Many business leaders who find themselves on the receiving end of software audits targeting their companies vow to never again be caught with significant exposure related to their licensing positions. However, knowing how to act on those resolutions sometimes can be challenging, especially when the company’s software estate is a large or diverse one. Here are some guiding principles to help businesses make decisions about where to start:
- What is mission-critical? Regardless of how much a set of computer programs may be worth in terms of licensing fees, the first priorities for internal software asset management (SAM) assessments should be the software that the company cannot live without. Damaged relationships with the publishers of these products typically can result in the most harm to the company, so ensuring that the company understands and is in compliance with applicable license agreements often is most critical here. IBM and Oracle products often fall in this category.
- Which publishers are the most aggressive? Sometimes, the “audit value” of a software product is not accurately measured by the licensing cost alone. Products published by Attachmate are a good example. Many businesses know Attachmate as the creator of terminal-emulation products that allow for computers running on different operating systems to communicate with one another. Its products are not terribly expensive, and they typically are licensed under click-wrap agreements. However, Attachmate is among the most aggressive software auditors, and it routinely calculates compliance demands based on a combination of (1) license fees, (2) retroactive maintenance fees, and (3) interest (often dated from the release date of a software product). As a result, Attachmate compliance should be a top priority for any company that uses its products. Another publisher that falls in this category is Autodesk, which also aggressively audits its (much more expensive) computer-aided design products.
- What is the most widely used? Finally, businesses need to focus on the gross numbers: Which publishers’ products are installed most widely across the enterprise and how are they licensed? Microsoft and Adobe often are the best examples of such “saturation” publishers. However, companies also need to keep software industry groups like BSA | The Software Alliance and the Software & Information Industry Association (SIIA) in mind. Some of their members may not have robust audit practices on their own, but when represented by the BSA or SIIA, the exposure associated with their products’ use increases substantially. Companies should review those groups’ member lists periodically in order to assist with internal compliance checks. (Member lists: BSA |SIIA.)