processes at Tier 1

Objective SAM Asset Identification

SAM Asset identification

Objective of SAM inventory

SAM Asset Inventory Management

SAM lifecycle and maintenance

Objective SAM Asset record verification

SAM Asset record verification

Objective SAM license compliance

SAM License compliance

SAM Compliance report

Tier 1 implementation outcome

SAM conformance verification

SAM Tier 1 outcome

Exercise Tier 1 implementation

PUB Quiz

Answers PUB Quiz

Unit 5 - SAM Implementation Tier 2 practices

Learning objectives

Current situation

Objective and scope Tier 2

Outcome Tier 2

SAM Tier 2 processes

Identify GAPs between Tier 1 and Tier 2

Exercise Tier 2 implementation

Objective Specification

Specification considerations

Objective Acquisition

SAM Acquisition activities

Acquisition considerations

Objective Development

Value stream for development

Objective Release Management

Release Management process

Release Planning

Objective Deployment Management

Prepare for Deployment

SAM Deployment options

Deployment activities 1

Deployment activities 2

Verify deployment

Objective Operation Management

Operation Management activities

Service Catalogue vs. Request fulfillment

Service Request Management Process

Service Request Management recommendations

Service Request Management Considerations

Objective Retirement Management

Retirement activities

Specific roles at Tier 2 (additional to Tier 2)

Competences at Tier 2

SAM Conformance Verification

SAM Tier 2 outcome

Exercise Tier 2 implementation

PUB Quiz

Answers PUB Quiz

End of day 2

Unit 6 - SAM Implementation Tier 3 practice

Learning objectives

Current situation

Objective and scope at Tier 3

Outcome at Tier 3

SAM Tier 3 processes

Identify GABs between Tier 2 and Tier 3

Exercise Tier 3 implementation

Objective Relationship and contract Management

Relationship Management

Relationship Management activities

Relationship Management value

Relationship Management policies

Relationship Management processes

Contract Negotiation

Objectives Contract Negotiation

Strategies for Planning Contract Negotiations

Objectives Financial Management

Financial Management

SAM Funding

Financial Management activities

Objective Service Level Management

Service Level Agreement

Service Level Management activities

Service Level Management policies

Service Level Management lifecycle

Service Level Management – SLA content

Service Level Management – CSF / KPI

Specific roles at Tier 3

Competences at Tier 3

SAM Conformance verification Tier 3

SAM Tier 3 outcome

Exercise Tier 3 implementation

PUB Quiz

Answers PUB Quiz

Syllabus

Self-Reflection of understanding Diagram

‘What you do not measure, you cannot control.’’ – Tom Peters

Fill in this diagram to self-evaluate your understanding of the material. This is an evaluation of how well you know the material and how well you understand it. In order to pass the exam successfully you should be aiming to reach the higher end of Level 3. If you really want to become a pro, then you should be aiming for Level 4. Your overall level of understanding will naturally follow the learning curve. So, it’s important to keep track of where you are at each point of the training and address any areas of difficulty.

Based on where you are within the Self-Reflection of Understanding diagram you can evaluate the progress of your own training.

Write down the problem areas that you are still having difficulty with so that you can consolidate them yourself, or with your trainer. After you have had a look at these, then you should evaluate to see if you now have a better understanding of where you actually are on the learning curve.

INDICATIVE AGENDA OF COURSE

This agenda is indicative only for students in Software Asset Management practitioner course. The agenda shows what is expected to be reviewed during a day. Times are flexible as teaching is dynamic and there must be room and opportunity for questions and talk that may be expected to occur as part of an SAM course.

Day 1

Start

End

Introduction to course

09:00

09:45

Key concept of SAM

09.45

10.30

Break

10.30

10.45

Key Concept of SAM cont.

10.45

12.00

Lunch

12.00

12.45

Key Concept of SAM cont.

12.45

13.30

SAM Principals

13:30

14:45

Break

14.45

15.00

SAM Principals cont.

15:00

17:00

Day 2

Start

End

Introduction to day 2 SAM course

09:00

09.15

SAM practices

09.15

10.15

Break

10.15

10.30

SAM implementation Tier 1 practices

10.30

12.00

Lunch

12.00

12.45

SAM implementation Tier 1 practices cont.

12.45

14.00

Break

14.00

14.15

SAM implementation Tier 2 practices cont.

14:15

17.00

Day 3

Start

End

Introduction to day 3 SAM course

09:00

09.15

SAM implementation Tier 3 practices

09.15

10.30

Break

10.30

10.45

SAM implementation Tier 3 practices cont.

10.45

12.00

Lunch

12.00

12.45

QA SAM course

12.45

13.15

EXAM preparation and Moch Exam

13.15

14.30

Break

14.30

14.45

Preparation and examination

14.45

16.00

Welcome

Safety

Introduction to SAM Course

Involvement

Present yourself

Course objectives

Challenges

Outline

Certification

Get more Information

ISO19770 (Standard for IT Asset Management)

Www.iso19770.org

ITIL4 – ITAM practices

https://www.axelos.com/welcome-to-itil-4

ITAM News and fees

www.itamchannel.com

ITAMOrg memberships and activities

www.itamorg.com

Unit 1 - Key concept of SAM

Learning objectives

ITAMOrg has developed this Software Asset Management Best Practice approach to clarify what Software Asset Management is. Best practice SAM has been created to reach its goals as efficiently as possible. Software Asset Management best practice can be tailored to fit any organisation, regardless of its size.

Software Asset Management is an important part of IT Service Management and must be understood in this context. The Software Asset Management database is a logical part of the Configuration Management System, which supports all the IT Service Management strategy.

Why SAM

• Investment in software to support Business processes

• Software is the most important and critical element in IT from a Risk and Cost perspective

• Software need to be managed and controlled

• Software shall be protected and either with the purpose of protection of the value and for protection of Suppliers IP

SAM Governance

Good Corporate Governance

Good governance ensures that policies and plans are implemented and supported by processes which are being followed and includes defined roles and responsibilities that are allocated and accepted within the organization. The focus is on continuous improvement based on monitoring and reporting of progress.

Good governance is when IT can show how it supports business operations and innovation. Governance defines a common direction, policies, and regulations that business and IT jointly implement. Governance evaluates, monitors, and manages the strategy, policies and plans of the organization.

IT Governance

Software's role and importance has changed dramatically in recent years. Software today is a critical business asset and must be managed as such. Software Asset Management has now become an imperative and not an option.

Software licenses are company assets - without them, business management expose their business to unnecessary legal and financial risk. IT governance is about supporting the business in its cost allocation, optimization, and minimization of risk.

The success of a software asset management strategy is dependent on its alignment to the overall governance structure which provides guidance to build up structures and processes according to how they want the organization to work

Governance of Software Asset Management is applicable to a constantly managed approach at all organizational levels. It begins with setting a clear Software Management strategy, followed of policies to deliver the strategy to an agreed scope.

ITAM dimensions

Every dimension is affected by multiple factors

• Organizations should have a holistically view of all aspects of their behavior to create value

• Processes should be implemented cross the organization and support the SAM team to create value

• Information and technology should handle SAM data through SAM- or relevant tools to create value

• Partners and supplier should be controlled and managed through reliable contracts to create value

Organization and People

To support a holistic approach to service management, ITIL defines four dimensions of service management that collectively are critical to the effective and efficient facilitation of value for customers and other stakeholders in the form of products and services. These are:

•Organizations and people include design and implementation of:

• Culture

• Transparency

• Trust

• Skills

• Experience

• Education

• Training

• Common goals

•Information and technology design and implementation of:

• Strategy

• Compliance

• Compatibility

• Information in services

• Information security

• Technical interfaces

• Skills

• Risks and limitations

•Partners and suppliers design and implementation of:

• Suppliers of goods

• Suppliers of services

• Partners

• Contracts

• Managing resources

• Costs

• Skills

• Demand

•Value streams and processes design and implementation of

• Value streams

• Processes

• Managing demand

• Input and output

• Process integration

• Roles

• Responsibilities

• Value

Structure and systems of authority are not, by themselves, enough to improve organizational effectiveness. The organization also needs a culture that supports its objectives

Systems of authority

• Structure, management, governance

Roles and responsibilities

• RACI and mandate

Culture

• Trust

• Transparency

• Values

• Attitudes

NB: Culture changes over time

Workforce capacity and competence consisting of skills, education, competencies, experience:

• Technical skills

• Communication and collaboration skills

• Broad general knowledge of the other areas of the organization

• Deep specialization in certain fields

The complexity of organizations is growing, and more and more IT Assets and functionality is implemented to support the organization therefore it is important to ensure that the way an organization is structured and managed, as well as its roles, responsibilities, and systems of authority and communication, is well defined and supports its overall strategy and operating model.

The effectiveness of an ITAM organization cannot be assured by a formally established structure or system of authority alone. The organization also needs a SAM culture that supports its objectives, and the right level of capacity and competency among its workforces. It is vital that the SAM leaders of the organization champion and advocate values which motivate people to work in desirable ways. Ultimately, however, it is the way in which an organization carries out its SAM activities that creates shared values and attitudes, which over time are considered the organizations ITAM culture.

It is important to promote an ITAM culture of trust and transparency in an organization that encourages its members to raise and escalate issues and facilitates corrective actions before any issues have an impact on customers. Adopting the ITAM guiding principles can be a good starting point for establishing a healthy organizational culture.

People (whether customers, employees of suppliers, employees of the service provider, or any other stakeholder in the service relationship) are a key element.

ITAM skills and competencies of teams or individual members should be in place but not only, there should also be awareness on management and leadership styles, and on communication and collaboration skills.

The organization and people dimension of ITAM covers roles and responsibilities, formal organizational structures, culture, and required staffing and competencies, all of which are related to the creation, delivery, and improvement of a service.

Information and technology

There are many types of technologies that support software asset management and IT Service Management. And many of these technologies can be used in both areas – especially when IT and the business merge when digitalizing the business’ processes.

In relation to the ITAM information component of this dimension, organizations should consider the following questions:

• What information should be managed by the ITAM?

• What supporting information and knowledge are needed to deliver and manage ITAM?

• How will the information and knowledge assets be protected, managed, archived, and disposed of?

The challenges of information management, such as those presented by security and regulatory compliance requirements, are also a focus of this dimension. For example, an organization may be subject to the European Union’s General Data Protection Regulation (GDPR), which influences its information management policies and practices. Other industries or countries may have regulations that impose constraints on the collection and management of data of multinational corporations. For example, in the US the Health Insurance Portability and Accountability Act of 1996 provides data privacy and security provisions for safeguarding medical information collected in the US.

When considering a technology for use or support in the planning, design, transition, or operation of an ITAM product or service, questions an organization may ask include:

• Is this technology compatible with the current architecture of the organization and its customers?

•Do the different technology products used by the organization and its stakeholders work together?

• How are emerging technologies (such as machine learning, artificial intelligence, and Internet of Things) likely to influence the service or the organization?

• Does this technology raise any regulatory or other compliance issues with the organization’s policies and information security controls, or those of its customers?

• Is this a technology that will continue to be viable in the foreseeable future?

• Is the organization willing to accept the risk of using aging technology, or of embracing emerging or unproven technology?

• Does this technology align with the strategy of the service provider, or its service consumers?

• Does the organization have the right skills across its staff and suppliers to support and maintain the technology?

• Does this technology have sufficient automation capabilities to ensure it can be efficiently developed, deployed, and operated?

• Does this technology offer additional capabilities that might be leveraged for other products or services?

• Does this technology introduce new risks or constraints to the organization (for example, locking it into a specific vendor)?

Information technology considerations

• Compatible with the current architecture?

• Does the organization have the skills in the organization to support and maintain it?

• Does it raise any regulatory, compliance or information security control issues?

• Does it have enough automation capabilities to be developed, deployed, and operated?

• Is it viable in the foreseeable future?

• Does it have additional capabilities that can be used for other products or services?

• Does it align with service provider or service consumer strategy?

• Does it introduce new risks or constraints to the organization?

Partners and suppliers

Every organization and every service depend to some extent on services, products or goods provided by other organizations.

Types of supplier relations:

Service partnerships

• Share common goals and risks

• Collaborate to achieve desired outcomes

Goods and service supply suppliers

• Formal contracts

• Clear separation of responsibilities

An organization’s supplier strategy should be based on its goals, culture, and business environment

Factors that may influence an organization’s strategy when using suppliers include:

•Strategic focus - Some organizations may prefer to focus on their core competency and to outsource non-core supporting functions to third parties; others may prefer to stay as self-sufficient as possible, retaining full control over all important functions.

•Corporate culture - Some organizations have a historical preference for one approach over another. Long-standing cultural bias is difficult to change without compelling reasons.

•Resource scarcity - If a required resource or skillset is in short supply, it may be difficult for the service provider to acquire what is needed without engaging a supplier

•Cost concerns - A decision may be influenced by whether the service provider believes that it is more economical to source a requirement from a supplier.

•Subject matter expertise - The service provider may believe that it is less risky to use a supplier that already has expertise in a required area, rather than trying to develop and maintain the subject matter expertise in house.

•External constraints - Government regulation or policy, industry codes of conduct, and social, political, or legal constraints may impact an organization’s supplier strategy.

•Demand patterns - Customer activity or demand for services may be seasonal or demonstrate high degrees of variability. These patterns may impact the extent to which organizations use external service providers to cope with variable demand.

Processes and value

Processes define the activities, workflows, controls, and procedures needed to achieve agreed objectives, including:

• Organizing activities driven by user and customer value streams as well as value streams with other stakeholders

• Connecting value creating activities to output and outcome for stakeholders

A well-defined process can improve productivity within and across organizations.

A process is a set of activities that transform inputs to outputs. Processes describe what is done to accomplish an objective, and well-defined processes can improve productivity within and across organizations. They are usually detailed in procedures, which outline who is involved in the process, and work instructions, which explain how they are carried out.

The same structure (of the value chain, value streams, processes, procedures, and work instructions) applies to specific services: to successfully create, deliver, and improve a service, the following questions need to be answered:

• What is the generic delivery model for the ITAM-service, and how does the service work?

• How does it impact and involve the organization and organizational unit?

• What are the value streams for each involved organizational unit involved in delivering the agreed outputs of the ITAM-service?

• Who, or what, performs the required ITAM-service actions?

Specific answers to these questions will vary depending on the nature and architecture of the ITAM service.

Processes for Software products including getting answer for the following questions:

• What is the generic delivery model for the service, and how does the service work?

• What is the value involved in delivering the agreed outputs of the software?

• Who or what performs the required actions?

External influence of the dimensions

Service providers do not operate in isolation. They are affected by many external factors, and work in dynamic and complex environments that can exhibit high degrees of volatility and uncertainty and impose constraints on how the service provider can work.

To analyse these external factors, frameworks such as the PESTLE (or PESTEL) model are used. PESTLE is an acronym for the political, economic, social, technological, legal, and environmental factors