ITAM Policy: Before We Dive In
Before getting into the specifics of crafting an IT Asset Management (ITAM) policy, it’s helpful to revisit some general guidelines that apply to all policy documents.
Know Your Audience
Who will be reading your policy? Consider their familiarity with IT and their likely attention span. Brevity is key—aim to keep the formal text of your policy under four pages (excluding cover pages, annexes, and distribution lists). Also, minimize the use of IT acronyms and technical jargon. IT professionals love a good acronym, but not everyone reading your document will be from IT. If you must use acronyms, include a glossary at the end for reference.
Define What Good Looks Like
After reading your policy, the audience should have a clear understanding of the direction you’re proposing. A well-written policy outlines ongoing practices rather than setting specific, time-bound goals. If your policy includes targets that can be achieved in six months, those should be moved to an Operations Plan or a project plan, rather than being included in the policy itself.
Document Management
Every policy document should clearly state its ownership and management details. Who is responsible for the document? When was it published, and when is it due for review? Who should receive copies, and how will it be distributed? It’s also important to reference related documents and outline the scope of the policy. Remember, senior management may want to explore the topic further, so provide pointers to additional resources or related documents.
ITAM Policy: Getting to the Core
No discussion of ITAM policy would be complete without mentioning ISO 19770-1. A solid ITAM Policy is the cornerstone of an ISO Management System. Your ITAM Policy should address the “why” behind your IT asset management practices: What business goals are being targeted? What risks are being mitigated? What regulations or legislation is the company adhering to? Each “what” should be supported by a clear “why.”
ITAM Policy Example: Technical Debt
For example, consider a policy on technical debt:
“It is <company name’s> policy to adopt an N-2 approach for deployed software, where N represents the most recent release of a software title. This strategy allows <company name> to stay current with security fixes, protecting client data, and helps IT avoid the costly process of retrofitting solutions to support outdated technology. Additionally, this policy informs Procurement about which software titles should or should not be renewed during contract negotiations.”
This example clearly states the policy, the reason behind it, and the benefits. If leadership has questions or concerns, they can address them without needing a deep understanding of ITAM-specific terminology.
From Policy to Operations Plan
Once your ITAM Policy is established, the next step is to create an Operations Plan. This plan should expand on the policy’s headings, detailing how each aspect of the policy will be implemented. From a process perspective, this involves identifying the people and technologies needed to fulfill the processes outlined in the policy. Your process KPIs (Key Performance Indicators) should then demonstrate a clear link between the actions taken and the objectives of your ITAM Policy.
ITAM Policy: Defining Scope
Every policy has its boundaries. In ITAM, these boundaries might be vendor-specific or geographically defined, especially if your company operates internationally. Don’t hesitate to clarify which areas of the business your policy applies to and where it does not. You could even include a roadmap in your policy that outlines plans to expand its scope over time. In ITAM, your scope should be supported at an application level by a Supported Software Catalogue—this is the definitive list of software necessary for your organization, stored as a living document within your IT Service Management (ITSM) suite.
ITAM Policy: Additional Considerations
What other sections might you include in your ITAM Policy? Here are a few suggestions, though this list isn’t exhaustive:
- Mission Statement
- Vision
- Sustainability
- Digital Transformation
- Legislation & Regulation
- Compliance
- Risk Management
- ITAM & FinOps Integration
- Future-Proofing
- Hardware Management
ITAM Policy: Conclusion
With these guidelines, you should have a clearer roadmap for creating an effective ITAM Policy. A well-structured policy not only guides your organization’s IT asset management practices but also lays the groundwork for future operational plans and strategies.