Software Compliance

Definitive Media

Software is often not regarded as a tangible asset because of its intangible nature, which results in it not being effectively controlled. There can be several versions of the same software within the organisation, and there can also be unlicensed and illegal copies of externally provided software.

Note that In ITIL® Ver. 3 the Definitive Media Library has replaced DSL.

Software Control

The practice of effective Software Control & Distribution (SC&D) involves the creation of a Definitive Media Library (DML), into which the master copies of all software is stored and from here its control and release is managed. The DML consists of a physical store and a logical store.

Think of the DML as a Federated software distribution library....

In real terms, a definitive media library (DML) is a secure location, consisting of physical media or a software repository located on a network file server, in which the definitive authorized versions of all software configuration items (CIs) are stored and protected. The DML is separate from development, quality assurance or production software storage areas. It contains master copies of all controlled software and includes definitive copies of purchased software, as well as licensing information for software developed on-site or purchased from an external vendor. All related documentation, related to any software stored in the DML, is also stored in the DML

The Definitive Media Library exists not directly because of the needs of the Configuration Management process, but as a common base for the Release Management and Configuration Management process. Software Control is responsible for the secure storage of software in the Definitive Software Library ITIL® (DML ITIL) and ensures that only correctly released and authorized versions are in use. The Definitive Software Library as an ITIL Library should:

  • only contain authorized versions of software
  • be totally separate from all other software development, testing or live area
  • hold secure copies of package software
  • keep all software up to date and free from corruption
  • be accessible only to software control and distribution staff
  • hold regular remote storage backups
  • document the status of all stored software versions