Forum Replies Created
-
Posts
-
You can’t really have one without the other. You can but it’s not going to be as effective. You need communication to create awareness and get buy in. But without education you aren’t going to be able to build expertise and ensure compliance. You have to do both. It would depend on what your program needed at that time.
Personally, I need to focus on the Compliance Management KPA first. We have a program and policies to accompany it.
Consequences will have to be reviewed on a case by case basis. Examples of some consequences based on severity of the infraction would be education intervention, escalation and formal warnings, restricted access or privilege’s, financial penalties, formal disciplinary actions, finally legal/contractual actions.
Current Process:
Request Submission:
Employee or manager submits an asset request via email or ticketing system.
Approval Workflow:
The request goes through multiple layers of approval (e.g., manager, finance, IT).
Procurement:
The procurement team sources the asset from vendors, often waiting for quotes or approvals.
Configuration and Setup:
IT receives the asset, configures it with required software, and ensures compliance.
Deployment:
The asset is delivered to the employee, often with limited tracking of assignment.Simplified Process:
1. Centralized Self-Service Portal
2. Automated Approval Workflow
3. Vendor Integration
4. Standardized Configurations
5. Tracking and Asset Assignment
6. Streamlined Deliverywe are a hybrid organization and one in a consortium. So communication will be a primary focus for rolling things out properly.
ITAM Manager
Responsibility: Oversee the ITAM program, including policy creation, lifecycle management, and compliance.
Critique: This role is often stretched thin.Procurement Team
Responsibility: Handle vendor negotiations, purchase approvals, and contract management.
Critique: Procurement may lack technical knowledge of software licensing models or cloud agreements, leading to suboptimal decisions.Finance Team
Responsibility: Budgeting, cost analysis, and ensuring ROI for IT assets.
Critique: Finance often focuses on cost reduction but may not understand the strategic importance of ITAM in driving long-term savings.IT Department
Responsibility: Implement and manage ITAM tools, provide technical support, and integrate ITAM with broader IT processes.
Critique: IT may view ITAM as secondary to operational priorities, leading to delays in implementation or data integration.HR
Responsibility: Facilitate onboarding and offboarding processes, including asset assignment and recovery.
Critique: HR may not always coordinate effectively with ITAM, leading to gaps in tracking assigned devices or reclaiming them during employee transitions.Executive Sponsor
Responsibility: Champion ITAM at the strategic level, secure resources, and ensure alignment with organizational goals.
Critique: The executive sponsor may not always be actively engaged, leaving ITAM without necessary advocacy or resources.Key Stakeholders That Might Be Missing
Cybersecurity Team
Role: Ensures IT assets meet security standards, particularly in managing shadow IT or mobile devices.
Why Important: Cybersecurity integration can help identify risks associated with unmanaged devices and ensure compliance with data protection regulations.Data Analysts/BI Specialists
Role: Analyze ITAM data for insights into asset utilization, cost savings, and performance.
Why Important: Dedicated analysts can uncover trends and opportunities that might go unnoticed, driving continuous improvement.I don’t foresee having to negotiate much. It’s pretty clear what needs done. I’m aligned with my executive on this.
We will have all the roles. The only one we don’t have is legal but we have an external agency that we can use if needed.
IS Map
Description: The current state of the ITAM workflow, showing how software licenses are managed today.Procurement:
Individual departments often purchase software independently.
Limited oversight from central ITAM or Procurement teams.
Software is occasionally purchased without considering compliance or cost efficiency.Asset Tracking:
A mix of spreadsheets and outdated tools is used to track licenses.
Data is incomplete and inconsistently updated.
Shadow IT purchases are not included in tracking.Compliance:
Compliance checks are reactive, typically occurring during audits.
High risk of non-compliance due to poor visibility into usage and licensing.Disposal:
Minimal efforts to track end-of-life for software.SHOULD Map
Description: The ideal state of the ITAM workflow, showing how software licenses should be managed.Procurement:
All software acquisitions go through a centralized procurement process.
ITAM teams review and approve all purchases based on compliance and budget considerations.
Standardized software options are provided to streamline decision-making.
Asset Tracking:A centralized ITAM system with automated discovery tools tracks all licenses in real time.
Shadow IT purchases are minimized through employee education and stricter policies.
License data is accurate, comprehensive, and easily accessible.
Compliance:Regular compliance audits are proactively conducted.
Automated tools flag non-compliance risks and optimize usage.
Licenses are monitored to avoid over-purchasing or under-utilization.
Disposal:Expired or unused licenses are systematically reclaimed and reallocated.
Clear processes are in place for decommissioning and retiring software.IS Map
Description: The current state of the ITAM workflow, showing how software licenses are managed today.Procurement:
Individual departments often purchase software independently.
Limited oversight from central ITAM or Procurement teams.
Software is occasionally purchased without considering compliance or cost efficiency.Asset Tracking:
A mix of spreadsheets and outdated tools is used to track licenses.
Data is incomplete and inconsistently updated.
Shadow IT purchases are not included in tracking.Compliance:
Compliance checks are reactive, typically occurring during audits.
High risk of non-compliance due to poor visibility into usage and licensing.Disposal:
Minimal efforts to track end-of-life for software.
