Need advice on looking for ISO ITAM ITSM compliant software

jah8887jah8887 A+,Net+,Security+, Cloud+ Essentials, LPI Linux Esentials, Project +, AAS Network SpecializationMember Posts: 79 ■■■□□□□□□□
Hi all,

I am in the process of replacing our ISO software for a small company. We currently use Sysaid but are having no luck with it. It is getting to be more bulky and still isn't as user friendly. Does anyone have any recommendations? We plan on doing a small help desk as the company for this is less than 15 people. In the end I need a good Asset Management function, Service management, maybe even ITIL certified ? software. The company has one server onsite but is willing to do cloud if the security is there. I have looked at other stuff but things like Lansweeper has some things its just not ISO compliant. I have also looked into Zendesk but it does not have the functionality we need but has part of it. I looked at Solar Winds but they have a helpdesk software portion. Does anyone have recommendations or suggestions in this area?


  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    By ISO - I assume you are referring to ISO 20000 since you mentioned ITIL. Either way - my initial reaction is why the heck do you need something so complex for 15 people? But if you really need something that can be used to implement ISO 20000 - you could try ServiceNow or Remedy.
  • jah8887jah8887 A+,Net+,Security+, Cloud+ Essentials, LPI Linux Esentials, Project +, AAS Network Specialization Member Posts: 79 ■■■□□□□□□□
    Yeah ISO 20000 and maybe even 27001? I am still learning the ISO stuff. We are a small hubzone linked to the DOD and need to meet these requirements. If you have something less complex, I am all for it.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Oh - maybe I'm not understanding the question. Are you trying to build a ITIL-based helpdesk service for the 15 people at the company. Or are you a 15 person company that is part of HUBZone and you are trying to create a helpdesk service to provide to the DOD? Do you have any FISMA requirements? I work in private sector so I'm probably not a good person to offer advice if you have to comply with mandates like FISMA.
  • jah8887jah8887 A+,Net+,Security+, Cloud+ Essentials, LPI Linux Esentials, Project +, AAS Network Specialization Member Posts: 79 ■■■□□□□□□□
    I appreciate any help even if your from the private sector. We are a 15 people broken into 3 companies which are all part of a HUBZone and one company is trying to create a help desk service for the DOD. I will give a small run down on the place, we have 3 small companies in one building here with the group of 15 people. One of the companies was going to be a small service help desk for general things in this Hubzone for the DOD and even maybe offer it to the locals who need assistance. The other 2 companies are small enough to do side work such as web development, marketing etc. I have not heard anything about FISMA requirements yet:). Primarily we are focused on ISO 27001 and 20000 along with ITIL for this place and of course NIST compliance.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    That makes sense. Do you actually have a contractual or regulatory mandate to be compliant with ISO 20000 or ISO 27000? If not, my suggestion is that you try to build a service that is aligned with those standards and processes like ITIL.

    If I was building a helpdesk service as a small business for external clients - I would probably use something like Zendesk. It's too expensive and time-consuming to try to architect, implement, and secure a help-desk system. And I would first look at SaaS providers. I do like Zendesk and I have many clients that use it. And I've used it in the past at other businesses. Generally speaking, for a small business, I would suggest you look at SaaS providers and focus more on third-party risk controls.

    The thing to remember is that just because you are using a service that is ISO 27000 and 20000 certified does not make your service offering certified. At this stage, it's really not practical for a small business to be ISO 27000 and 20000 certified. It's just not commercially practical.

    My approach however may not work with government contracts.
  • jah8887jah8887 A+,Net+,Security+, Cloud+ Essentials, LPI Linux Esentials, Project +, AAS Network Specialization Member Posts: 79 ■■■□□□□□□□
    Yeah we need to maintain ISO 20000 and ISO 27001 compliance for this place. Do you have any other recommendations besides Zendesk? Or do you have any IT asset management tracking tools you could recommend? Appreciate the help.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Are you sure that you have to be ISO 20000 and 27000 certified? Those are pretty expensive thresholds for small business. Also - what do you mean by IT Asset Management? Are you referring to traditional ITAM? That is not what Zendesk is typically used for. What kind of IT assets do you need to track and manage? And what type of numbers? A lot of companies just track them in a spreadsheet unless they have thousands of assets to track. Because of that - usually the ITAM tools that are out there are geared for large enterprises like BMC Remedy and ServiceNow.

    Edit - one other thing. If you have to be ISO 20000 and 27000 certified, the choice of your tools are the least of your problems. And you would need to find an auditor that you can use. Unfortunately, I don't have a company to recommend.
  • jah8887jah8887 A+,Net+,Security+, Cloud+ Essentials, LPI Linux Esentials, Project +, AAS Network Specialization Member Posts: 79 ■■■□□□□□□□
    According to the CEO we have to be ISO compliant even though we are a small business. I do know they want to be ITIL certified to and the assets we are tracking range from furniture to pcs, laptops etc. I am also referring to the traditional ITAM. Sorry for the confusion as I am new to the government Hubzone sector and am learning as I go.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Ok - being compliant vs certified is a big difference. If you need to compliant, you still need to have the controls in place and someone to manage them and test them. But it should be a lot more manageable. As for ITIL certification - I don't think there's such a thing - maybe someone else knows. It is my understanding that if you want to be certified for ITSM using something like the ITIL framework - you would get ISO 20000 certified.

    As for your ITAM needs - and I presume that you need to also track depreciation as well - I still think you may want to take a look at ServiceNow. That's probably a good place to start.

    But if your asset management need is more about enterprise asset management and you have mostly physical assets, a good place to start is with Gartner's analysis of that market. The peer based reviews can be found here to give you an idea of the companies that provide those solutions.
Sign In or Register to comment.