Software asset management processes and model

The industry must now focus on software assets in order to improve the management of purchased software and their associated licenses: over the years, organizations have indeed purchased a significant amount of commercial software and they now have to manage their related costs while ensuring that the license's terms and conditions are respected. Until now, the industry has been offering incomplete solutions to the management of software assets while using different approaches, terminologies and tools with varying functional scopes. The industry recognizes the need to improve Software Asset Management (SAM) but does not agree on the means to do so. This thesis proposes to start with a common industry SAM definition. To help organizations use the processes that constitute the SAM definition, a descriptive analysis of the processes, an assessment method and a graphical representation are provided to facilitate its use in the industry. Furthermore, to ensure the set of processes reflect the view and needs of the industry; the author actively participated in the writing of the ISO standard on SAM: the panel of experts contributing to ISO also provided a mean to validate several of the SAM topics discussed in this thesis. The research objectives are to: 1. Actively contribute to the development and to the content of the ISO international standard on SAM (ISO/IEC 19770-1). 2. Capture, idenfify and analyze elements that are relevant to SAM, including those that would not make it into the final version of the international standard. 3. Provide an analysis of the international SAM standard with respect to the 27 processes within ISO/IEC 19770-1. 4. Develop an exploratory assessment method to allow organizations to determine their gaps against ISO/IEC 19770-1. The approach selected was to align the research work of this thesis with the then new ISO working group created in 2002 to address issues related to the management of software assets and to contribute actively to the development of an international standard on SAM processes, that is: ISO/IEC 19770-1. The results of this thesis are: 1. A common set of processes to describe the scope and content of SAM. This allows the industry to have a common point of reference and vocabulary when referring to SAM. 2. Through a literature review covering both the industry and the research community it was possible to highlights the divergence of scope and terminology with software manufacturer and the lack of agreement of what is a SAM manager. This thesis addresses these issues by identifying the full set of SAM processes. 3. The thesis analyses the standard used as the basis of reference for the assessment, that is: the ISO/IEC 19770-1 standard on SAM. The description and analysis of this standard allows for a better understanding of the purpose of each process and the interactions across existing standards such as ISO/IEC 20000 on Service Management. 4. The thesis also proposes a method to assess and assign a maturity level to each of the processes of the ISO/IEC 19770-1 standard; the ISO/IEC 15504 standard is used to perform the assessment. 5. Organizations recognize that poor management of software assets puts the organization at risk. However, organizations did not have any common way of assessing these risks. With the use of the ISO/IEC 19770-1 standard and the assessment method, organization can now identify the maturity levels of control points and assess their impact on the organization