NSW Government Software Asset Management Standard€¦ · NSW Government Software Asset Management Standard Version 1.0 October 2014 [email protected] ICT Services Office

NSW Government

Software Asset Management

Standard

Version 1.0

October 2014

[email protected] ICT Services Office of Finance & Services Level 23, McKell Building 2-24 Rawson Place SYDNEY NSW 2000

mailto:[email protected]

Software Asset Management Standard

2

CONTENTS

1. CONTEXT 3

2. KEY PRINCIPLES 4

3. REQUIREMENTS 4

DOCUMENT CONTROL 8

APPENDIX A – SAM PROCESS FRAMEWORKS 9

APPENDIX B – CORE SOFTWARE ASSET MANAGEMENT PROCESSES 11

APPENDIX C – CORE SOFTWARE ASSET MANAGEMENT PROCESSES MAPPED TO ISO/IEC 19770-1 17

APPENDIX D – REFERENCES 19

APPENDIX E – STANDARDS 20


3

1. CONTEXT

1.1. Background

This Software Asset Management (SAM) Standard is a technical standard developed through the NSW ICT Procurement and Technical Standards Working Group (PTS Working Group). The standard contains technical and business requirements that agencies should consider when procuring SAM services.

By defining common government requirements, the standard provides an opportunity to leverage whole of government buying power and reduce inefficiencies.

A substantial proportion of an agency’s ICT expenditure is allocated to purchasing, maintaining and operating software. The SAM standard will assist agencies in maintaining strategic oversight of their software assets, and will help agencies optimise their software environments.

1.2. Purpose

The purpose of this standard is to assist NSW Government agencies to develop, procure and implement SAM solutions and tools, as well as take full advantage of the benefits of SAM solutions and tools.

It details the issues that need to be considered so each agency can identify the available options that best suit their business requirements, helping agencies achieve value for money through cost savings and improved flexibility of service offerings.

1.3. Scope and application

This standard applies to all NSW Government departments, statutory bodies and shared service providers. It does not apply to state owned corporations, but is recommended for adoption.

This standard does not exhaustively cover all agency specific considerations. Agencies may need to asses any specific requirements they have in addition to those detailed in this standard.

1.4. Policy

The NSW Government ICT Strategy sets out the Government’s plan to build capability across the NSW public sector to deliver better, more customer-focused services that are available anywhere, anytime, and derive better value from the Government’s annual investment in ICT.

Developing whole of NSW Government ICT technical standards is a key initiative of the NSW Government ICT Strategy, with this work being driven by the PTS Working Group. The standards are designed to be consistent with NSW Government ICT Strategy and NSW Government Cloud Services Policy and Guidelines objectives, and they support the development of the NSW Government’s ICT Services Catalogue.

The standards set out service definitions as minimum requirements that suppliers must meet to be able to offer their services through the NSW Services Catalogue. This helps achieve consistency across service offerings, emphasising a move to as a service sourcing strategies, and it signals government procurement priorities to industry.

This standard should be applied with existing standards, policies and guidance that make up the NSW Information Management Framework, as set out in the Information Management: A Common Approach, and including the NSW Digital Information Security Policy.

NSW Government agencies must carefully consider their obligations to manage government data and information. Contract arrangements and business processes should address


4

requirements for data security, privacy, access, storage, management, retention and disposal. ICT systems and services should support data exchange, portability and interoperability.

More information on the development of standards for the ICT Services Catalogue is at Appendix E – Standards.

1.5. The ICT Services Catalogue

This catalogue provides suppliers with a showcase for their products and services, and an opportunity to outline how their offerings meet or exceed standard government requirements. The standards, together with supplier service offerings in the ICT Services Catalogue, help to reduce red tape and duplication of effort by allowing suppliers to submit service details only once. The offerings are then available to all potential buyers, simplifying procurement processes for government agencies.

Implementing this category management approach will embed common approaches, technologies and systems to maintain currency, improve interoperability and provide better value ICT investment across Government.

2. KEY PRINCIPLES

The following principles guide the development and implementation of this standard.

Facilitating as a service: Specification of environments should support agencies in moving to as a service sourcing models.

Interoperability: Meeting this standard should help agencies achieve application and hardware interoperability, ensuring that agency computing environments enable appropriate information sharing across devices and applications.

Mobile and flexible: Environments should support modern office work practices, including flexible and/or activity based working or hot desking.

Vendor / operating environment agnostic: Environments should be vendor and operating system agnostic. Devices such as laptops, notebooks, thin-clients etc. should be able to connect to, and access the network. The network should also be fully compatible with widely used operating environments.

3. REQUIREMENTS

3.1. SAM system deliverables

In accordance with recognised standards an effective SAM system should:

Capture information about software assets and their use

Support core tasks and functions

Manage the software asset lifecycle

Support business objectives and outcomes

Promote responsible SAM, and

Deliver best practice

3.1.1. Capturing information

The SAM system should incorporate the ability to capture accurate, complete information about the software assets and their use. This may include asset discovery tools, deployment records and procurement records. This may also involve deploying software asset registers or logs to record the software assets that the agency owns, as well as software asset audit and metering tools to track where and how agency software is used.


5

3.1.2. Supporting core tasks and functions

The SAM system should assist the agency to perform its core asset management tasks including asset identification, control, and licence compliance monitoring. This includes enabling the agency to complete software licence optimisation, rationalising its software portfolio by reallocating, re-harvesting and deploying software licences where appropriate. The system should enable the agency to readily and reliably plan for its future software needs, including identifying opportunities for retirement, portability or pooling for planned projects.

3.1.3. Managing the software asset lifecycle

The SAM system should address the full asset lifecycle, from identifying business requirements to the retirement of the asset. The system should provide interfaces into other systems that enable the agency to manage, change, acquire, develop and deploy software, as well as manage incidents and exceptions. It should enable the agency to manage software retirements, including identifying opportunities for reuse where permissible under licence agreements.

3.1.4. Supporting business objectives and outcomes

The SAM system should assist agencies in achieving their business objectives. Objectives may include improving worker productivity and mobility by allowing the agency to scale and deploy its software assets as needed, assisting the agency to manage the cost of its software assets more effectively, and managing the risks associated with software licencing. Ultimately, the SAM system should assist the agency to achieve a better return on its software investments.

3.1.5. Promoting responsible SAM

Agencies deploying SAM systems should establish and implement internal policies and controls that help them to manage the system appropriately. This includes clarifying employee obligations for compliance with copyright and information management legislation, as well as controls that ensure potential or actual breaches are quickly addressed and remedied. To ensure this occurs, the SAM system should include education and communication strategies to assist employees at all levels understand their responsibilities.

3.1.6. Delivering best practice

Agencies should utilise a system that aligns with or addresses the elements of one of the standards for SAM. This standard references ISO/IEC 19770-1 and ITIL v3 SAM, which are internationally recognised.

The process frameworks for these standards are shown in Appendix A, and the elements of the ISO standard are detailed in Appendix B. There are other widely recognised standards such as COBIT 5, and others may become available over time. Appendix C shows core software asset management processes mapped to ISO/IEC 19770-1, and Appendix D lists other references.


6

3.2. SAM competency

Agencies can assess their current SAM competency or the capability of their SAM system against the four broad levels as described in Table 1, or on the basis of the core SAM elements (to be) implemented as per Table 2 and described in detail in Appendix B.

Table 1: SAM Capability Classifications

SAM implementation

Description

Reactive SAM Most manual processes, ad-hoc purchasing and compliance risks due to limited licensing procedures.

Proactive SAM Defined and standard software purchasing, deployments and security updates. Organised licensing and standardised policies.

Managed SAM Managed acquisition processes and policies, centralised asset tracking and management. Visibility and control of asset costs, savings, governance and liabilities.

Optimised SAM Optimal acquisition and redeployment cycles, efficient business infrastructure with agile and adaptable IT solutions. Optimised insight into agency assets for current needs and future plans.

The four levels of intended or implemented SAM capability or competency are listed in the first column in the table below. The corresponding required processes to be adopted from the ISO standard are ticked in the columns. As noted throughout, compliance can be to any appropriate standard, providing the agency is satisfied that the business outcomes it requires from SAM are being achieved.


7

Table 2: SAM Processes and Capability / Competency Matrix

Software Asset Management Capability or Competency

Core Software Asset Management Processes

Soft

war

e as

set

id

enti

fica

tio

n

Soft

war

e as

set

inve

nto

ry

Soft

war

e as

set

con

tro

l

Ap

plic

atio

n

gove

rnan

ce

Dep

end

ency

an

alys

is

Soft

war

e as

set

veri

fica

tio

n

Soft

war

e lic

ence

co

mp

lian

ce

Soft

war

e a

sset

se

curi

ty

Co

nfo

rman

ce

veri

fica

tio

n

Rel

atio

nsh

ip a

nd

co

ntr

act

mgm

t.

Fin

anci

al

man

agem

ent

Serv

ice

leve

l

man

agem

ent

Secu

rity

man

agem

ent

Reactive SAM

Proactive SAM

Managed SAM

Optimised SAM


8

DOCUMENT CONTROL

Document history

Status: Final

Version: 1.0

Approved by: NSW Procurement & Technical Standards Working Group

Approved on: 23/9/2014

Issued by: NSW Office of Finance & Services

Contact: [email protected]

Telephone: (02) 9372 7445

Review

This standard will be reviewed in 12 months. It may be reviewed earlier in response to post-implementation feedback from agencies.

mailto:[email protected]


9

APPENDIX A – SAM PROCESS FRAMEWORKS Table 3 below summarises, at a high level, the ISO/IEC 19770-1 Process Framework for SAM, while Table 4 on the following page outlines the ITIL Process Framework.

Table 3: ISO/IEC 19770-1 Process Framework for SAM

Governance

Control environment

Governance structures

Roles and responsibilities

Policies, processes and procedures

Capabilities and competence

Planning and implementation processes

Planning Implementation Monitoring and review Continuous improvement

Core SAM processes

Inventory processes

Software asset identification

Software asset inventory management

Software asset control

Verification and compliance processes

Software asset record verification

Software licensing compliance

Software asset security compliance

Conformance verification

Operations management processes and interfaces

Relationship and contract management

Financial management

Service level management

Security management

Primary process interfaces for SAM

Software lifecycle

Change management Software development

Software deployment Problem management

Acquisition Software release management

Incident management Retirement

A detailed explanation of the expected core SAM processes mentioned in the table above is contained in Appendix B.


10

Table 4: ITIL v3 Process Framework for SAM

Overall management processes

Overall management responsibility

Risk assessment Policies and procedures

Competence, awareness and training

Performance metrics and continuous improvement

Service continuity and availability management

Core asset management processes

Asset identification Status accounting Asset control Database management

Financial Management

Logistic Processes

Requirements definition Design Evaluation Procurement

Build Deployment Operation Optimisation

Retirement


Verification and audit Licensing compliance Security compliance Other compliance

Relationship processes

Contract management Supplier management

Internal business relationship management

Outsourcing management


11

APPENDIX B – CORE SOFTWARE ASSET MANAGEMENT PROCESSES

A. Inventory processes


The SAM system should enable the agency to ensure necessary classes of assets are selected and grouped. Assets should be defined, recorded and sorted by appropriate characteristics that enable effective and efficient control of software and related assets.

The SAM system should include a Software Asset Register that meets the following minimum software identification requirements:

The register should identify the type of software assets to be controlled and information associated with them formally defined, taking into account:

o Items to be managed are chosen using established selection criteria, and grouped, classified and identified to ensure manageability and traceability throughout their lifecycle.

o Basic information, including: Software vendor Software title Software edition Software version Licence type/model Number of licences owned Contract numbers relating to purchase UNSPSC code (if available) System owner / product manager (where appropriate) Support and maintenance status.

o Items to be managed include:

Definitive Software Master List – List of all software approved for use in the organisation Contracts related to software assets regardless of format Licence agreements (including end user licence agreements, “click through” licence

agreements and freeware licence agreements etc.), incorporating terms and conditions Proof of purchase.

A Hardware Asset Register should be used to capture relevant details relating to hardware asset classes, namely: o Location (where appropriate) o System owner o Status (test/development/production etc.) o Type (software, hardware facility etc.) o Platforms on which software assets can be installed/run o Changes to assets o Hardware inventory including locations are verified on a regular (minimum six monthly) basis

including reporting identified exceptions.


The SAM system should enable the agency to ensure physical instances of software assets are properly stored and that required data characteristics for all assets/configuration items are accurately recorded throughout the lifecycle.


12

To achieve these goals, the system should include the following:

Definitive Software Master List: media library (including copies of all versions/patches of all software currently in use in the environment).

Definitive Software Master List: documentation (a copy of each piece of documentation relating to each software title installed in the environment).

Definitive Software Master List: licences and proof of purchase (including all base licences, upgrades, cross grades etc.).

Copies of all software patches relating to software currently installed in the environment

Installed software (including version, editions, patches etc.).

Software packages authorised for deployment.

Software asset control

The SAM system should enable the agency to control its software assets while maintaining a record of changes to its software asset holdings. The software asset controls should allow the agency to demonstrate that:

An audit trail is maintained with changes made to software including changes in status, location, custodianship and version.

Appropriate policies, processes and procedures are approved and issued for development, maintenance and management of software versions, images, builds and releases.

B. Verification and compliance processes


The SAM system should enable the agency to ensure records are accurate and maintained in accordance with information management requirements. The system should include processes for software asset record verification, including:

Verification of installed software reporting to ensure accuracy at least.

Minimum quarterly – reconciliation between what is installed and what was authorised for installation across the environment.

Inventory and verification of the Definitive Software Master List – media library, licence and proof of purchase conducted on a half yearly basis.

Contract documentation related to software assets verified for completeness at least annually. Any issues, problems or exceptions to the above are documented, root-cause analysis is performed and remediation activities undertaken to achieve correction. All findings and remediation activities to be fully documented.


The SAM system should enable the agency to ensure all software is licensed correctly and that contractual and licence terms and conditions relating to software installation and usage are met. The system should include policies, processes and procedures to ensure that employees comply with their software licence management obligations and terms of use, including:

Procurement policy.

Deployment/installation policy.

Usage policy.

Regular confirmation of effective licence position.

Recording of discovered compliance issues in the Software Risk Register.

Appropriate remediation actions are taken and recorded.

The root cause of the issue is determined and action is taken to address it.


13


The agency should ensure physical and technical security measures related to the storage of software and related assets prevent unauthorised access or use. Implementation of the SAM system should enable the agency to:

Report on who has had access to the software media and licence keys.

Identify which purpose the software was accessed for.

The date of access and return.

Report on actions taken to address unauthorised or extended access.


The SAM system should enable the agency to monitor and ensure conformance with regulatory requirements and best practice standards. Agencies should be in a position to demonstrate that:

Policies and procedures are developed, approved and issued for verifying compliance with their selected standard.

Verification procedures are being performed annually and that corrective follow-up action is taken on identified exceptions.

C. Operations management processes and interfaces

The SAM system should enable the agency to execute the operational management functions that are essential to achieving overall SAM objectives and benefits.


The SAM system should enable the agency to manage its relationships with other organisations, including its contracts and contractual relationships for software and related assets/services. Implementation of the system will enable the agency to demonstrate:

Policies and procedures are developed, approved and issued for managing relationships with suppliers providing software and related assets/services to include: o Definition of responsibilities for supplier management with individuals assigned to have clear

overall responsibility for managing suppliers.

o Formal documented reviews at least half yearly of supplier performance, achievements and issues, with documented conclusions and decisions about actions to be taken.

Policies and procedures developed, approved and issued for management of customer-side relationships including: o Definition of responsibilities for managing customer-side business relationships with respect to

software and related assets/services.

o Regular reviews of current/future software requirements across the agency as a whole.

o Formal documented annual reviews of service provider performance, customer satisfaction, achievements and issues, with documented conclusions and decisions about any actions to be taken.

Policies and procedures developed, approved and issued for managing contracts including: o Ensuring contractual details are recorded in an on-going contract management system as

contracts are signed.

o Copies of all signed contractual documentation securely maintained in a document management system in addition to keeping original signed documents.

o Half-yearly documented reviews prior to contract expiry, and all contracts with documented conclusions and decisions about actions taken.


14

Financial management

The SAM system should enable the agency to appropriately budget and account for its software and related assets. Implementation should allow the agency to achieve the following:

Definitions of financial information relevant to management of software and related assets are agreed with relevant parties and documented by asset type.

Formal budgets are developed for acquisition of software assets and related support.

Actual expenditure on software assets and related support and infrastructure costs is accounted for against budget.

Clearly documented financial information is available about software asset values (including but not limited to historical and/or depreciation costs).

Formal documented quarterly reviews of actual expenditure against budget with documented conclusions and decisions about any actions required.

Security management

Manage information security effectively with all SAM activities and support approval requirements related to SAM. Implementation will enable agencies to demonstrate:

Formal policy is developed and approved regarding security/access restrictions for all SAM resources, including physical/electronic stores of software builds/releases.

Access controls are specified, both physical and logical, to enforce the approval requirements of SAM policies.

There is documentary evidence showing that specified access controls are implemented in practice.

D. MANAGING THE SOFTWARE LIFECYCLE

An effective SAM system should be closely integrated with standard management processes.

Change management

Ensuring effective integration between the SAM system and the change management process will enable the agency to demonstrate that a formal process exists, requiring that:

All change requests that affect software and/or SAM processes are identified and recorded.

All change requests that affect software and/or SAM processes are assessed and approved via a formal change process that includes SAM representatives.

The success or failure of changes is documented and periodically reviewed.

Acquisition

Effective integration between the SAM system and the procurement process will allow the agency to demonstrate that:

The relevant standard architectures are defined for the provision of software services, as well as criteria for deviating from those standards.

Standard software configurations are defined, as are criteria for deviating from those standards.

Standard software procurement methods are defined, as are criteria for deviating from those standards.

Software approved for use is detailed in the Software Catalogue indicating editions, versions and approved acquisition method.


15

Policies and procedures are developed, properly authorised and issued for requisitioning and ordering software and related assets, including:

o How requirements are specified.

o Management and technical approvals required.

o Use/redeployment of existing licences if available.

o Recording future purchase requirements for those cases where software can be deployed before reporting and payment.

o Acquisition method and approved exceptions.

Policies and procedures developed, properly authorised and used for receipt-processing functions related to software and related assets including:

o Processing invoices, reconciliations to orders and retention of copies for licence management purposes.

o Receipting and safe-keeping valid proof of licence for all licences purchased.

o Processing incoming media including requirements for verification, record-keeping and safe-keeping of contents (physical and electronic).

Software development

Effective integration between the SAM system and the software development process will allow the agency to demonstrate:

That, where practical, software development is occurring in a segregated environment.

That a formal process for software development exists and considers standard architectures and configurations, licence constraints and dependencies.

Formal process for software development to include SAM requirements and controls.

Software release management

Effective integration between the SAM system and the software release process will allow the agency to demonstrate that:

Release of software is approved by the responsible management.

Result of the release is recorded and periodically reviewed.

Software deployment

Effective integration between the SAM system and the software deployment process will allow the agency to demonstrate that:

Distribution of software and related assets is approved by the responsible management.

Security requirements are complied with, including over access to software being distributed and after installation.

All changes to the status of relevant software are recorded accurately and in a timely fashion including any change of custodianship, and an audit trail of changes is kept.

Documented control to verify what was deployed is the same as authorised for deployment.

Success or failure of deployments is recorded and periodically reviewed.


16

Incident management

Effective integration between the SAM system and the incident management process enables the agency to demonstrate that:

All incidents that affect software/related assets or SAM processes are recorded and classified as to their priority for resolution.

All such incidents are resolved in accordance with priority for resolution and the resolution is documented.

Problem management

Effective integration between the SAM system and the Problem Management process enables agencies to demonstrate that:

All incidents that affect software and/or related assets and/or services, along with SAM processes, are recorded and classified as to their impact.

High priority and repeat incidents are analysed for underlying causes and prioritised for resolution.

Underlying causes are documented and communicated to incident management.

Problems are resolved in accordance with priorities for resolution and the resolution is documented and communicated to incident management.

Retirement/re-harvesting

The SAM system should assist the agency to ensure that software and related assets are removed, recycled and reused as appropriate and in compliance with information management requirements. The system should enable processes to ensure that:

Deployed copies of software are removed from retired hardware (where it is permitted for licences to be removed).

Licences and other assets which can be redeployed are identified for redeployment.

Assets transferred (re-harvested) to other parties, and are transferred taking into account any confidentiality, licensing or other contractual requirements.

Licences and other assets that cannot be redeployed are properly disposed of.

Records are updated to reflect the changes above, and audit trails are maintained of all changes.


17

APPENDIX C – CORE SOFTWARE ASSET MANAGEMENT PROCESSES MAPPED TO ISO/IEC 19770-1

P

lan

nin

g

Pro

cu

rem

en

t

So

ftw

are

man

ag

em

en

t

Co

ntr

act

man

ag

em

en

t

Mo

nit

ori

ng

&

rep

ort

ing

Inventory processes


The scope of software assets controlled should be defined and address software entitlement (product and version), proof-of-licence, contracts/agreements, media and software deployment.


A central and comprehensive inventory of software assets (physical and electronic) should be maintained to record installed software and software licences. Activities to ensure that the inventory is effectively maintained must be embedded broader SAM processes.

Software asset control Processes to control and record changes to software assets should be embedded within the SAM system to ensure that an appropriate audit is maintained.

Application governance Processes to control and record types, versions, OEM and outcomes of all applications deployed across the enterprise to ensure redundancies in types of applications are effectively monitored, managed and where appropriate collated.

Dependency analysis Processes to control and record operational and technical requirements “dependencies” driving deployment to map dependency of commissioned ICT capabilities against the type and number of applications so deployed, and where applicable, enterprise wide licence portability, licence re-harvesting, active obsolescence management and eliminating redundancies across both licence numbers and types.



Controls should be established to detect and manage deviations in SAM processes and ensure that accurate software asset records are maintained.


Effective processes should be established to ensure that licensing terms are understood and there are regular licence reconciliations performed to verify that software is being used under the terms of the licence.


Effective processes and controls should be established to prevent unauthorised installation of software and detect any deviations to the standard processes.


NSW Government aims to implement standards based on parts of the ISO/IEC standards however there is no requirement for ISO certification. Deviations from the SAM system should be addressed.


18

P

lan

nin

g

Pro

cu

rem

en

t

So

ftw

are

man

ag

em

en

t

Co

ntr

act

man

ag

em

en

t

Mo

nit

ori

ng

&

rep

ort

ing

Operations management processes and interfaces


Effective processes and controls should be established to address relationship and contract management for SAM in line with corporate policies and procedures.

Specific considerations relating to effective relationship and contract management for SAM should be addressed through:

Identifying a relationship owner for each vendor relationship

Engaging with the appropriate commercial authority (as required)

Ensuring that the terms of the licence are understood and complied with

Vendor driven activities (e.g. true up, audit or maintenance / subscription renewals) are completed in line with the terms of the licence

Periodic forecasting of long-term software requirements.

Financial management Regular reporting of software related spend should be established. The requirements of the financial reporting must be determined by the organisation-wide financial management practices.

Service level management

Service levels should be embedded within the SAM system to measure the effectiveness of the processes.

Security management Effective security management controls should be established to ensure that access to the software asset inventories (physical and electronic) is appropriately restricted.


19

APPENDIX D – REFERENCES

Agencies should have regard to the following statutes, NSW Government policies and standards:

AS/NZS ISO 31000 Risk management – Principles and guidelines

Copyright Act 1968

Electronic Transactions Act 2000

Government Information (Information Commissioner) Act 2009

Government Information (Public Access) Act 2009

Health Records and Information Privacy Act 2002

Information Technology Infrastructure Library (ITIL) v3

ISO/IEC 19770-1 Software Asset Management

NSW Digital Information Security Policy

NSW Government Cloud Services Policy and Guidelines

NSW Government Open Data Policy

NSW Government ICT Strategy

NSW Government ICT Technical Standards – Mobility Standard

NSW Government Digital Information Security Policy

NSW Government ICT Strategy and Implementation Update 2013-14

NSW Government Information Classification and Labelling Guidelines

NSW Procurement: Small and Medium Enterprises Policy Framework

Privacy and Personal Information Protection Act 1998

Public Finance and Audit Act 1983

Public Interest Disclosures Act 1994

State Records Act 1998

TPP 09-05 – Internal Audit and Risk Management Policy for the NSW Public Sector

http://www.treasury.nsw.gov.au/__data/assets/pdf_file/0020/15077/tpp09-5_dnd.pdf


20

APPENDIX E – STANDARDS

Developing standards

Development of a standard begins with identifying the need for a new standard, which is followed by the development of the standard in consultation with the industry and experts groups, including the Australian Information Industry Association (AIIA).

The following diagram outlines the process.

The PTS Working Group is chaired by the Office of Finance and Services and includes senior representation from across the NSW Government clusters. Agencies engage with the PTS Working Group concerning services for inclusion in the ICT Services Catalogue. This drives the development of technical standards, where none exist. The PTS Working Group has the leading role in reviewing and endorsing the technical standards developed in response to agencies’ requirements. The PTS Working Group is supported by two sub groups responsible for the areas of Telecommunications and Services & Solutions. The sub-groups are responsible for initial development and review of standards relating to their areas of responsibility.

Management and implementation

There is scope to modify standards through the NSW ICT governance arrangements as necessary. Standards are designed to add value, augment and be complementary to, other guidance, and they are continually improved and updated.

This standard does not affect or override the responsibilities of an agency or any employee regarding the management and disposal of information, data, and assets. Standards in ICT procurement must also address business requirements for service delivery.

NSW Procurement facilitates the implementation of the standards by applying them to the goods and services made available through the ICT Services Catalogue. Standards will also be available on the ProcurePoint web site.

Need for new or amended standard

identified

Standard developed (Industry/agencies

consulted)

Standard approved and released by PTS Working Group

Market engagement for services which meet

the standard

Services added to Catalogue

Business requirements change

https://www.procurepoint.nsw.gov.au/before-you-supply/standard-contract-templates-lp/procure-it-framework-version-30

Documents

NSW Government Software Asset Management Standard€¦ · NSW Government Software Asset Management Standard Version 1.0 October 2014 [email protected] ICT Services Office