Information technology - Software asset management - Part 2: Software identification tag

CSA Group
Standards Development Organisation:
Canadian Standards Association (operating as CSA Group)
Working Program:
View the CSA work program
Designation Number:
CAN/CSA-ISO/IEC 19770-2
Standard Type:
National Standard of Canada - Adoption of International Standard
Standard Development Activity:
New Standard
Status:
Proceeding to development
SDO Comment Period Start Date:
SDO Comment Period End Date:
Posted On:

Scope:

This Standard establishes specifications for tagging software to optimize its identification and management.

This part of ISO/IEC 19770 applies to the following.

a) Tag producers: these organizations and/or tools create software identification (SWID) tags for use by others in the market. A tag producer may be part of the software creator organization, the software licensor organization, or be a third-party organization. These organizations and/or tools can broadly be broken down into the following categories.

  1. Platform providers: entities responsible for the computer or hardware device and/or associated operating system, virtual environment, or application platform, on which software may be installed or run. Platform providers which support this part of ISO/IEC 19770 may additionally provide tag management capabilities at the level of the platform or operating system.
  2. Software providers: entities that create, license, or distribute software. For example, software creators, independent software developers, consultants, and repackagers of previously manufactured software. Software creators may also be in-house software developers.
  3. Tag tool providers: entities that provide tools to create software identification tags. For example, tools within development environments that generate software identification tags, or installation tools that may create tags on behalf of the installation process, and/or desktop management tools that may create tags for installed software that did not originally have a software identification tag.

b) Tag consumers: these tools and/or organizations utilize information from SWID tags and are typically broken down into the following two major categories:

  1. software consumers: entities that purchase, install, and/or otherwise consume software;
  2. IT discovery and processing tool providers: entities that provide tools to collect, store, and process software identification tags. These tools may be targeted at a variety of different market segments, including software security, compliance, and logistics.

ISO/IEC 19770-2:2015 does not prescribe Information Technology Asset Management (ITAM) or other IT-related processes required for reconciliation of software entitlements with software identification tags or other IT requirements

Project need:

n/a

Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.

Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.