ISO/IEC 19770-4:2017

INTERNATIONAL ISO/IEC
STANDARD 19770-4
First edition
2017-09
Information technology — IT asset
management —
Part 4:
Resource utilization measurement
Technologies de l'information — Gestion de biens de logiciel —
Partie 4: Mesure d'utilisation des ressources
Reference number
ISO/IEC 19770-4:2017(E)
©
ISO/IEC 2017

---------------------- Page: 1 ----------------------
ISO/IEC 19770-4:2017(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 19770-4:2017(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
1.1 Purpose . 1
1.2 Field of application . 1
1.3 Limitations . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Conformance . 4
4.1 RUM conformance . 4
4.2 Application conformance . 4
5 Key concepts . 4
5.1 General . 4
5.2 Software asset and IT asset identification. 5
5.3 Measurements . 5
5.4 Relationship to other ISO/IEC 19770 family information structures . 5
6 Implementation requirements and guidance . 5
6.1 Usage scenario . 5
6.2 Unique registration ID (regid) . 6
6.2.1 Overview . 6
6.2.2 Structure of regid . 6
6.2.3 Examples of regid . 6
6.3 XML and XSD . 6
6.4 Time formats. 7
6.5 Frequency of generation . 7
6.6 Filename . 7
6.7 File extension . 7
6.8 File location. 8
6.9 Managing file sizes and file numbers . 8
6.10 Uninstallation and upgrade. 8
6.11 Digital signatures . 8
6.12 Nesting XML documents . 8
7 Tool considerations . 8
8 Schema elements . 8
8.1 Overview . 8
8.2 Minimum RUM data required. 9
8.3 XML element and attribute names .10
8.4 Data values .11
8.4.1 Resource Utilization .11
8.4.2 AssetIdentification .12
8.4.3 Measurement .13
8.4.4 Value .13
8.4.5 Link .14
8.4.6 Meta .15
8.4.7 Asset .15
8.4.8 Instance . .15
8.5 Type definitions .15
8.5.1 Ownership .15
8.5.2 rel .16
8.5.3 NMTOKEN .16
Annex A (normative) XML Schema Definition .17
© ISO/IEC 2017 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 19770-4:2017(E)

Annex B (informative) Examples of multiple file RUM and nesting XML documents .30
Annex C (informative) Examples of linking related software asset from the RUM .33
Bibliography .38
iv © ISO/IEC 2017 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 19770-4:2017(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso.org/iso/foreword.html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
A list of all parts in the ISO/IEC 19770 series can be found on the ISO website.
Guidelines for mapping of industry Software Asset Management (SAM) practices with the ISO/IEC 19770
series of standards and guidelines for the application of ISO/IEC 19770-1 for small organizations will
form the subjects of future ISO/IEC 19770-8 and ISO/IEC 19770-11, respectively.
© ISO/IEC 2017 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 19770-4:2017(E)

Introduction
0.1 Overview
International Standards in the ISO/IEC 19770 series of standards for IT asset management (ITAM)
address both the processes and technology for managing IT assets. Because IT is an essential enabler for
almost all activity in today's world, these standards should integrate tightly into all of IT. For example,
from a process perspective, ITAM standards should be able to be used with all management system
standards, because hardware and software, and management of hardware and software management
are essential components of any modern management system. From a technology perspective, ITAM
standards for information structures provide not only for the interoperability of IT management data,
but also provide the basis for many additional benefits such as more effective security in the use of
software. ITAM standards for information structures also facilitate significant automation of IT
functionality, such as improved authentication of software and easier and more consistent collection of
data relating to the use of that software.
0.2 Purpose of this document
This document provides an International Standard for Resource Utilization Measurement (RUM). A
RUM is a standardized structure containing usage information about the resources that are related to
the use of an IT asset. A RUM will often be provided in an XML data file, but the same information may
be accessible through other means depending on the platform and the IT asset/product.
This document contains information structures that are designed to align with the identification
information defined in ISO/IEC 19770-2, and with the entitlement information defined in ISO/IEC 19770-
3. When used together, these three types of information have the capability to significantly enhance
and automate the processes of IT asset management.
This document supports the IT asset management processes defined in ISO/IEC 19770-1. This document
also supports the other parts of the ISO/IEC 19770 series of standards that define information
structures.
The RUM is specifically designed to be general-purpose and usable in a wide variety of situations.
Like other information structures defined in the ISO/IEC 19770 series of standards, the consumer of
a RUM may be an organization and/or a tool or other consumers. In contrast to the other information
structures in the ISO/IEC 19770 series, the entity creating a RUM data on a periodic basis will likely be
an IT asset or an automation tool monitoring an IT asset.
The definition of a RUM will benefit all stakeholders involved in the creation, licensing, distribution,
releasing, installation, and on-going management of IT assets. Key benefits associated with a RUM for
three specific groups of stakeholders include:
— IT asset users
— RUM data will typically be generated and processed by IT assets and automation tools, within
the consumers enterprise boundary, for purpose of IT asset compliance and optimization;
— RUM data is human readable and can provide improved visibility into resource utilization
within IT assets independent of vendor or third-party supplied tools;
— the ability to combine identification, entitlement, and resource utilization information together
to perform quantitative and authoritative IT asset management, for example, to meet compliance
requirements;
vi © ISO/IEC 2017 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/IEC 19770-4:2017(E)

— a much-improved ability to perform IT asset management in support of green data center
strategies such as optimization of the use of power and air conditioning;
— IT asset manufacturers
— the ability to consistently and authoritatively generate resource utilization information for
consumption by a central facility that is maintained by the creator, or one or more third-party
tools, or by the IT asset users;
— the ability to support multiple instances and types of third-party tools with a single set of
functionality within the IT asset;
— the ability to offer a service to track real-time IT asset usage in the field and, when combined
with identification and entitlement information, the ability to give advance warning as resource
limits are approached;
— the ability to offer an alternative approach to asset utilization measurement to traditional
techniques that employ key-based, or platform-restricted licenses;
— Tool vendors
— the ability to support multiple IT assets, and types of IT asset, without having to create and
maintain unique instrumentation that is associated with each asset;
— the ability to more easily aggregate usage information across multiple instances of an asset;
— a much-improved ability to track resource utilization and IT assets in near real-time.
This document is divided into the following clauses and annexes:
— Clause 1 is the scope;
— Clause 2 describes the normative references;
— Clause 3 describes the terms, definitions, symbols, and abbreviations used in this document;
— Clause 4 defines conformance;
— Clause 5 describes key concepts;
— Clause 6 defines implementation requirements and gives guidance;
— Clause 7 defines tool requirements;
— Clause 8 defines the elements of the RUM;
— Annex A contains the XML schema document (XSD) for the RUM;
— Annex B gives examples of RUMs; and
— Annex C gives methods of linking a RUM to a specific software asset.
This document is not intended to conflict either with any organization's policies, procedures, or
standards. Any such conflict should be resolved before using this document.
© ISO/IEC 2017 – All rights reserved vii

---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO/IEC 19770-4:2017(E)
Information technology — IT asset management —
Part 4:
Resource utilization measurement
1 Scope
1.1 Purpose
This document establishes specifications for an information structure to contain Resource Utilization
Measurement information to facilitate IT asset management (ITAM).
This document is applicable to all types of organization (for example, commercial enterprises,
government agencies, and non-profit organizations).
1.2 Field of application
This document applies to the following.
a) IT asset manufacturers: These are the entities that create IT assets for distribution or installation.
b) Tool providers: These are the entities that may provide any number of tools that use the information
contained in a Resource Utilization Measurement (RUM). These tools will include aggregation
facilities capable of producing consolidated reports of the utilization of resources throughout an
organization, and threshold reporting facilities capable of generating an alarm when utilization
reaches a predetermined level.
c) IT asset users: These are the entities that purchase, use IT assets, and who are intended as one of
the major beneficiaries of the visibility made possible by the information that is contained within
the RUM.
1.3 Limitations
This document does not detail ITAM processes required for the reconciliation of resource utilization
information with other types of information such as identification and entitlement information.
This document only defines an information structure, and does not define how that information is
communicated between systems, or how resource measurement information from different systems is
reconciled or consolidated.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 19770-5, Information Technology — Software asset management — Overview and vocabulary
ISO 8601, Data elements and interchange formats — Information interchange — Representation of dates
and times
RFC 3986, Uniform Resource Identifier (URI): Generic Syntax, January 2005, http://tools.ietf.org/html/
rfc3986
© ISO/IEC 2017 – All rights reserved 1

---------------------- Page: 8 ----------------------
ISO/IEC 19770-4:2017(E)

3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 19770-5 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
NOTE In these definitions, the generic term {info struct} that is used in ISO/IEC 19770-5 to reference an
ISO/IEC 19770 information structure, is replaced by the term RUM. Unlike ISO/IEC 19770-2, the term “tag” is not
used because the information structure defined in this document may not always be realized as an XML file, and
thus the term “tag” is not always appropriate.
3.1
asset
item, thing, or entity that has potential or actual value to an organization
Note 1 to entry: Value can be tangible or intangible, financial, or non-financial, and includes consideration of
risks and liabilities. It can be positive or negative at different stages of the asset's life.
Note 2 to entry: For most organizations, physical assets usually refer to equipment, inventory, and properties
owned by the organization. Physical assets are the opposite of intangible assets, which are non-physical assets
such as leases, brands, digital assets, use rights, licenses, intellectual property rights, reputation or agreements.
Note 3 to entry: A grouping of assets referred to as an asset system could also be considered as an asset.
Note 4 to entry: ISO/IEC 19770-5 incorporated a slightly different definition of asset, taken from a development
version of ISO 55000. This definition is sourced from the latest published version ISO/IEC 19770-5, which is in
turn aligned with ISO 55000.
[SOURCE: ISO/IEC 19770-5:2015, 3.2]
3.2
element
component of an info struct that provides information related to the entity represented by the info struct
[SOURCE: ISO/IEC 19770-5:2015, 3.12]
3.3
extensible markup language
XML
license-free and platform-independent markup language that carries rules for generating text formats
that contain structured data
[SOURCE: W3C Recommendation Extensible Markup Language (XML) 1.1 (Second Edition), 1.2]
3.4
globally unique identifier
GUID
16-byte string of characters that is generated in a manner that gives a high probability that the string is
unique in any context
Note 1 to entry: Other globally unique identifier algorithms can be used in some situations. In general, alternative
algorithms use uniform resource identifier (URI) based structures, so the id owner's registration identifier (regid)
is included in the identifier.
Note 2 to entry: In this document, GUID as an all capitalized term refers specifically to the 16-byte version. If the
term is in lowercase (guid), it refers to a general algorithm that can use either a URI, or a 16-byte-based identifier.
[SOURCE: ISO/IEC 19770-5:2015, 3.16]
2 © ISO/IEC 2017 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 19770-4:2017(E)

3.6
registration identifier
regid
unique identifier for an entity
Note 1 to entry: ISO/IEC 19770-5 incorporated a different definition of regid that defined a specific format.
[SOURCE: ISO/IEC 19770-5:2015, 3.27]
3.7
software identification tag
SWID tag
information structure (3.13) containing identification information about a software configuration item,
which may be authoritative if provided by a software creator
[SOURCE: ISO/IEC 19770-5:2015, 3.40]
3.8
Resource Utilization Measurement
RUM
structure that provides information about resources associated with an IT asset (3.1) in order to
facilitate its management
Note 1 to entry: In the case of a RUM, the structure specifically contains information about the consumption of
resources in relation to an IT asset.
[SOURCE: ISO/IEC 19770-5:2015, 3.18, modified – Note 1 to entry has been added.]
3.9
RUM creator
entity that initially creates a RUM
Note 1 to entry: This entity can be part of the organization that created the IT asset, in which case the RUM
creator and IT asset manufacturer will be the same. The RUM creator can also be a third-party organization
unrelated to the IT asset manufacturer (such as in the case where tags are created for legacy software by third-
party organizations). The RUM creator can also be a separate software tool that is used to measure usage of an
IT asset.
[SOURCE: ISO/IEC 19770-5:2015, 3.19, modified – Note 1 to entry has been added.]
3.10
uniform resource identifier
URI
compact sequence of characters that identifies an abstract or physical resource available on the Internet
Note 1 to entry: The syntax that is used for URIs is defined in IETF RFC 3986.
[SOURCE: IETF RFC 3986, 1]
3.11
valid
status of a RUM that follows the specified XML Schema document and is valid from an XML perspective
[SOURCE: ISO/IEC 19770-5:2015, 3.52]
3.12
version
unique string of number and letter values indicating a unique revision of an item
Note 1 to entry: Versions are often referred to in software to identify revisions of software that provide unique
functionality or fixes. A version typically has multiple parts with at least a major version indicating large changes
in functionality or user interface changes and a minor version indicating smaller changes in functionality or user
interface changes.
© ISO/IEC 2017 – All rights reserved 3

---------------------- Page: 10 ----------------------
ISO/IEC 19770-4:2017(E)

[SOURCE: ISO/IEC 19770-5:2015, 3.54]
3.13
information structure
structure that provides information about an IT asset (3.1) in order to facilitate its management
4 Conformance
4.1 RUM conformance
A Resource Utilization Measurement (RUM) is in conformance as specified in this document when the
RUM obeys all normative requirements that are specified in this document.
4.2 Application conformance
Application conformance incorporates both syntax and semantics and are defined for producers of
RUM and entities that are designed to process RUMs, as follows.
A conforming application (i.e. an IT asset, automation tool, etc.) that is designed to produce RUMs
— shall be able to produce RUMs conforming to this document.
An entity that is designed to process RUMs:
a) shall not reject any RUM conforming to this document which is in XML format and which conforms
to the schema provided in Annex A;
b) shall treat the information in the RUM in a manner consistent with the semantic definitions given
in this document. Such an application may choose not to process all of the information in the RUM,
but any information that it does process shall be processed in a manner that is consistent with the
semantic definitions given in this document;
c) shall, when necessary, be able to identify the version of the XML schema document (XSD) that is to
be used for the RUM, and thus be able to process information in a manner that is consistent with
that XSD. This is important because in the future, RUMs that conform to several different versions
of this document may exist in the field concurrently, and it will thus be important that each version
is processed with the correct XSD.
5 Key concepts
5.1 General
A Resource Utilizat
...