In February 2023, Brand Compliance, in collaboration with ITAM Forum, issued the world’s first, two certificates for ISO/IEC 19770-1. This is a management system standard that focuses on the management of IT assets. The standard offers an overview of the different categories of IT assets and views these categories in a process-based way.
Yorick Heijink is the Lead Auditor at Brand Compliance for ISO/IEC 19770-1, 9001 and 27001. Prior to becoming a certification auditor, Yorick was a Product Manager and Project Manager within the IT services and consulting sector.
What do you like most about auditing for ISO/IEC 19770-1 certification?
It is special to be involved in a new certification process in an industry that has not yet had such a scheme. The field of IT asset management offers me completely new perspectives. Where there is usually a focus on information security and quality, here, the focus is on financial objectives with a completely different group of stakeholders. In also opens the door to experts and organizations that are passionate about ITAM, and with this certification, we can recognize them for their work.
Have you encountered any challenges during the audit process?
The biggest challenge is that asset management now needs to be assessed on a much larger scale. There are many processes that have to be verified in great depth. In addition, the concept of a management system is not as ingrained in this field, which puts the application of verifiable samples and audit expectations to the test.
Do you think IT asset management is relevant for all organization?
IT asset management is absolutely relevant for all organizations, large and small. However, certification will only become relevant when the impact of these resources increases. Process efficiency and financial objectives form the basis of the IT asset management system, and where this may integrate well with other management systems, not all organizations have the same diversity or volumes to focus on.
How will ISO 19770-1 certification impact software vendor audits?
Typically, markets request certifications to give confidence to customers and internal and external stakeholders. This certification is no different. If organizations are subject to vendor audits, ISO 19770-1 certification should give confidence that these audits will have no, or no major, negative consequences. Ultimately, the hope is that suppliers will become sensitive to ISO 19770-1 certification. The aim is that audits will become less frequent and less impactful for certified organizations.
What competencies does an ITAM auditor need?
Since ISO 19770-1 is a management system certification, knowledge of management systems is an absolute must. In addition, it is important to have experience and insight into large organizations with many different departments, processes and interests. Connections must be made during the preparation stage so that during the audit, the right people are engaged. I am becoming more and more familiar with ITAM processes, with help from experts in the field.