Over the last few weeks Computer Weekly has written about software licensing and how suppliers are demanding IT departments run costly software audits. At the same time, we have started looking at the complexities of licensing, such as in a virtualised environment.
In this guest blog post, Martin Thompson, a SAM consultant and founder of The ITAM Review and The ITSM Review, provides some top tips on what to do when you receive an audit letter:
Payment Protection Insurance (PPI) spam is in vogue.
You may have received one or two of these recently:
"You are entitled to £2,648 in compensation from mis-sold PPI on credit cards or loans."
PPI claims and other spam solicitations are the bane of our inboxes. The vast majority of us know to simply ignore them. Unfortunately the handful of those who do respond justifies the exercise to the spammers.
This mass-marketing technique is used in exactly the same fashion by trade bodies such as BSA and FAST to force their agenda and start software audit activity.
Supplier audits are a fact of life, some software audit requests are serious and expensive, some are merely spoof marketing campaigns - how can IT professionals decipher between the two?
Whilst I'm not a legal expert, fifteen years in this industry has taught me that there instances when you should respond to an audit request and instances when you should simply walk away.
When to Take Software Audit Requests Seriously
In my opinion there are two instances when you should take software audits seriously:
- When you are approached by a software publisher directly with reference to a signed contract
- When you are approached by an organisation with real proof of a breach of intellectual property law.
Contracts with software publishers have 'Audit Clauses', the right to come and audit you periodically at your own cost. Your company either signed this and agreed to it or will need to fight against it. Smart companies negotiate it out of the contract by demonstrating maturity in their internal processes.
Breaches of intellectual property supported by evidence are a legal dispute and should be treated as such - by passing the issue over to your legal team in the first instance.
When to Ignore Software Audit Requests
Requests for 'Self-Audit' or other direct mail fishing exercises can be ignored.
Trade bodies such as BSA and FAST commonly write letters to companies requesting them to 'Self-Audit' or declare a 'Software Amnesty'.
These organizations are masters at crafting well-written legal sounding letters but have no legal authority whatsoever. Nor do they have the resources to follow up to every letter sent.
Just like any other complaint made to your business it should only be taken seriously if there is firm evidence or the organisation issuing the dispute is supported by the appropriate government agency. For example the Federation Against Software Theft (FAST) has no teeth whatsoever unless accompanied by HM Customs and Excise.
Confidence in Your Choices
IT departments with the appropriate Software Asset Management (SAM) processes in place have both the confidence and the supporting data to discriminate between bogus claims and genuine supplier audit requests.
Whilst much noise is made in the industry of senior management being sent to prison or the company name being dragged through the gutter - the real and compelling downside to a lack of software management is UNBUDGETED cost and DISRUPTION. Surprise license costs and massive disruption whilst IT staff are diverted from key projects to attend to an audit or hunt down the appropriate data.
Unexpected software audits can be good for your health in the longer term if it allows the organisation to realize it is out of control.
SAM is so much more than compliance and counting licenses. Organisations with a solid SAM practice are more nimble, competitive and dynamic. No more stalling on that virtualisation project because we're unsure of the licensing costs, no more uncertainty about moving to the cloud because we don't know how that leaves us contractually. SAM provides the business intelligence to innovate and take action.