Collaborate with your compliance colleagues (Part 1 of 2)

As a SAM or ITAM manager, you are probably used to thinking about compliance in relation to license positions. And you have most likely adopted the ISO/IEC 19770-1 standard as the framework for your efforts.

TIP #48 - July 2020: Collaboration between ITAM and other (compliance) colleagues, based on ISO standards, can be beneficial to all in reaching your goals

You are not the only compliance professional within your organisation, and note that there are other interesting ISO standards out there as well.

Information Security is usually managed by dedicated officers that use the ISO/IEC 27001 standard to base their practices on. ISO/IEC 27001 is not just about what technical measures are in place, but also about business controls and management processes. To ensure processes are adequate and proportionate for the information security threats and opportunities that have been identified and evaluated during a risk assessment. Many of the concepts and controls will already sound familiar to you as an ITAM professional:

  • The method of evaluating risk is to consider the impact on Confidentiality, Integrity, and Availability (CIA) of the information asset.
  • DTAP
  • RBAC
  • PDCA (cycle)

As you can see, there are obvious overlaps with ITIL, ISO/IEC 19770, ASL and BISL, to name only a few. And the similarities do not end there. The ISO standard has sections that describes controls for Asset management, Operations security and System acquisition, Development and Maintenance. Needless to say that, working closely together, sharing data and insights, can be beneficial and help all involved to reach their goals.