Are your agency’s IT asset and service management processes compliant with standards and policies set by OMB, NIST, OGP, and other bodies? In this post, the fifth in our series on the FedITAM Framework, we’ll take a look at the questions you should be asking yourself to ensure that you’re on top of the many and changing guidelines for data, software, and hardware management.
Three Questions to Ask When Examining Policy and Standard Compliance
What Federal policies and guidelines govern particular categories of IT assets?
To answer this question, generate category-by-category reports of all your IT assets, research the applicable polices and standards for each category, and, to save time in the future, associate notes about those policies and standards to each item. In SAManage, a good way to do this is to add a contract for each policy or guideline and associate it with all applicable items.
How are we working toward compliance with the International Organization for Standardization (ISO) 19770, the United Nations Standard Products and Services Code (UNSPSC), and other current or emerging global standards?
Take the UNSPSC, for example: have you tagged your assets according to this global multi-sector classification standard? If not, visit the United Nations Standard Products and Services Code site and find out more. To learn more about tagging software in compliance with ISO 19770, check out the ISO/IEC 19770-2:2009 page.
What are current ITAM policy guidelines issued by the Office of Management and Budget (OMB), National Institute of Standards & Technology (NIST), and the Office of Governmentwide Policy (OGP); and is our agency in compliance?
Do your network architecture and practices meet NIST security standards? Is the way you acquire new technology in line with the Office of Technology Strategy‘s policies? Keeping up with policy introductions and changes is challenging, though centralized, always up-to-date asset management software can make compliance far easier to achieve.