This is an abridged version of an article published by ManageSoft, who are hosting a webinar with IAITAM on the 28th May. Further details can be found here.
1. Review the contract to understand audit terms and conditions
• TERMS AND CONDITIONS: Read the terms and conditions to establish whether the software publisher indeed has the right to audit the business in the first place. Understand the terms and conditions of non-compliance
• FINANCIAL PENALTY EXPOSURE: Determine whether there are potential financial penalties. Some vendors impose penalties and/or charge the cost of the audit to the customer if non-compliance exceeds a certain percentage of the total license cost. Non-compliance is very seldom by design, but still represents a potential liability. Knowing the consequences can empower an enterprise to take immediate remedial action.
• DESIRED OUTCOME: Create a clear checklist of the key deliverables of the audit. If the audit goal is to establish an “effective license position”, then information on software installations must be compared to license entitlement data for all applications in question. The data to be collected may include hardware and software inventory, users, purchase order and contract information.
• RESOURCES REQUIRED: Prior to any audit, it is worth asking the publisher exactly how the audit will be performed and what level of assistance will be required by the auditors. Enterprise software audits can consume many staff-months of time during which the IT department collects the requested data.
2. Make sure the software and hardware inventory is up to date
• IT ASSET VISIBILITY: Software publishers audit businesses to make sure that the software is being used within its license terms and is appropriately paid for. This means that IT departments must have a comprehensive view of their entire IT estate, including hardware, to ascertain how the software asset is being used and whether they are in compliance.
• IT ASSET ACCURACY: To make sure that software inventory is accurate and up to date, the fingerprint of every application installation, which includes file evidence, add/remove programmes and WMI (installer) data, must be analysed and a list of proper software titles generated for each machine.
3. Prepare Proof of Purchase and Licensing Agreements ready for inspection
• ENTITLEMENT: Prior to an audit, IT departments should ensure that all their paperwork is in order, recorded and easily accessible including paid invoices, receipts of purchases, licensing agreements and certificates – especially soft records of purchases from resellers and publishers. This proof of license entitlement is critical to the reconciliation process.
4. Demonstrate that licensing rules are understood and applied
• RECOGNISING LICENSE MODELS: A vendor license position requires much more than simply comparing purchases and installations. IT departments need to be able to demonstrate that license types, e.g. device based, named user, processor based or concurrent user, are understood in conjunction with the computing environment such as virtual machines, multi-processor machines, user communities, and physical locations. For example, Oracle database administrators must be able to show that they understand and meet the per processor minimum for Named User plus (NUP) licenses.
• UNDERSTANDING USAGE RIGHTS: Demonstrating that both rights of usage as well as limitations of usage are understood and applied across the IT estate will instil auditor’s confidence in the company. For example, the IT department must be able to show that upgrade rights and rights of second usage are applied correctly. Similarly, the IT department should demonstrate that license usage restrictions – for instance, limits on the number of virtual instances per physical host server – are respected.
5. Explain what SAM policies and procedures are in place
• SAM SYSTEMS: Enterprises should show documented corporate policies and procedures for software asset and license management. These could include frequent hardware and software inventories, centralized procurement, periodic license reconciliations (monthly, quarterly, etc.), software download and installation processes, employee education programs, and internal audits.
• END USER EDUCATION: Lack of IT policy communication to employees and end user monitoring and control are common oversights on the part of IT departments. On the other hand, by educating employees on what they “may” and “may not” install, central IT can prevent rogue installations, which often jeopardize enterprises’ compliance status.
• SAM FIRE DRILL: A good way to overcome inadvertent license breaches is to conduct scheduled internal IT audits. This not only ensures that the enterprise is always ‘audit-ready’, but also reinforces the importance of adhering to IT policy to employees.
6. Don’t remove software from computers; don’t start a shopping spree
• REMOVING EVIDENCE: Often, when IT departments find that they are out of compliance, a knee-jerk reaction is to instantly remove installed software from computers, just prior to an audit. However, removed software is easily traced by auditing companies, making them suspicious, which leads to further scrutiny. Instead, pre-empting such a situation is the better option.
• COVER UP Alternatively, in their efforts to be compliant just before an audit, IT departments often make purchases of software they need. However, it should be noted that only purchases made before the date of audit notification are considered by the auditors. Therefore, hasty purchase decisions are best avoided.
7. Automate software asset management
• PREVENTION RATHER THAN CURE: Software license compliance is complex, and this complexity will only increase as more complicated IT infrastructures such as virtualization and cloud computing take hold. Manually managing software asset management and compliance is a time consuming and onerous task, ridden with costs and risks. In general, by the time a manual assessment of an enterprise’s license position can be obtained, it is already out of date. IT departments should look to adopt tools that automate these processes to ensure on-going license compliance.
If you would like to add any other tips for preparing for a software vendor audit then please use the comments field below or contact me privately at alerts (at) itassetmanagement.net. Photo Credit
For businesses reliant on Java, Oracle’s licensing model presents a formidable challenge. Once a freely available technology, Java has evolved into a costly necessity for enterprises, with licensing changes leading to widespread financial and operational concerns. ...
This article explores three companies innovating in the ITAM market using AI. Before we look at AI for ITAM, let’s recap recent developments on how ITAM can help with AI. ITAM for AI I’ve been exploring ...
Flexera has announced its intention to acquire Spot by NetApp. In a nutshell. This puts Flexera on a path towards a billion dollar ARR company. Flexera says it is focussing its efforts where spend is growing ...
Podcast
No time to read? Want to stay up to date on the move? Subscribe to the ITAM Review podcast.
Effective data management is crucial for successful IT asset management. Leveraging a structured approach like the PDCA (Plan-Do-Check-Act) cycle can help structure your efforts. This approach should be easy to integrate into the existing processes and/or ...
This article is by Elise Cocks; IT Asset and License Management – Director; Freddie Mac On the 17th October, the NIS 2 directive came into force across the European Union. This cybersecurity legislation sets strict standards ...
We’re now over a decade on from Adobe’s controversial switch to subscription (SaaS) licensing for its key products. Salesforce, the pioneers of SaaS, is in its 25th year of operation. SaaS expenditure continues to grow by ...
In the face of growing environmental concerns and the urgent need for sustainable practices, the role of ITAM is expanding. Today, ITAM professionals are uniquely positioned to drive sustainability initiatives within their organisations. Sustainability in ITAM ...