This standard is intended to be used for managing IT assets in particular, but it can also be applied to other asset types. It can be suitable, in whole or in part, for managing embedded software and firmware. It is not intended for managing information asset.
This standard specifies the requirements for the establishment, implementation, maintenance and improvement of a management system for IT asset management (ITAM). This standard provides additional requirements to ISO 55001:2014 which specifies the requirements for the establishment, implementation, maintenance and improvement of a management system for asset management, referred to as an “asset management system”. This standard includes additional or more detailed requirements which are considered necessary for the management of IT assets.
controls over software modification, duplication and distribution, with particular emphasis on access and integrity controls;
audit trails of authorizations and of changes made to IT assets;
controls over licensing, underlicensing, overlicensing, and compliance with licensing terms and conditions;
controls over situations involving mixed ownership and responsibilities, such as in cloud computing and with ‘Bring-Your-Own-Device’ (BYOD) practices;