ARTICLE: Six Ways To Plug Software Compliance Leaks
A couple of weeks ago I wrote about ten leaks that occur in software management processes that might lead an organisation to fall out of compliance.
Following on from this – what can be done to plug the gaps? What are the tactical steps a business can take to stop software compliance leaks and start gaining control?
1. Centralise Purchasing
2. Educate End Users About Software Management
3. Manage Software Changes
- Build processes or checklists around inputs and outputs to your software estate (Install, Move, Add, Change, new starter, leaver, etc)
- Consider preventing unauthorised changes via lock down or white listing applications
- Reduce unauthorized changes by monitoring new installs by end users and reprimanding / advising / escalating / educating accordingly
- Build a software request process for end users that checks entitlement before purchasing new applications and seeks manager approval
4. Maintain Accurate Licensing Records
- Store digital records as well as paper receipts, proof of purchase or license details
- Keep a database of installations versus entitlement
- Restrict and manage the distribution of software media
- Validate that licensing terms and conditions are being adhered to by training someone internally, seeking third party guidance or by seeking written validation from the vendor that you are licensed correctly.
5. Manage Virtual Environments
- For virtualised software make sure you know what you are entitled to use, what the worst case scenario might be if usage peaks and how you will monitor ongoing usage.
- For virtualised machines make sure you know what you entitled to use, how your license position will change if the environment changes and you plan to ongoing usage.
6. Only purchase software from a reputable business partner.
What other basic steps should be taken to prevent software compliance headaches?
Related articles:
Software vendor incentives are key to ISO/IEC 19770 adoption
Making 2017 “The Software Asset Management Year” for your Organization
Live from SAMPARIS16 - French SAM market growing, beware HP software audit risk
Event Listing: SAM Skills Workshop, 14th July, London
Weak growth in SAM tools market - are SAM Managed Services to blame?
Audit Defence Checklist - Nice to have, negotiable or non-negotiable terms
About Martin Thompson
Martin is owner and founder of The ITAM Review, an online resource for worldwide ITAM professionals. The ITAM Review is best known for its weekly newsletter of all the latest industry updates, LISA training platform, Excellence Awards and conferences in UK, USA and Australia.
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.
Try to negotiate into your contract software reconciliation metrics that are easily monitored. For example, rather
than sticking with the standard T&C’s that call for autodiscovery of installations, CPU’s, Processors, LPAR’s, and the color of
the computer housing to be reconciled with a complex licensing upgrade structure, go with something that can be easily monitored and
counted, like number of transactions or even a business metric, like % of sales. The vendor should be happy with the increased
transparency and you’ll save a lot of administration costs while reducing compliance risk.
• Have an internal process on every vendor’s products at least once per year to check license compliance,
and remove unauthorized installations before you buy new.
• Harvest software that is not used for more than 90 days. Doesn’t matter
what limit you want to use, it will recover licenses which will give you capacity or at least bring you back into compliance.