ISO IEC 19770-11:2021 pdf download – Information technology — IT asset management — Part 11: Requirements for bodies providing audit and certification of IT asset management systems.
7 Resource requirements 7.1 Competence of personnel 7.1.1 General considerations 7.1.1.1 General The requirements in ISO/IEC 17021-1:2015, 7.1.1 apply. In addition, the following requirements and guidance apply. 7.1.1.2 SM7.1.1.2 Generic competence requirements The certification body shall ensure that it has knowledge of the technological, legal and regulatory developments relevant to the ITAMS of the client which it assesses. The certification body shall define the competence requirements for each certification function as referenced in ISO/IEC 17021-1:2015, Table A.1. The certification body shall take into account all the requirements specified in ISO/IEC 17021-1, 7.1.2 and 7.2.2 that are relevant for the ITAMS technical areas as determined by the certification body. NOTE Annex A provides a summary of the competence requirements for personnel involved in specific certification functions. 7.1.2 Determination of competence criteria 7.1.2.1 General The requirements in ISO/IEC 17021-1:2015, 7.1.2 apply. In addition, the following requirements and guidance apply. 7.1.2.2 SM7.1.2.2 Competence requirements for ITAMS auditing 7.1.2.2.1 The term “technical area” ISO/IEC 19770-1 states that all requirements are generic and intended to be applicable to IT assets of organizations regardless of their types and sizes. IT assets encompass asset types such as executable software (e.g. application programs, operating systems), non-executable software (e.g. fonts, configuration information), and IT hardware (e.g. PC, server, printer). In addition, the requirements of ISO/IEC 19770-1 can be applied to all technological environments and computing platforms (e.g. virtualized software applications, cloud-based software-as-a-service). For ISO/IEC 19770-1 audits, the term “technical area” relates to the ITAMS, including all ITAM-related processes and governance within the scope of the ITAMS. “Technical area” does not relate to any underlying technology used to enable ITAM. 7.1.2.2.2 General requirements The audit team members shall at least have knowledge of: a) management systems in general; b) ITAMS maturity assessments; c) service management system (SMS) or information security management systems (ISMS) as ITAMS related management systems; d) principles of auditing.
NOTE Further information on the principles of auditing can be found in ISO 19011. Criteria a), b) and d) apply to all auditors being part of the audit team. Criteria c) is only relevant for audit team members involved in a combined management system audit as addressed in 9.1.6. 7.1.2.2.3 ITAMS standards and normative documents Collectively, all members of the audit team shall have knowledge of all requirements specified in ISO/IEC 19770-1 as well as the terminology specified in ISO/IEC 19770-5. 7.1.2.2.4 ITAM principles, practices and techniques All members of the audit team shall have knowledge of: a) ITAM roles and responsibilities; b) processes applicable to ITAM; c) organizational interfaces of ITAMS; d) ITAM related tools, methods, techniques and their application; The audit team shall also have team members with knowledge of IT compliance and software license compliance in particular. This competency can be shared among the auditors in the audit team.