Many organizations struggle to discover and manage the software deployed within their environment, of which numerous are not compliant and exposed to significant risk in the event of a publisher audit.
What most organizations do not clearly understand is the concept of authorized software. The ISO/IEC 19770-1 specification clearly defines an inventory known as “Software Authorized for Installation”. The purpose of this inventory is to determine if a software installation is authorized to exist or not. The authorization can exist at any level, such as a device, a user, or the entire organization. It is critical that SAM practitioners fully understand this concept. It is also very important your SAM tool support this concept.
As you can see it is possible to have software deployed that was never authorized, and authorized software that has never been deployed. Both of these are very important artifacts to a solid SAM practitioner.