BSA Offers 2-Year Vendor Audit ‘Forbearance’ in Exchange for Organizational Certification

15 November 2011
3 minute read
Best practice

BSA Offers 2-Year Vendor Audit ‘Forbearance’ in Exchange for Organizational Certification

15 November 2011
3 minute read

2-Year Forbearance from Vendor Audits for Certified Organizations

Last year the Business Software Alliance (BSA) launched an industry training course and certification scheme based on the ISO/IEC 19770-1 SAM Standard (further details here).

Today the BSA launch an ‘Organizational’ certification. The BSA claim the new Certified in Standards-based SAM for Organizations CSS(O) program is ‘the first and only enterprise-level certification for Software Asset Management (SAM) in the industry based on the International Organization for Standardization (ISO) SAM standard.’

In a nutshell:

  1. Organizations must have certified personnel and demonstrate sustainable SAM processes
  2. The organization can be independently audited against SAM Standards by a third party auditor
  3. The organization can become certified by the BSA, which includes ‘Forbearance’ against vendor audits from BSA publishers for two years. See the diagram on this page for a broad overview.

Forbearance’ is an interesting choice of words. My interpretation of the term is that it does not mean immunity. Vendors are delaying or refraining from their legal right (as per the EULA) to audit as opposed to offering complete immunity from EULA clauses.

Semantics aside, I think it is a great step from the BSA to offer organizations yet another benefit for adopting Software Asset Management. Vendor audits are costly and distracting, with this organizational certification SAM professionals can demonstrate a tangible cost benefit of adopting the ISO standard to their senior management teams.

“The forbearance provided by BSA members to organizations that obtain the CSS(O) enables the organizations to save additional costs and focus on their core business processes, rather than be distracted by software audits.” says Abhay Gupte, senior director of Deloitte Touche Tohmatsu India Private Limited.

My only criticism of this news (and it is nitpicking of an otherwise positive move forward of the SAM industry) is the reliance on BSA trained personnel; the CSS(P)’s. CORRECTION: The BSA inform me that they are not tying CSS℗ to CSS(O). “An organization does not need to have a CSS℗ on staff to get CSS(O) certified. While we believe it will be helpful to have one, there is no such requirement. What is required is that the auditor, or CSS(A) be independent to the organization for the assessment”.

It would be good to see the BSA recognize other training courses that show alignment with the ISO standard. After all, the BSA are in the game of increasing adoption of SAM and reducing piracy and not market share in SAM training courses. In an ideal world it would be good to see some unity between IAITAM, BCS, BSA and others in terms of a recognition, cooperation or bridge with other training providers.

Shameless Plug & Disclosure: I am certified by BSA under its ‘Certification in Standards based SAM’ CSS(P) certification program. I enjoyed the course and have referred to the program many times during my current SAM engagement.

The certification scheme has initially been launched in India with global roll-out pencilled in for 2012.

To learn more about CSS(O), please visit:

Photo Credit

Can’t find what you’re looking for?