Software License Compliance: Essential Steps
You commit to extensive licensing terms when you purchase each software product. But the terms are extremely complex with important information buried in the fine print. Some use rights and restrictions might only exist in remote areas on a vendor website. Even the vendor’s sales team is likely unclear about licensing details during the sales process.
Software auditors, however, are very clear about licensing compliance requirements and have a good idea of what they will find during an IBM SLR, Mircosoft SAM Engagement or Oracle Audit. Unfortunately, IT management is often shocked and unprepared for what is learned from the audit results.
What are software audits?
Software audits (SAM – software asset management, SLR - software license review, compliance review) are comprehensive assessments to determine the extent to which a company is using a vendor’s software, as well as what licensing has been purchased to cover this usage.
Most major software vendors (Oracle, SAP, Microsoft, IBM, Symantec, VMware, Citrix) regularly enforce audits under the contractual rights described in their license agreements. These rights require the customer to run ‘scripts’ to determine the installed footprint, provide detailed documentation about purchases and technical environments, and give the auditor access to extensive supporting information. Audits are intensive and intrusive, requiring your resources and attention for around 3 to 4 months. Upon the conclusion an ELP (effective license position) report is presented.
Why would a vendor audit your company?
The purpose of a software audit is to increase vendor revenue. Auditors identify and document licensing shortfalls so that the vendor can exercise contractual rights to collect payment. These payments include: license fees, back maintenance and support, penalties, and audit and legal fee recovery. Revenue generated per client can be millions of dollars.
How was your company selected for an audit?
Vendors systematically audit all customers, of course, prioritizing the best opportunities. Customers attract the attention of the vendor when purchase patterns change, agreements are not renewed, mergers or acquisitions are announced, and when they learn of projects that could change the technology footprint. Even a simple call to vendor support can trigger an audit.
What are the areas of audit risk?
In a typical company licensing issues exist in all parts of the technology landscape. Classic challenges include:
- Complicated and misunderstood licensing terms
- Undocumented or even renegade environments
- Assumptions made on an incorrect understanding of license ownership
- Scattered purchasing documentation
- Virtualized, cloud, or shared implementations
- Incorrect or changing server specifications
- Pirated, temporary, or trial installs on servers or workstations
- Environments exposed to external or public users
- Forgotten or incorrect true-ups