In the modern enterprise, software is no longer just a tool—it is the engine of business. However, managing that engine requires more than just a spreadsheet; it requires a global framework. That framework is ISO/IEC 19770.
The origins: From 2006 to today
The ISO/IEC 19770 standard was first introduced in May 2006 with the publication of Part 1. Originally designed specifically for software asset management (SAM), it has since evolved into a holistic IT asset management (ITAM) standard that covers hardware, software, and even cloud services.
- 2006: First introduction (Part 1 focused on SAM processes).
- 2012: Updated to a “Tiered” approach, allowing organizations to achieve ISO 19770 compliance in stages.
- 2017: A major rewrite aligned it with other ISO management systems (like ISO 9001 and 27001).
- 2024–2026: Current iterations now emphasize climate change reporting and cybersecurity asset management.
Decoding the core: Parts 1, 2, and 3
The ISO/IEC 19770 IT asset management standard is divided into several parts, but the first three form the core foundation of any mature ITAM program.
Part 1: IT asset management systems (The “How”)
ISO/IEC 19770-1 is the process standard. It defines the requirements for an organization to establish, implement, and maintain a management system for IT assets.
- Focus: Governance, lifecycle management, and “Trustworthy Data.”
- Application: It provides the “tiered” roadmap (Tiers 1–3) to move from basic inventory to full operational optimization.
Part 2: Software identification tags (The “What”)
ISO/IEC 19770-2 defines the SWID (software identification) tag. Think of this as a digital birth certificate for software.
- Focus: A standardized XML schema that software creators include in their products.
- Application: It allows discovery tools to instantly identify exactly what version, edition, and patch level of a software is installed without “guessing” based on file names.
Part 3: Entitlement schema (The “Rights”)
ISO/IEC 19770-3 defines the software entitlement tag (SET). This handles the “paperwork” of licensing.
- Focus: A digital representation of your “Right to Use”—the metrics, quantities, and dates associated with a license.
- Application: It bridges the gap between what is installed (Part 2) and what you own (Part 3), making automated license reconciliation possible.
Application in today’s software environment
In 2026, the application of ISO/IEC 19770 has moved far beyond simple audit defense. It is now a critical pillar for three major business functions:
The cloud & SaaS explosion
The standard now provides the framework for FinOps. By applying Part 3 (Entitlements) to SaaS subscriptions, companies can automatically identify “zombie accounts” and overlapping subscriptions in environments like AWS or Microsoft 365, leading to massive cost savings.
Cybersecurity asset management (CSAM)
You cannot secure what you cannot identify. ISO 19770-2 (SWID Tags) is now used by security teams to verify the integrity of software. If an executable doesn’t have a valid, signed tag, it is flagged as a potential security risk.
Sustainability and ESG reporting
The latest 2024/2025 updates to Part 1 require organizations to track the environmental impact of their IT assets. This includes the energy consumption of data centers and the lifecycle carbon footprint of the software being deployed.
Bridging the gap: How OpenLM applies ISO 19770 to engineering licensing
While general ITAM tools often struggle with the “heavy lifting” of specialized engineering software, OpenLM is architected to bring the precision of ISO/IEC 19770 to high-value assets like AutoCAD, MATLAB, and CATIA.
Achieving “trustworthy data” (Part 1)
ISO 19770-1 Tier 1 requires an organization to have a baseline of “Trustworthy Data.” For engineering firms, this is notoriously difficult because licenses are often floating or concurrent. OpenLM’s Broker technology provides the exact “real-time truth” the standard demands by querying over 150 different license managers (FlexNet, DSLS, RLM, etc.) to verify exactly who is using what, ensuring your baseline isn’t just a guess—it’s an audit-ready fact.
Specialized normalization (Part 2)
Part 2 of the standard is about identification. Engineering software rarely uses simple “install/uninstall” metrics; it uses complex “features” and “packages.” OpenLM’s software catalog acts as a translation layer. It takes raw discovery data from workstations and maps it to a normalized structure that aligns with the ISO 19770-2 philosophy, ensuring that a “feature string” in a license file is correctly identified as a specific, billable software asset.
Mastering the entitlement puzzle (Part 3)
Part 3 (entitlements) is where most companies fail. How do you map a “global concurrent license” with “follow-the-sun” rights into a standard schema? OpenLM’s entitlement tracking module allows you to input these complex legal rights and automatically reconcile them against live usage. This creates a “compliance position” that tells you not just if you have the software, but if you are using it within the specific rights defined in your vendor contract.
Conclusion
The ISO/IEC 19770 standard is no longer a “nice to have” for large corporations; it is a necessity for any organization looking to survive the complexity of modern IT. Whether you are aiming for tier 1 “trustworthy data” or full tier 3 optimization, this standard provides the only globally recognized map to success. By utilizing specialized tools like OpenLM, engineering-heavy organizations can ensure that even their most complex assets are fully aligned with this international benchmark.
