Software License Management

Software license management has become a critical issue for many IT organizations in light of increased pressure from software vendors and industry watchdogs, as well as recent government regulations, such as the Sarbanes-Oxley Act of 2002 (SOX) and the Health Insurance Portability and Accountability Act (HIPAA).

 

Faced with the daunting task of managing tens of thousands of software licenses, IT managers must implement effective solutions that will help mitigate risk from potential compliance audits and maintain corporate compliance.

 

  1. Evaluate your current situation by asking a few simple questions:

 

  • Are we prepared to respond to a software audit?
    • What processes do we have in place to determine our risk exposure?
    • Can we quantify our compliance risk exposure?
    • What is our policy around the distribution of software?
    • How do we determine who is entitled to what software?
    • If someone installs software, how do we keep track of it?
    • What processes do we have in place to harvest licenses from disposed hardware?

 

 

  1. Create a clear policy and processes with business users about software purchase, use and distribution, and ensure that it’s required reading for all employees.

 

The Business Software Alliance has a good sample policy on its Web site (www.bsa.org).

 

 

  1. Establish an anonymous way for employees to report activity that they believe might be outside of the corporate compliance policy.

 

  1. Be aware of the potential types of software license compliance audits your company face
    (e.g. internal audit, regularly scheduled audit generated by a compliance initiative, internal auditor request, third-party audit, specific software vendor initiated audits).
     
  2. Standardise software license procurement and management via an IT asset management solution. For example, software that provides an end-to-end view of all IT assets, including software licenses and their related financial information, such as contracts, warranties, etc.
     
  3. Avoid over-procurement and reduce costs by studying usage patterns within your global enterprise to determine current and future needs.
     
  4. Keep track of all software licenses and entitlements in a centralised repository. Automate asset discovery and maintain a real-time database of all your IT assets from procurement to retirement.
     
  5. At least once a year, inventory the software your business has licensed and confirm that users are entitled to those licenses.
     
  6. Establish and implement a software distribution strategy using best-of-breed software distribution solutions. Do not distribute or install software from CDs. And never install software from MSDN subscriptions for business use because it is not legal.
     
  7. Continually assess the corporate or regulatory compliance needs impacting your organization, such as SOX and HIPAA, and strategically adapt IT priorities as your organisations’ needs evolve.