SAM (Software Asset Management) covers the systematic recording, management, and optimisation of all software licences in an organisation. It gives you transparency over deployed software, prevents licence violations, and identifies unused licences. SAM is closely linked to IT asset management and feeds data into vulnerability management: you can only roll out patches effectively if you know which software is installed where. In an ISMS, SAM is part of inventory management per ISO 27001 Annex A 5.9. Regular licence audits are an integral part of the SAM process.