Jamf Blog
October 3, 2022 by Jesus Vigo

Trustworthy Data - How to Leverage Jamf to Satisfy ISO/IEC 19770-1

This JNUC presentation will demonstrate how to leverage the Jamf discovery and reporting to meet and exceed the 19770-1 requirements and achieve the cost optimization results ITAM programs promise.

Information Technology Asset Management (ITAM) and Software Asset Management (SAM) are two models that despite long-standing beliefs in the benefits to organizations, “few companies see any real results” according to Jeremey Boerger of Boerger Consulting, LLC.

Boerger explains that this does not need to be the case, as a solution already exists within the ISO/IEC 19770-1:2017 Maturity Model, allowing organizations to realize these benefits once they properly understand the requirements.

What are ITAM and SAM?

IT Asset Management is a plan or framework that allows for the structured lifecycle management of all IT assets. Some of the organizational benefits of implementing and aligning your organization’s IT assets with a management framework, like the Information Technology Infrastructure Library (ITIL) are:

  • Maximize value
  • Control costs
  • Manage risk
  • Meet compliance and contractual requirements
  • Support decision-making surrounding IT assets

Similarly, Software Asset Management is an aspect of ITAM that focuses on the lifecycle management of software-related assets, including:

  • Acquisition
  • Development
  • Release
  • Deployment
  • Maintenance
  • Retirement

SAM procedures specifically realize the following benefits to an organization’s software assets:

  • Effective management
  • Control
  • Protection

What is ISO/IEC?

During the presentation, the ISO/IEC 19770-1:2017 Maturity Model is discussed at great length, but for those unfamiliar, let’s go over what the ISO/IEC is and what the organization is known for.

International Organization for Standardization & International Electrotechnical Commission (ISO/IEC), according to Wikipedia, is “an independent standards-setting body to promote international agreements and worldwide best-practice assurances to commercial, industrial and manufacturing endeavors.”

In lay terms, ISO/IEC is an international body that sets standards relating to the setting and maintenance of best-practice assurances relating to security and compliance within manufacturing, commercial and industrial operations. Since it is globally recognized, it does not set standards for any particular country or region but establishes and promotes best practices within the industries they support.

What makes data “trustworthy”?

Throughout his presentation, Boergeruses the word trustworthy to connote the quality of data. Speaking to the validity of the data being gathered and made actionable through decision-making practices.

In other words, Boerger is posting the question: Is the data your organization obtains — and thereby uses to base decisions on — accurate and reliable?

As it relates to the bigger picture as it relates to Jamf’s ability to manage IT and software assets, Boerger asks “How do we prove that Jamf is seeing the entire environment that it should?”

The logic behind asking such a question relates directly to the quality of the data being gathered. Put another way, if you quantify the data then you can’t trust the information being gleaned from that data.

And here is where ITAM and SAM work in tandem to, in essence, prove that Jamf (as the device management solution) is in fact seeing and communicating with each piece of equipment within the organization. This means that when that data is collected by Jamf and shared with other tools in your stack, such as the Configuration Management Database (CMDB) or Security Information and Event Management (SIEM) solution, the “trustworthiness” of the data is initially verified and passed on to Jamf should retain its integrity when passed on to the next tool in your infrastructure, ensuring the chain of custody, or in this case, trust.

Register for JNUC to access this session as well as other sessions on demand.

Photo of Jesus Vigo
Jesus Vigo
Jamf
Jesus is a Copywriter, Security focused on expanding the knowledge base of IT, Security Admins - generally anyone with an interest in securing their Apple devices - with Apple Enterprise Management and the Jamf solutions that will aid them in hardening the devices in the Apple ecosystem.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.