Software Asset Management (SAM) is a business practice that involves managing and optimising the purchase, deployment, maintenance, utilisation and disposal of software applications within an organisation. To efficiently run SAM, support and interaction are required from a number of areas within the business:
- Operations/IT need to provide data from discovery tools/Active Directory/Anti-Virus/SCCM etc.;
- Operations/IT need to support, maintain and run any SAM tools and databases;
- Commercial/Finance need to supply Purchase Order and Contract information;
- Commercial/Finance will be the interface for software audits.
Although these stakeholders are responsible and accountable for the information required, it must be decided who will ultimately own the service line, govern it and create the policies.
The majority of the information that feeds SAM comes from tools that are managed by IT. Also, as well as SAM relying on hardware information, it can provide analysed data and reports back to IT to support refresh, maintenance, decommissioning, leasing, end of life and data quality etc. With this in mind it could be considered that SAM is more aligned to IT as that is where the data comes from and they also benefit from the analysis.
However, SAM is about software – including licensing, compliance and audits. If a piece of hardware is operating how it should but is not licensed correctly, it is not IT that will bear the financial burden. Consequently, it would make sense that the ownership of SAM sits with Finance.
SAM must be policed. Policies need to be written and adhered to by all stakeholders. There is significant service compliance and governance involved due to its cross functional nature. If there is a Service Integration and Management (SIAM) function in place at the company, its aim is to seamlessly integrate interdependent services from various internal and external service providers into an end-to-end service, in order to meet business requirements. SIAM should therefore police SAM however Finance would still be ultimately accountable.
To conclude, it is generally understood that SAM should be aligned to Finance due to the implications of the software finances. However, they cannot manage this alone and will need IT and other areas to be responsible and accountable for the data they provide and policies they must adhere to. A governing board will ensure this.
For any further help or advice around SAM, please contact ITAMS.
Many of our customers have a relationship with one or several SAM Service Providers to help with different parts of a SAM solution or to design and manage the entire solution, but it is often the case that the chosen provider(s) do not have the right capabilities to suit their requirements.
For further information on SAM Service Providers and how to select them, please sign up to receive our complimentary guide:
Many organisations believe that a SAM Tool will solve all their SAM issues.
However, this is not the case.
For your organisation to be successful in SAM, the following five components of SAM are all key and should be considered carefully as part of your SAM programme.
For more information on how to successfully manage SAM within your organisation, download our guide:
Many organisations attempt to manage their software licence compliance through a number of sporadic processes, procedures, tasks and activities split across different departments which are not centralised.
Implementing centralised SAM processes will enable your organisation to manage your software licence compliance more effectively and help you to achieve a mature SAM service by ensuring that the people, processes and policies within your organisation are aligned and that your organisation is working towards a common SAM strategy.
A SAM policy is an important part of your SAM programme and like any other policy, it is designed to ensure rules are followed and communicated appropriately.
There are two types of policy, one aimed at the end user which covers things like software use and security aspects, and the second which is an operating policy, covering aspects of SAM more from an operational governance perspective.
The business goals of your organisation will dictate the tightness of your SAM policy, creating a trade-off of user/IT enablement versus risk management. However, at any level you must ensure that for the policy to be effective, it must be clearly defined, communicated, enforced and managed.
Defining the SAM Policy
So, how do you start putting together a coherent and comprehensive SAM policy?
First of all you need to start by asking yourself a few questions:
1) What existing corporate policies and governance structure do we have in place, and do they
reflect our current business goals?
2) Who will be responsible for writing, maintaining and communicating the policy?
3) What processes do we need to define and manage an asset from requisition to retirement?
4) Who will be involved in the process and what responsibilities will they have?
5) How will the policy be enforced, both for users and for IT professionals?
6) Who is the audience for the policy?
What to include in your SAM policy
The content of a SAM policy differs from one organisation to another and depends on various factors such as the size of your organisation, users’ software requirements, staff mobility, use of mobile devices, structure of IT and procurement departments etc.
Your SAM policy needs to include strict guidelines that you want from a SAM governance perspective and which specifically relates to the SAM programme.
Tips on formulating your SAM policy
To ensure your SAM policy is effective, remember to:
1) Clearly define your policy and ensure it is easy to follow, enforce and manage.
2) Whilst the writing of the actual SAM policy is the responsibility of the IT Asset/SAM Manager, it is important that buy-in is sought from peers and all stakeholders involved or impacted by it.
3) Review and check your policy against business goals and align appropriately.
4) Differentiate between policy (why we do it), process (what we do) and procedure (how we do it, when we do it and with whom).
5) Standardise formatting for all policies (templating).
Policies should follow a uniform format, all policies should be structured in the same way throughout the organisation. In other words, if your organisation has existing policies, be sure to use them as a template to creating your SAM policy.
6) Create a Communication timeline/plan for distributing the policy details to stakeholders and business areas
7) Communicate the policy in line with your SAM processes and governance structure and corporate communications guidelines.
8) Your policy should be kept up-to-date. Initially it should be revised two months after release and then every 12 months thereafter.
Need more help?
So, if you still need some help building your SAM policy, ITAMS has developed a new one day workshop on SAM Policy Development for any newbie to SAM or existing SAM practitioner.
The workshop aims to help you identify, assess and develop appropriate policies to underpin your SAM practice and provide you with the core building blocks required to meet your business and SAM service goals. You’ll also get a set of best practice templates to take away.
For more information and to book your place, please visit click here.