Leading ITAM/SAM consultancy Noventiq Northern Europe was determined to be the first company in the world to gain ISO 19770-1 certification. So, that’s exactly what it did.
The opportunity
As an ITAM consultancy, Noventiq Northern Europe has conducted ITAM assessments on behalf of its clients for nearly 12 years. During this time, it has aligned its services directly to ISO/IEC 19770-1 to demonstrate its commitment to the highest ITAM standard. The company’s Executive Vice President, Dennis Montanje, is also a member of the ISO ITAM Standards Committee (the voluntary committee that develops the ISO 19770 family of standards), and he leads the ITAM Forum’s Committee of Experts, the group of volunteers that formulated what the certification scheme would look like and how conformity would be assessed.
With such a commitment, Noventiq jumped at the chance to gain ISO/IEC 19770-1 certification. What’s more, it wanted to be the first in the world.
Ash Dharas, Managing Consultant and ITAM Practice Manager at Noventiq stated, “Gaining ISO 19770-1 certification was imperative for us. The moment we heard the ITAM Forum was developing the world’s first 19770-1 certification scheme, I said we would be the first. While our ITAM services are modelled on the standard, I knew that going through the certification process would be invaluable. Only by genuinely practicing what we preach, could we demonstrate our knowledge and expertise to clients.”
The certification process
The certification process consists of three main steps with specific milestones which need to be met in order to progress onto the next step.
It starts with a preparation stage, where Brand Compliance (the scheme’s official auditor) conducts a Gap Analysis of the company’s management system (ISO/IEC 19970-1 is a management system standard) in order to highlight any deficiencies that need to be resolved to meet the standard. This is the part of the project that had the biggest impact on Noventiq, since it was the impetus for the company implementing a company-wide management system for the first time. The ISO standard is typically designed for organizations much larger than Noventiq (usually for those with a minimum of 5,000+ users) so the entire process represented a significant “belts and braces” approach for Noventiq and resulted in a level of process maturity which is far beyond the level you would expect from a company of its size.
Step 2, the Initial Audit, is comprised of two assessments. The first stage assesses the documentation of the company’s management system, with any gaps highlighted. The next stage is an audit of how effective the company’s management system is, in practice, and how well it was implemented and is managed.
An important part of the certification process is demonstrating Board-level support for ITAM. Leadership buy-in is critical – you cannot gain ISO/IEC 19770-1 certification without it. This process, conducted during step 2, involves interviews with key stakeholders to verify their commitment to, and understanding of, ITAM.
The entire process took Noventiq about nine months from the initial consultation through to certification.
Commenting on the audit experience, Ash stated, “It’s not an easy journey, but it’s an achievable one. While the process is tailored for much larger organisations than ours, we were still able to achieve certification and now have the processes in place to maintain it. These checks and balances would have needed to be put in place eventually as the company grew, so this process has put us ahead of the game and in the best possible position to move forward.”
Certification benefits
For Ash, obtaining ISO 19770-1 certification is all about Noventiq’s clients – “Gaining certification from an independent third party demonstrates to our customers that Noventiq practices what it preaches. It shows the outer world that we take ITAM seriously and have the scars to prove it, giving our clients the reassurance that we know what we’re doing and that they’re in safe hands.
Going through the certification process is not easy. It is a humbling experience. But it ultimately improves the quality of your ITAM practices. As more companies go through the certification process, I believe it will become a de facto standard alongside ISO 9001 and 27001 that every company will pursue as a matter of course. This will help to elevate the status and maturity of ITAM as a profession and provide a path for more ITAM professionals to contribute to their organisation’s strategic priorities. At the coal face, participating in ISO 19770-1 certification ensures your ITAM processes are world-class.”
Obtaining ISO 19770-1 certification is clearly a competitive advantage for Noventiq, which Ash is keen to leverage. “Having been through the process ourselves, many of our clients are now asking us for help with their own ISO certification journey. Having this quality stamp is creating new opportunities for us.”
Looking beyond its clients, Ash says certification has delivered Noventiq numerous, internal benefits – “Despite our many years of experience delivering ISO ITAM processes to our clients, this journey was a learning curve for us. It was a humbling experience that has lead to improvements in our processes and governance and has made us more efficient as an organisation.”
ISO/IEC 19770-1 certification is valid for three years. To maintain its compliance, Noventiq must participate in annual surveillance audits before re-certification is required in three years’ time.
Advice for others
Ash finished with some advice for other organisations considering their own ISO 19770-1 certification journey. “Just do it. The benefits will more than cover the cost of the process. What’s more, if you have already been through the process of implementing a management system which is compliant with other major ISO standards such as ISO 27001, you will already be over halfway there, since the same system can be utilised towards your ISO 19770-1 efforts.
You must not underestimate the importance of senior buy-in. We were lucky because our Executive VP Dennis Montanje accepted the challenge on our behalf, so we had senior management support from the start. This made collaboration with other departments and ITAM stakeholders much easier because everyone supported the mission. The lack of senior buy-in is among one of the most common challenges faced by our clients when it comes to embarking on their ITAM journey. Given how much weight the ISO certification process puts on verifying stakeholder support, I would recommend you secure this before seeking ISO 19770-1 certification
Lastly, you shouldn’t underestimate the time it takes to reach ISO standards and then to demonstrate compliance. It’s a long journey with no shortcuts. Even if you consider your processes to be pretty good already, you need to be prepared to put in the hard work to demonstrate this to the auditor. Remember, doing something well and demonstrating this to someone else are two entirely different things. I thought I knew a lot about ITAM but still learnt many things going through this process.
Working with Brand Compliance, the official auditor
“It was a very positive experience. We appreciate that as an audit organisation there are rules that Brand Compliance needed to follow, and they made those rules clear to us up front. The pre-audit itself was pretty scary for me as I’d never done anything like that before. But my confidence grew as we progressed through it.”