You are on page 1of 20

NSW Government

Software Asset Management


Standard
Version 1.0

October 2014

standards@finance.nsw.gov.au
ICT Services
Office of Finance & Services
Level 23, McKell Building
2-24 Rawson Place
SYDNEY NSW 2000

Software Asset Management Standard

CONTENTS
1.

CONTEXT

2.

KEY PRINCIPLES

3.

REQUIREMENTS

DOCUMENT CONTROL

APPENDIX A SAM PROCESS FRAMEWORKS

APPENDIX B CORE SOFTWARE ASSET MANAGEMENT PROCESSES

11

APPENDIX C CORE SOFTWARE ASSET MANAGEMENT PROCESSES MAPPED TO ISO/IEC 19770-1

17

APPENDIX D REFERENCES

19

APPENDIX E STANDARDS

20

Software Asset Management Standard

1. CONTEXT
1.1.

Background
This Software Asset Management (SAM) Standard is a technical standard developed through
the NSW ICT Procurement and Technical Standards Working Group (PTS Working Group). The
standard contains technical and business requirements that agencies should consider when
procuring SAM services.
By defining common government requirements, the standard provides an opportunity to
leverage whole of government buying power and reduce inefficiencies.
A substantial proportion of an agencys ICT expenditure is allocated to purchasing, maintaining
and operating software. The SAM standard will assist agencies in maintaining strategic
oversight of their software assets, and will help agencies optimise their software environments.

1.2.

Purpose
The purpose of this standard is to assist NSW Government agencies to develop, procure and
implement SAM solutions and tools, as well as take full advantage of the benefits of SAM
solutions and tools.
It details the issues that need to be considered so each agency can identify the available options
that best suit their business requirements, helping agencies achieve value for money through
cost savings and improved flexibility of service offerings.

1.3.

Scope and application


This standard applies to all NSW Government departments, statutory bodies and shared service
providers. It does not apply to state owned corporations, but is recommended for adoption.
This standard does not exhaustively cover all agency specific considerations. Agencies may need
to asses any specific requirements they have in addition to those detailed in this standard.

1.4.

Policy
The NSW Government ICT Strategy sets out the Governments plan to build capability across the
NSW public sector to deliver better, more customer-focused services that are available
anywhere, anytime, and derive better value from the Governments annual investment in ICT.
Developing whole of NSW Government ICT technical standards is a key initiative of the NSW
Government ICT Strategy, with this work being driven by the PTS Working Group. The standards
are designed to be consistent with NSW Government ICT Strategy and NSW Government Cloud
Services Policy and Guidelines objectives, and they support the development of the NSW
Governments ICT Services Catalogue.
The standards set out service definitions as minimum requirements that suppliers must meet to
be able to offer their services through the NSW Services Catalogue. This helps achieve
consistency across service offerings, emphasising a move to as a service sourcing strategies, and
it signals government procurement priorities to industry.
This standard should be applied with existing standards, policies and guidance that make up the
NSW Information Management Framework, as set out in the Information Management: A
Common Approach, and including the NSW Digital Information Security Policy.
NSW Government agencies must carefully consider their obligations to manage government
data and information. Contract arrangements and business processes should address

Software Asset Management Standard

requirements for data security, privacy, access, storage, management, retention and disposal.
ICT systems and services should support data exchange, portability and interoperability.
More information on the development of standards for the ICT Services Catalogue is at
Appendix E Standards.

1.5.

The ICT Services Catalogue


This catalogue provides suppliers with a showcase for their products and services, and an
opportunity to outline how their offerings meet or exceed standard government requirements.
The standards, together with supplier service offerings in the ICT Services Catalogue, help to
reduce red tape and duplication of effort by allowing suppliers to submit service details only
once. The offerings are then available to all potential buyers, simplifying procurement
processes for government agencies.
Implementing this category management approach will embed common approaches,
technologies and systems to maintain currency, improve interoperability and provide better
value ICT investment across Government.

2. KEY PRINCIPLES
The following principles guide the development and implementation of this standard.

Facilitating as a service: Specification of environments should support agencies in moving to as a


service sourcing models.

Interoperability: Meeting this standard should help agencies achieve application and hardware
interoperability, ensuring that agency computing environments enable appropriate information
sharing across devices and applications.

Mobile and flexible: Environments should support modern office work practices, including flexible
and/or activity based working or hot desking.

Vendor / operating environment agnostic: Environments should be vendor and operating system
agnostic. Devices such as laptops, notebooks, thin-clients etc. should be able to connect to, and
access the network. The network should also be fully compatible with widely used operating
environments.

3. REQUIREMENTS
3.1.

SAM system deliverables


In accordance with recognised standards an effective SAM system should:

Capture information about software assets and their use


Support core tasks and functions
Manage the software asset lifecycle
Support business objectives and outcomes
Promote responsible SAM, and
Deliver best practice

3.1.1. Capturing information


The SAM system should incorporate the ability to capture accurate, complete information
about the software assets and their use. This may include asset discovery tools, deployment
records and procurement records. This may also involve deploying software asset registers or
logs to record the software assets that the agency owns, as well as software asset audit and
metering tools to track where and how agency software is used.

Software Asset Management Standard

3.1.2. Supporting core tasks and functions


The SAM system should assist the agency to perform its core asset management tasks including
asset identification, control, and licence compliance monitoring. This includes enabling the
agency to complete software licence optimisation, rationalising its software portfolio by
reallocating, re-harvesting and deploying software licences where appropriate. The system
should enable the agency to readily and reliably plan for its future software needs, including
identifying opportunities for retirement, portability or pooling for planned projects.
3.1.3. Managing the software asset lifecycle
The SAM system should address the full asset lifecycle, from identifying business requirements
to the retirement of the asset. The system should provide interfaces into other systems that
enable the agency to manage, change, acquire, develop and deploy software, as well as manage
incidents and exceptions. It should enable the agency to manage software retirements,
including identifying opportunities for reuse where permissible under licence agreements.
3.1.4. Supporting business objectives and outcomes
The SAM system should assist agencies in achieving their business objectives. Objectives may
include improving worker productivity and mobility by allowing the agency to scale and deploy
its software assets as needed, assisting the agency to manage the cost of its software assets
more effectively, and managing the risks associated with software licencing. Ultimately, the
SAM system should assist the agency to achieve a better return on its software investments.
3.1.5. Promoting responsible SAM
Agencies deploying SAM systems should establish and implement internal policies and controls
that help them to manage the system appropriately. This includes clarifying employee
obligations for compliance with copyright and information management legislation, as well as
controls that ensure potential or actual breaches are quickly addressed and remedied. To
ensure this occurs, the SAM system should include education and communication strategies to
assist employees at all levels understand their responsibilities.
3.1.6. Delivering best practice
Agencies should utilise a system that aligns with or addresses the elements of one of the
standards for SAM. This standard references ISO/IEC 19770-1 and ITIL v3 SAM, which are
internationally recognised.
The process frameworks for these standards are shown in Appendix A, and the elements of the
ISO standard are detailed in Appendix B. There are other widely recognised standards such as
COBIT 5, and others may become available over time. Appendix C shows core software asset
management processes mapped to ISO/IEC 19770-1, and Appendix D lists other references.

Software Asset Management Standard

3.2.

SAM competency
Agencies can assess their current SAM competency or the capability of their SAM system
against the four broad levels as described in Table 1, or on the basis of the core SAM elements
(to be) implemented as per Table 2 and described in detail in Appendix B.

Table 1: SAM Capability Classifications

SAM
implementation
Reactive SAM
Proactive SAM
Managed SAM

Optimised SAM

Description
Most manual processes, ad-hoc purchasing and compliance risks due to
limited licensing procedures.
Defined and standard software purchasing, deployments and security
updates. Organised licensing and standardised policies.
Managed acquisition processes and policies, centralised asset tracking and
management. Visibility and control of asset costs, savings, governance and
liabilities.
Optimal acquisition and redeployment cycles, efficient business infrastructure
with agile and adaptable IT solutions. Optimised insight into agency assets for
current needs and future plans.

The four levels of intended or implemented SAM capability or competency are listed in the first column
in the table below. The corresponding required processes to be adopted from the ISO standard are
ticked in the columns.
As noted throughout, compliance can be to any appropriate standard, providing the agency is satisfied
that the business outcomes it requires from SAM are being achieved.

Reactive SAM

Proactive SAM

Managed SAM

Optimised SAM

Software asset
verification
Software licence
compliance
Software asset
security
Conformance
verification
Relationship and
contract mgmt.
Financial
management
Service level
management
Security
management

Dependency analysis

Application
governance

Software asset
inventory
Software asset
control

Software Asset
Management
Capability or
Competency
Software asset
identification

Software Asset Management Standard

Table 2: SAM Processes and Capability / Competency Matrix

Core Software Asset Management Processes

Software Asset Management Standard

DOCUMENT CONTROL
Document history
Status: Final
Version: 1.0
Approved by: NSW Procurement & Technical Standards Working Group
Approved on: 23/9/2014
Issued by: NSW Office of Finance & Services
Contact: standards@finance.nsw.gov.au
Telephone: (02) 9372 7445

Review
This standard will be reviewed in 12 months. It may be reviewed earlier in response to postimplementation feedback from agencies.

Software Asset Management Standard

APPENDIX A SAM PROCESS FRAMEWORKS


Table 3 below summarises, at a high level, the ISO/IEC 19770-1 Process Framework for SAM, while Table 4
on the following page outlines the ITIL Process Framework.
Table 3: ISO/IEC 19770-1 Process Framework for SAM

Governance
Control environment
Governance
structures

Roles and
responsibilities

Policies, processes
and procedures

Capabilities and
competence

Implementation

Monitoring and review

Continuous
improvement

Software asset
inventory
management

Software asset
control

Planning and implementation processes


Planning

Core SAM processes


Inventory processes
Software asset
identification

Verification and compliance processes


Software asset record
verification

Software licensing
compliance

Software asset
security compliance

Conformance
verification

Operations management processes and interfaces


Relationship and
contract management

Financial
management

Service level
management

Security management

Primary process interfaces for SAM


Software lifecycle
Change management

Software
development

Software deployment

Problem management

Acquisition

Software release
management

Incident management

Retirement

A detailed explanation of the expected core SAM processes mentioned in the table above is
contained in Appendix B.

Software Asset Management Standard


Table 4: ITIL v3 Process Framework for SAM

Overall management processes


Overall management
responsibility

Risk assessment

Policies and procedures

Competence, awareness and


training

Performance metrics and


continuous improvement

Service continuity and


availability management

Core asset management processes


Asset identification

Status accounting

Asset control

Database
management

Requirements definition

Design

Evaluation

Procurement

Build

Deployment

Operation

Optimisation

Licensing compliance

Security compliance

Other compliance

Supplier
management

Internal business
relationship
management

Outsourcing
management

Financial Management
Logistic Processes

Retirement
Verification and compliance processes
Verification and audit
Relationship processes
Contract management

10

Software Asset Management Standard

APPENDIX B CORE SOFTWARE ASSET MANAGEMENT PROCESSES


A. Inventory processes
Software asset identification
The SAM system should enable the agency to ensure necessary classes of assets are selected and grouped.
Assets should be defined, recorded and sorted by appropriate characteristics that enable effective and
efficient control of software and related assets.
The SAM system should include a Software Asset Register that meets the following minimum software
identification requirements:

The register should identify the type of software assets to be controlled and information associated
with them formally defined, taking into account:
o

Items to be managed are chosen using established selection criteria, and grouped, classified and
identified to ensure manageability and traceability throughout their lifecycle.

Basic information, including:


Software vendor
Software title
Software edition
Software version
Licence type/model
Number of licences owned
Contract numbers relating to purchase
UNSPSC code (if available)
System owner / product manager (where appropriate)
Support and maintenance status.

Items to be managed include:

Definitive Software Master List List of all software approved for use in the organisation
Contracts related to software assets regardless of format
Licence agreements (including end user licence agreements, click through licence
agreements and freeware licence agreements etc.), incorporating terms and conditions
Proof of purchase.

A Hardware Asset Register should be used to capture relevant details relating to hardware asset
classes, namely:
o Location (where appropriate)
o System owner
o Status (test/development/production etc.)
o Type (software, hardware facility etc.)
o Platforms on which software assets can be installed/run
o Changes to assets
o Hardware inventory including locations are verified on a regular (minimum six monthly) basis
including reporting identified exceptions.

Software asset inventory management


The SAM system should enable the agency to ensure physical instances of software assets are properly
stored and that required data characteristics for all assets/configuration items are accurately recorded
throughout the lifecycle.

11

Software Asset Management Standard

To achieve these goals, the system should include the following:

Definitive Software Master List: media library (including copies of all versions/patches of all software
currently in use in the environment).
Definitive Software Master List: documentation (a copy of each piece of documentation relating to
each software title installed in the environment).
Definitive Software Master List: licences and proof of purchase (including all base licences, upgrades,
cross grades etc.).
Copies of all software patches relating to software currently installed in the environment
Installed software (including version, editions, patches etc.).
Software packages authorised for deployment.

Software asset control


The SAM system should enable the agency to control its software assets while maintaining a record of
changes to its software asset holdings. The software asset controls should allow the agency to demonstrate
that:

An audit trail is maintained with changes made to software including changes in status, location,
custodianship and version.
Appropriate policies, processes and procedures are approved and issued for development,
maintenance and management of software versions, images, builds and releases.

B. Verification and compliance processes


Software asset record verification
The SAM system should enable the agency to ensure records are accurate and maintained in accordance
with information management requirements. The system should include processes for software asset
record verification, including:

Verification of installed software reporting to ensure accuracy at least.


Minimum quarterly reconciliation between what is installed and what was authorised for installation
across the environment.
Inventory and verification of the Definitive Software Master List media library, licence and proof of
purchase conducted on a half yearly basis.
Contract documentation related to software assets verified for completeness at least annually. Any
issues, problems or exceptions to the above are documented, root-cause analysis is performed and
remediation activities undertaken to achieve correction. All findings and remediation activities to be
fully documented.

Software licensing compliance


The SAM system should enable the agency to ensure all software is licensed correctly and that contractual
and licence terms and conditions relating to software installation and usage are met. The system should
include policies, processes and procedures to ensure that employees comply with their software licence
management obligations and terms of use, including:

Procurement policy.
Deployment/installation policy.
Usage policy.
Regular confirmation of effective licence position.
Recording of discovered compliance issues in the Software Risk Register.
Appropriate remediation actions are taken and recorded.
The root cause of the issue is determined and action is taken to address it.
12

Software Asset Management Standard

Software asset security compliance


The agency should ensure physical and technical security measures related to the storage of software and
related assets prevent unauthorised access or use. Implementation of the SAM system should enable the
agency to:

Report on who has had access to the software media and licence keys.
Identify which purpose the software was accessed for.
The date of access and return.
Report on actions taken to address unauthorised or extended access.

Conformance verification
The SAM system should enable the agency to monitor and ensure conformance with regulatory
requirements and best practice standards. Agencies should be in a position to demonstrate that:

Policies and procedures are developed, approved and issued for verifying compliance with their
selected standard.
Verification procedures are being performed annually and that corrective follow-up action is taken on
identified exceptions.

C. Operations management processes and interfaces


The SAM system should enable the agency to execute the operational management functions that are
essential to achieving overall SAM objectives and benefits.

Relationship and contract management


The SAM system should enable the agency to manage its relationships with other organisations, including
its contracts and contractual relationships for software and related assets/services. Implementation of the
system will enable the agency to demonstrate:

Policies and procedures are developed, approved and issued for managing relationships with suppliers
providing software and related assets/services to include:
o Definition of responsibilities for supplier management with individuals assigned to have clear
overall responsibility for managing suppliers.
o

Formal documented reviews at least half yearly of supplier performance, achievements and
issues, with documented conclusions and decisions about actions to be taken.

Policies and procedures developed, approved and issued for management of customer-side
relationships including:
o Definition of responsibilities for managing customer-side business relationships with respect to
software and related assets/services.
o

Regular reviews of current/future software requirements across the agency as a whole.

Formal documented annual reviews of service provider performance, customer satisfaction,


achievements and issues, with documented conclusions and decisions about any actions to be
taken.

Policies and procedures developed, approved and issued for managing contracts including:
o Ensuring contractual details are recorded in an on-going contract management system as
contracts are signed.
o

Copies of all signed contractual documentation securely maintained in a document management


system in addition to keeping original signed documents.

Half-yearly documented reviews prior to contract expiry, and all contracts with documented
conclusions and decisions about actions taken.
13

Software Asset Management Standard

Financial management
The SAM system should enable the agency to appropriately budget and account for its software and related
assets. Implementation should allow the agency to achieve the following:

Definitions of financial information relevant to management of software and related assets are agreed
with relevant parties and documented by asset type.

Formal budgets are developed for acquisition of software assets and related support.

Actual expenditure on software assets and related support and infrastructure costs is accounted for
against budget.

Clearly documented financial information is available about software asset values (including but not
limited to historical and/or depreciation costs).

Formal documented quarterly reviews of actual expenditure against budget with documented
conclusions and decisions about any actions required.

Security management
Manage information security effectively with all SAM activities and support approval requirements related
to SAM. Implementation will enable agencies to demonstrate:

Formal policy is developed and approved regarding security/access restrictions for all SAM resources,
including physical/electronic stores of software builds/releases.

Access controls are specified, both physical and logical, to enforce the approval requirements of SAM
policies.

There is documentary evidence showing that specified access controls are implemented in practice.

D. MANAGING THE SOFTWARE LIFECYCLE


An effective SAM system should be closely integrated with standard management processes.

Change management
Ensuring effective integration between the SAM system and the change management process will enable
the agency to demonstrate that a formal process exists, requiring that:

All change requests that affect software and/or SAM processes are identified and recorded.

All change requests that affect software and/or SAM processes are assessed and approved via a formal
change process that includes SAM representatives.

The success or failure of changes is documented and periodically reviewed.

Acquisition
Effective integration between the SAM system and the procurement process will allow the agency to
demonstrate that:

The relevant standard architectures are defined for the provision of software services, as well as
criteria for deviating from those standards.

Standard software configurations are defined, as are criteria for deviating from those standards.

Standard software procurement methods are defined, as are criteria for deviating from those
standards.

Software approved for use is detailed in the Software Catalogue indicating editions, versions and
approved acquisition method.
14

Software Asset Management Standard

Policies and procedures are developed, properly authorised and issued for requisitioning and ordering
software and related assets, including:
o

How requirements are specified.

Management and technical approvals required.

Use/redeployment of existing licences if available.

Recording future purchase requirements for those cases where software can be deployed before
reporting and payment.

Acquisition method and approved exceptions.

Policies and procedures developed, properly authorised and used for receipt-processing functions
related to software and related assets including:
o

Processing invoices, reconciliations to orders and retention of copies for licence management
purposes.

Receipting and safe-keeping valid proof of licence for all licences purchased.

Processing incoming media including requirements for verification, record-keeping and safekeeping of contents (physical and electronic).

Software development
Effective integration between the SAM system and the software development process will allow the agency
to demonstrate:
That, where practical, software development is occurring in a segregated environment.

That a formal process for software development exists and considers standard architectures and
configurations, licence constraints and dependencies.

Formal process for software development to include SAM requirements and controls.

Software release management


Effective integration between the SAM system and the software release process will allow the agency to
demonstrate that:
Release of software is approved by the responsible management.

Result of the release is recorded and periodically reviewed.

Software deployment
Effective integration between the SAM system and the software deployment process will allow the agency
to demonstrate that:

Distribution of software and related assets is approved by the responsible management.

Security requirements are complied with, including over access to software being distributed and after
installation.

All changes to the status of relevant software are recorded accurately and in a timely fashion including
any change of custodianship, and an audit trail of changes is kept.

Documented control to verify what was deployed is the same as authorised for deployment.

Success or failure of deployments is recorded and periodically reviewed.

15

Software Asset Management Standard

Incident management
Effective integration between the SAM system and the incident management process enables the agency
to demonstrate that:

All incidents that affect software/related assets or SAM processes are recorded and classified as to
their priority for resolution.

All such incidents are resolved in accordance with priority for resolution and the resolution is
documented.

Problem management
Effective integration between the SAM system and the Problem Management process enables agencies to
demonstrate that:

All incidents that affect software and/or related assets and/or services, along with SAM processes, are
recorded and classified as to their impact.

High priority and repeat incidents are analysed for underlying causes and prioritised for resolution.

Underlying causes are documented and communicated to incident management.

Problems are resolved in accordance with priorities for resolution and the resolution is documented
and communicated to incident management.

Retirement/re-harvesting
The SAM system should assist the agency to ensure that software and related assets are removed, recycled
and reused as appropriate and in compliance with information management requirements. The system
should enable processes to ensure that:

Deployed copies of software are removed from retired hardware (where it is permitted for licences to
be removed).

Licences and other assets which can be redeployed are identified for redeployment.

Assets transferred (re-harvested) to other parties, and are transferred taking into account any
confidentiality, licensing or other contractual requirements.

Licences and other assets that cannot be redeployed are properly disposed of.

Records are updated to reflect the changes above, and audit trails are maintained of all changes.

16

Software Asset Management Standard

Inventory processes
Software asset
identification

The scope of software assets controlled should be defined and address software entitlement (product and
version), proof-of-licence, contracts/agreements, media and software deployment.

Software asset
inventory management

A central and comprehensive inventory of software assets (physical and electronic) should be maintained to
record installed software and software licences. Activities to ensure that the inventory is effectively
maintained must be embedded broader SAM processes.

Software asset control

Processes to control and record changes to software assets should be embedded within the SAM system to
ensure that an appropriate audit is maintained.

Application governance

Processes to control and record types, versions, OEM and outcomes of all applications deployed across the
enterprise to ensure redundancies in types of applications are effectively monitored, managed and where
appropriate collated.

Dependency analysis

Processes to control and record operational and technical requirements dependencies driving deployment
to map dependency of commissioned ICT capabilities against the type and number of applications so
deployed, and where applicable, enterprise wide licence portability, licence re-harvesting, active
obsolescence management and eliminating redundancies across both licence numbers and types.

Verification and compliance processes


Software asset record
verification

Controls should be established to detect and manage deviations in SAM processes and ensure that accurate
software asset records are maintained.

Software licensing
compliance

Effective processes should be established to ensure that licensing terms are understood and there are regular
licence reconciliations performed to verify that software is being used under the terms of the licence.

Software asset security


compliance

Effective processes and controls should be established to prevent unauthorised installation of software and
detect any deviations to the standard processes.

Conformance
verification

NSW Government aims to implement standards based on parts of the ISO/IEC standards however there is no
requirement for ISO certification. Deviations from the SAM system should be addressed.

17

reporting

Monitoring &

management

Contract

management

Software

Procurement

Planning

APPENDIX C CORE SOFTWARE ASSET MANAGEMENT PROCESSES MAPPED TO ISO/IEC 19770-1

Operations management processes and interfaces

Relationship and
contract management

Effective processes and controls should be established to address relationship and contract management for
SAM in line with corporate policies and procedures.
Specific considerations relating to effective relationship and contract management for SAM should be
addressed through:
Identifying a relationship owner for each vendor relationship
Engaging with the appropriate commercial authority (as required)
Ensuring that the terms of the licence are understood and complied with
Vendor driven activities (e.g. true up, audit or maintenance / subscription renewals) are completed in line
with the terms of the licence
Periodic forecasting of long-term software requirements.

Financial management

Regular reporting of software related spend should be established. The requirements of the financial
reporting must be determined by the organisation-wide financial management practices.

Service level
management

Service levels should be embedded within the SAM system to measure the effectiveness of the processes.

Security management

Effective security management controls should be established to ensure that access to the software asset
inventories (physical and electronic) is appropriately restricted.

18

reporting

Monitoring &

management

Contract

management

Software

Procurement

Planning

Software Asset Management Standard

Software Asset Management Standard

APPENDIX D REFERENCES
Agencies should have regard to the following statutes, NSW Government policies and standards:

AS/NZS ISO 31000 Risk management Principles and guidelines


Copyright Act 1968
Electronic Transactions Act 2000
Government Information (Information Commissioner) Act 2009
Government Information (Public Access) Act 2009
Health Records and Information Privacy Act 2002
Information Technology Infrastructure Library (ITIL) v3
ISO/IEC 19770-1 Software Asset Management
NSW Digital Information Security Policy
NSW Government Cloud Services Policy and Guidelines
NSW Government Open Data Policy
NSW Government ICT Strategy
NSW Government ICT Technical Standards Mobility Standard
NSW Government Digital Information Security Policy
NSW Government ICT Strategy and Implementation Update 2013-14
NSW Government Information Classification and Labelling Guidelines
NSW Procurement: Small and Medium Enterprises Policy Framework
Privacy and Personal Information Protection Act 1998
Public Finance and Audit Act 1983
Public Interest Disclosures Act 1994
State Records Act 1998
TPP 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector

19

Software Asset Management Standard

APPENDIX E STANDARDS
Developing standards
Development of a standard begins with identifying the need for a new standard, which is followed by the
development of the standard in consultation with the industry and experts groups, including the Australian
Information Industry Association (AIIA).
The following diagram outlines the process.
Need for new or
amended standard
identified

Business requirements
change

Standard developed
(Industry/agencies
consulted)

Services added to
Catalogue

Standard approved and


released by PTS
Working Group

Market engagement
for services which meet
the standard

The PTS Working Group is chaired by the Office of Finance and Services and includes senior representation
from across the NSW Government clusters.
Agencies engage with the PTS Working Group concerning services for inclusion in the ICT Services
Catalogue. This drives the development of technical standards, where none exist. The PTS Working Group
has the leading role in reviewing and endorsing the technical standards developed in response to agencies
requirements.
The PTS Working Group is supported by two sub groups responsible for the areas of Telecommunications
and Services & Solutions. The sub-groups are responsible for initial development and review of standards
relating to their areas of responsibility.

Management and implementation


There is scope to modify standards through the NSW ICT governance arrangements as necessary. Standards
are designed to add value, augment and be complementary to, other guidance, and they are continually
improved and updated.
This standard does not affect or override the responsibilities of an agency or any employee regarding the
management and disposal of information, data, and assets. Standards in ICT procurement must also
address business requirements for service delivery.
NSW Procurement facilitates the implementation of the standards by applying them to the goods and
services made available through the ICT Services Catalogue. Standards will also be available on the
ProcurePoint web site.

20