What is SAM? Software Asset Management means different things to different people. SAM does not include Hardware Asset Management, except for those aspects that are necessary for effective SAM. (Collectively, Software Asset Management and Hardware Asset Management can be referred to as IT Asset Management, or ITAM) Generally speaking, SAM is more complex and more demanding than Hardware Asset Management and therefore the SAM processes need to be greater in scope and more comprehensive in content. As a result, systems that can handle SAM can normally be expected to handle Hardware Asset Management as well. Furthermore, it must be stressed that it is essential for hardware assets to be managed as well as software assets, even though not covered by this guide. The coverage in this guide is intended to be manufacturer and platform-neutral, to the extent practical. Specific products are not mentioned, nor is there focus on specific architectures such as mainframe or client/server. Most of the coverage should be equally applicable to PC workstations as to servers and mainframes, and even to network communications equipment such as routers.
The underlying justification for SAM is the need to apply good corporate governance to organisations software assets. These typically include much of an organisations asset base, are critical to its continued operations, and underlie some of an organization main legal and contractual obligations. This is a common-sense justification, but it is increasingly being reinforced by statutory or regulatory corporate governance requirements, such as Turnbull in the UK and Sarbanes-Oxley in the US. Consequently, the ultimate responsibility for good corporate governance of software assets lies with an organization’s senior management and success or failure in this area ultimately rests with them.
The importance of SAM is illustrated by a quote from George Cox, the Director General of the Institute of Directors (IoD) in the UK:
‘The role and importance of externally acquired software have changed dramatically in recent years, to the point now where it has to be regarded as a business asset and managed as such. Software Asset Management has become an imperative, not an option. Software licenses are business assets. Without them, directors expose their business and themselves to constraints and to legal and financial risk. There is also a broader justification for SAM, which is all of the benefits it helps to deliver’
The most important requirement for a SAM project is to have a clear vision and strategy that are owned by senior management. They should be the driver for initiating everything else in SAM, and in particular, they drive the process of creating the business case. This vision and strategy should include any overarching vision and strategy for Configuration Management as a whole, i.e for all of ICT and not limited just SAM.
Overall policies need to be established and communicated effectively to the entire organisation. Corresponding responsibilities also need to be clarified and communicated. Detailed processes need to be defined and implemented, including automated capabilities and written procedures.
Once SAM is implemented, there will be the ongoing performance of SAM processes with the concurrent maintenance of information in the set of SAM databases (which is part of the Configuration Management Database or CMDB in ITIL terminology) that will need to be tackled. SAM should be subject to the same disciplines of Service Management as all ICT services and infrastructure, as discussed in the core ITIL publications. For example, SAM cannot continue to function properly without attention to areas such continuity of operations and Capacity Management. However, these more general topics are not discussed in detail in this guide.
The basis of any good SAM system is accurate and up-to-date SAM information, together with the processes for control of its accuracy. The SAM databases also provide essential information for the integration of SAM processes with other ICT and business processes. They should be considered logically as a single database but may consist of several physically separate, but linked, databases. In highly decentralized organisations, each autonomous unit may have its own autonomous database, but there needs to be the central collection of some data to achieve some of the greatest benefits of SAM.
There also needs to be a regular process of review and improvement affecting all areas already addressed. At one level there should be a review for compliance with defined policies and procedures and, where appropriate, corrective action. There may be opportunities for improvements in efficiency and effectiveness, and definitions of responsibilities. Vision may also change, in response to changing market opportunities and threats or technological developments.
It is impossible to implement an effective SAM process without the successful design, development, implementation, and maintenance of accurate SAM databases, automatically updated from the live infrastructure.