In a previous post, we discussed how software licensing compliance has become a problem for organizations that don’t follow best practices for managing technology and tracking software use. Not only are these organizations increasing the risk of a security breach, but many are being targeted for software licensing audits from vendors such as Microsoft that are cracking down on the use of unlicensed software. These audits are costly in terms of both the resources required to respond to the audit and the six-figure penalties often incurred for non-compliance.
With so many leading software vendors looking to increase revenue by conducting audits, it’s no longer a question of if you will be audited. Because a software audit is virtually inevitable, you need to know what to expect and how to respond. Basically, the software publisher or third-party auditor will expect you to validate that every copy of installed software is licensed.
It’s important to realize that you have a voice when setting the terms and establishing the process for the audit. When you receive an audit request, consult with your attorney to clarify your legal rights and obligations. The attorney should manage the audit process, including the scope and schedule of the audit, the issuing of requests, and the drafting of documents and reports. To ensure the confidentiality of proprietary information, you should enter into a non-disclosure agreement with the vendor or auditor.
Your IT manager should assess software licensing compliance across your organization. If non-compliance is discovered, the attorney should disclose all findings and negotiate a settlement with the software vendor. Typically, the vendor or third-party auditor will seek the current list price for any unlicensed software instance. If unlicensed software usage is claimed by a third-party auditor, your organization should reserve the right to review and possibly refute those findings before they are presented to the vendor.
As frustrating as a software licensing compliance audit can be, you can’t let it dictate your IT strategy. IT investments and strategy should be based upon your organization’s business processes, goals and growth strategy. They shouldn’t be a reaction to previous IT usage or mistakes. The key is to develop a software license compliance strategy that prevents the use of unlicensed software and helps to expedite the audit process when you receive the inevitable audit request.
A comprehensive internal audit is the first step. Gather proof of ownership documents – purchase orders, invoices, receipts, contracts, license certificates, etc. – for all software licenses in use. Determine if every application or software instance is properly licensed, and eliminate those applications and software licenses that are unused or unnecessary.
Document and implement software asset management processes, including procedures for procuring and managing software, and make sure these processes are followed to the letter by employees to prevent the intentional or unintentional use of unlicensed software. Because software licensing continues to be complex and is constantly evolving, organizations should explore cloud-based Software-as-a-Service (SaaS) options in which software usage is managed the service provider and paid for on a subscription basis.
Atlantic-IT.net, your outsourced IT department, has a team of IT consultants with expertise in software licensing compliance. Let us help you assess software usage across your organization and develop a strategy that minimizes risk and supports your business objectives.