Section 1�Introduction to Software Management
Welcome to the Microsoft� Software Management
Guide. This guide was designed to assist you in developing a plan to
effectively manage your organization�s software assets. In it you will find
valuable information on using license agreements to your advantage, tips on how
to reduce the total cost of ownership, and ways to reduce risk and liability.
This
guide is divided into two sections:
�
�������������� The Software Management Program: Explains how to perform a software
audit and how to develop a system that will help you more effectively acquire,
distribute, and use software.
��������������� Copyright Law: Covers the basics of
copyright law in the U.S. and Canada.
In
addition, this guide includes several appendixes:�
��������������� Appendix A provides sample documents that you
could use to develop and implement a software management program.�
��������������� Appendix B provides information and Web
resources on software auditing tools and services.
��������������� Appendix C consists of a survey that your
organization can use to assess its current level of software asset management
��������������� Appendix D provides information on various
Microsoft volume licensing programs.
��������������� Appendix E provides a list of Microsoft volume
licensing resellers
The
Problem: Protecting Your Software Investment
The
investment your organization has made in its software is a critical part of its
overall asset base and represents a major component of both IT and departmental
budgets each year. As computer systems have proliferated, the demand for new
software tools has resulted in a substantial increase in software
expenditures.� In fact, in many
instances, this demand for new software, coupled with the rapid increase with
which new generations of software come on line, has caused IT activities to
shift focus from resource management to software deployment.
The
result, for many companies, has been the uncontrolled and inefficient growth of
software assets�to the point where an organization may not know either what
assets it possesses or where they are located. This lack of information about
software assets can result in a higher total cost of ownership due to such
problems as:
��������������� Reduction in corporate assets from loss,
attrition, and theft
��������������� Introduction of computer viruses and other
security threats into the IT environment
��������������� Higher integration costs as a result of
incompatible systems and differing versions of software
��������������� Greater risk of civil fines and penalties
because of copyright infringement
Lack
of information about software assets can also lead to other problems, beyond an
increased cost of ownership. These include:
��������������� Damaged business reputations due to high-profile
civil cases involving copyright infringement
��������������� Negative effects on local and state economies
due to large tax losses resulting from the distribution of pirated software
The
Solution:� A Software Management Program
The
most cost-effective way for your organization to optimize the return on its
software investment is to implement a software management program. Companies
that have implemented such a program have found that it can:
��������������� Save money. Good software management procedures can help
you take advantage of volume license discounts offered by many software
publishers and most efficiently deploy software across your organization.
��������������� Help manage technological change. A software management pro�gram
can help your organization identify its software needs, avoid obsolescence, and
ensure that it has the technology it needs to fulfill its mission.
��������������� Decrease losses from theft and misuse. Software losses are not
simply a problem for the software industry�they are a problem for all
companies. Software licenses represent a capital investment that needs to be
protected, just like any other capital investment.
��������������� Reduce risk and liability. Willful or negligent abuse
of software licenses can result in financial penalties for an organization. In
addi�tion, executives of the company can be held individually liable�both
criminally and civilly�for any copyright infringement that occurs within the
organization. Companies that have a program to help them manage their software
investment reduce these risks.
��������������� Alleviate communication and data transfer
problems. In
organiza�tions where technology has proliferated without controls, different
groups of users often operate on different platforms. Because of these multiple
platforms, it can be difficult to transfer documents and data from one
department to the next�even if all of the systems exist on the same network. An
effective software management program can help organizations address these
difficulties and apply standards where needed, thereby improving both workflow
and efficiency.
��������������� Justify investments in better technology. Because organizations are
driven by return on investment, those that cannot quantify the benefits to be
gained from an investment�even when such benefits clearly exist�may be forced
to do without it. A software management program helps organizations understand
the value they receive from their software investment. It also helps them
direct their software budgets to those areas where they can increase that
return.
Section
2�Developing a Software Management Program
Developing
a software management program involves several steps:
1.
Forming
the software management team
2.
Conducting
the software audit
3.
Developing
a software management plan based on the results of the audit
4.
Gaining
management�s approval
5.
Implementing
the plan and taking corrective actions
6.
Continuing
the software management program as a permanent business activity
Each of
these steps is explained further in the sections that follow.
Forming the Software Management Team
Forming
the software management team is an important first step in the process because
it assigns responsibility for development of the software management program to
particular individuals within the organization. Such accountability is
important if the plan is to succeed.�
Because
all employees have contact with an organization�s software, the interest in a
software management program can be far-reaching. While the number of team
members may vary from one organization to the next, all organizations will
benefit from including employees from several different departments. This
approach will help the team gain consensus and support throughout the
organization. A well-rounded team may include representatives from the
following areas:
��������������� Senior management. A representative from senior
management will provide authority to the team, as well as a champion from
within the ranks of management.
��������������� IT staff. Where possible, at least two IT staff members
should be included to reduce the chance that a single representative will be
overwhelmed by other departments� needs.
��������������� Accounting and financial audit department. A representative from a
financial area is important to ensure that the software management plan
strategy is smoothly integrated with your organization�s asset management
strategy.
��������������� Procurement or purchasing. A key element of your
organization�s software investment plan is acquiring the right software�and
doing so cost effectively. Having a purchasing professional on the team can
provide guidance for developing a software acquisition strategy and can help
ensure that this strategy does not conflict with existing procurement
procedures.
��������������� Administration. Administrative personnel
form the single largest group of software users in most organizations. Their
input will help identify key problem areas for the administrative staff.
��������������� Legal department. Since the legal department
is responsible for evaluating risk and protecting the organization against
possible legal actions, it is important to include a member of the legal
department on the team.
��������������� Human resources department. As much as 40 percent of the
investment made in software is spent on training. Therefore, it�s important to
include someone from Human Resources who can offer a training perspective.
Other
people that might be included on the software management team�depending on the
structure and size of your organization�include managers or representatives of
business units, remote offices, sales departments, and customer service
departments.
NOTE:� All team members should have some
understanding of computer terminology if possible, so as to minimize the time
required to bring them up to speed.
Conducting the Software Audit
Before
the software management team can develop a software management plan, the group
must determine how your organization currently acquires, distributes, and uses
its software. The best way to gain this understanding is to conduct an audit of
your existing software assets�a task that involves collecting data on all the
organization�s PCs, the software installed on them, and the software licenses
owned by the organization. Once you have gathered this information, you will
then match the software installed on the organiza�tion�s PCs to the licenses it
owns.
In
this section, we first discuss the pros and cons of hiring an outside firm to conduct
the software audit vs. using internal staff.�
We then provide some guidelines for both external and internal
audits.�
�Make� vs. �Buy� Decision:�
Do It Yourself or Contract Out?
The first decision to make is
whether to conduct the audit internally or hire outside consultants to perform
it�a decision similar to the �make vs. buy� decision that IT professionals
often face when considering new software needs. While it might be tempting to
try to save budget dollars by using your own IT staff, departmental
administrative staff, or volunteers, keep in mind that planning time for the
audit can run as high as 20 hours per 100 desktops for untrained internal
staff, and the inventory process itself can take 30 minutes or more per
workstation.
Note that if you do decide to
have an external firm conduct your audit, you will still need to perform one
step of the audit process internally:�
analyzing your software policies and procedures (or writing them if you
have no formal policies and procedures).�
See �Step 4:� Analyzing (or
Writing) Policies and Procedures� in the Internal Audit section for more
information.
The following sections
describe the types of vendors available to perform audits for organizations
that choose to have the audit done externally and explain the steps involved in
conducting an internal audit.
Outside Consulting and
Auditing Firms
External consultants or
auditors have an advantage in that they already have the forms, tools, and
templates to perform the task. Additionally, they are educated on the most
current tools and technology available.
Consulting and auditing
services are available from a wide range of firms, offering a variety of
services. In general, the following types of vendors perform software auditing:
��������������� Equipment leasing companies. Many major leasing companies have extended their portfolio of
services to include auditing and asset management. Though their focus is
primarily on leasing equipment, they may provide contract auditing services,
especially if they currently are handling equipment leases for your
organization.
��������������� Software resellers. Software
resellers offer auditing services as an incentive to order from them. These
organizations offer an important advantage in that they already have purchase
records and other documentation for your organization that can dramatically
reduce the time and cost of the audit.
NOTE: Even if you choose not
to have a software firm conduct the audit, ask your software vendors to provide
records of all license acquisitions, if possible. This step will significantly reduce the time and effort
required to conduct the audit. (See �Step 3: Locating Soft�ware Licenses and
Invoices,� in the Internal Audit section, for more information.)
��������������� Software auditing tool vendors. These companies often provide auditing services as well as
auditing tools. The advantage of using one of these firms is their familiarity
with the process and their products. The success of their audit, however, will
depend on the strength of their particular tool set.
��������������� Software audit consultants. These firms are dedicated to performing software audits. Their
advantages are the expertise they bring to the task (because software audits is
their primary focus, rather than an adjunct to some other business purpose) and
their freedom to choose the best tools for the job.
The
Internal Audit
For those companies that
choose to use internal staff to conduct the audit, this section explains how to
perform an audit and offers suggestions to make the job easier and more
effective.
An internal audit involves
seven steps:
1.
Selecting
the audit tools
2.
Preparing
for the audit
3.
Locating
software licenses and invoices
4.
Analyzing
(or writing) policies and procedures
5.
Surveying
software usage
6.
Performing
the physical audit
7.
Preparing
the audit report
Each of these steps is
described further below.
Step 1:� Selecting the Audit Tools
If you are leaning towards
doing the audit internally, consider purchasing auditing tools to help you with
the task. These tools can make the auditing process more cost-effective by
automating the process of locating all the software in the organization.
Auditing tools are especially helpful in a networked environment.
Three major types of auditing
tools exist:
��������������� Inventory Programs. These tools inventory
existing installed software and generate a report.
��������������� Metering Programs. These tools monitor usage
of software on a network and assist in the management of network licenses.
��������������� Systems Management Suites. These
tools combine metering, inventory, and other types of programs in a suite of
software.
The focus and effectiveness
of these products vary widely, and you should evaluate several before making
their final selection. Also, before deciding to license auditing tools, you
should take into consideration such factors as the expected frequency of audits
and other software management benefits the tools may provide to your
organization �and therefore amount of value you will get out of the tools.
Please refer to Appendix B of
this guide for a listing of auditing tools and services.�
Step 2:� Preparing for the Audit
Before beginning an internal
audit, make sure you take the following steps:
��������������� Obtain management�s commitment to support the audit process�and
have them communicate that support to all employees.
��������������� Set a date for the audit.
��������������� Determine which staff members will conduct the audit.
��������������� Locate all PCs in the organization.
��������������� Create the necessary forms. At a minimum, you�ll need:
-���� A memo announcing the
audit, including a schedule of tasks (see Item 1 in Appendix A, , Sample Memo
to Employees)
-���� A
survey form to collect data on software usage (see Item 2 in Appendix A, Sample
Software Usage Survey)
-���� A
summary form to tabulate the results of the software usage survey (see Item 3
in Appendix A, Sample Software Usage Survey Summary)
- A software audit report
template (see Item 4 in Appendix A, Sample Software Audit Report)
- A software audit summary
template (see Item 5 in Appendix A, Sample Software Audit Summary)
��������������� Note any special considerations about the audit environment, such
as security issues (for example, the need to obtain passwords and logon scripts
to access individual workstations) or health and safety concerns (such as the
need to provide hearing and eye protection for those checking computers on the
manufacturing floor).
Step 3: Locating Software
Licenses and Invoices
The next step is to request a
list of your software acquisitions from your vendors. Since software vendors
often record your acquisitions, starting this process by talking to your
vendors can save you work. For each piece of software, ask the vendor to
provide you with:
��������������� Its title and version
��������������� The name of the publisher
��������������� The date acquired
��������������� The purchase order or invoice number
��������������� The price
��������������� An invoice or other record of payment
Your vendors will need time
to collect this data, so try to make the request 10 to 30 days in advance of
when you will need the information.
If the information you need
is not available from your vendors�or you don�t know all the vendors your
organization uses�your accounting or purchasing department will need to collect
this data. They should collect:
��������������� Invoices and end user license agreements for all boxed software products
��������������� Invoices and end user license agreements for all operating system
software that came with new PCs
��������������� Invoices and license confirmations for any Microsoft software
purchased through volume license agreements
��������������� Client Access Licenses�the licenses that give workstations the
right to access software that resides
on a server. You�ll find them in the purchase records for your server software
(or, in the case of Microsoft volume license purchases, in your license
confirmations).
Because some of the software
in your organization may be outdated versions that are no longer in use, you
will need to compare your records of upgrades with the original purchase
receipts to determine the actual number of authorized versions of each product
that are currently in use.
Step 4:� Analyzing (or Writing) Policies and
Procedures
Once an organization has 25
or more PCs, it�s a good idea to put software policies and procedures in
writing in order to avoid loss and waste�and
then to formally communicate these policies and procedures to your employees.
Your next step, then, should be to review any written procedures your
organization has to ensure that they are up to date and accurate�and to
determine any changes that need to be made to better meet your organization�s
current needs.�
If your organization has no
written policies or procedures, this is the time to write them. While the
number of policies and procedures your organization needs will depend on its
size, scope, and culture, at a minimum they should cover the following points:
��������������� Software use and copyright policy. Is there a clear and enforceable policy on copyrighted software?
Creating and communicating a policy on software use and copyright enforcement
is an important step in reducing the organization�s liability for copyright
infringement. (See Item 6 in Appendix A, Sample Software Policy Statement, for
an example of such a policy.)
��������������� Procurement policies and procedures. How do employees request copies of software or upgrades of existing
programs? Specifically:
-����� Who makes the acquisition decision�and based on what criteria?
-����� From which vendors is the software acquired?
-����� What effort does your organization make to find the best
pricing?
��������������� Software installation procedures. Who is responsible for the software once it arrives at the
organization? Who records serial numbers, sends in the registration, and
records this information?
��������������� Training procedures. Is
training done internally or is it outsourced? Who is responsible for planning
and organizing the training?
��������������� Personal software. Does
the organization permit personally owned software to be installed on its PCs?
If so, under what conditions?
��������������� Disposition of software. What
happens to the old copies of software that has been upgraded or is no longer
used?
Step 5:� Surveying Software Usage�
The next step is to survey
your employees to find out more about their software usage. Such a survey will
give them the opportunity to provide you with feedback about what their
software needs are. It can help you identify any unmet training needs;� determine whether you need to provide
additional software to increase employee productivity and job satisfaction; and
highlight any burdensome policies or procedures that need to be changed.� See Item 2 in Appendix A, Sample Software
Usage Survey, for a sample user survey form, and Item 3, Sample Software Usage
Survey Summary, for a template you can use to summarize the results of the
survey.
Step 6:� Performing the Physical Audit
The physical audit involves
checking each workstation and server in your organization to determine what
software is installed on it. As pointed out in Step 1, you can save a great
deal of time and effort by using one or more auditing tools to help you carry
out this task. Auditing tools are handiest in a networked environment, where
they can go out to every hard drive on the network and compile a list of all
installed programs�or monitor software usage on every machine, documenting each
program as it is launched. Even for PCs such
as laptop units, which may not be connected
to a network, an inventory-type audit tool installed on the system can
print out a list of all the programs on that system.
NOTE: �Inventory�-type
auditing tools generally look for executable files that match a list of known
software programs. While such tools can be very helpful, they are not
infallible�so it�s good to use a metering tool as well, which will catch
programs as they are launched.
The physical audit is a
three-step process:
1.
Survey and record all installed software.� This
step involves either using an auditing tool or performing a manual inspection
to inventory all the software installed on your organization�s workstations and
servers.� See the Sample Software Audit
Report Template (Item 4 in Appendix A) for a form you can use for this purpose.
2.
Compare installed software with licenses. The next step is to compare the list of installed software you
have just compiled with the list of software licenses and invoices you compiled
in Step 2. See Item 5 in Appendix A for a form you can use to record your
findings.
3.
Review the results with employees. �The final step is to hold
an employee meeting to discuss your organization�s software policies. Explain
which software programs belonging to your organization employees may use at
home�and what the policy is regarding installing personally owned software on
the organization�s systems.
Step 7:� Preparing the Audit Report
The final step of the audit
process is to summarize the findings in a form that you can use when you
prepare the software management plan. Again, see Item 5 in Appendix A for a
template you can use to summarize your findings.
The audit report will provide
the answers to these critical questions:
��������������� Do the results of the physical inventory match your records of
software acquisitions?
��������������� Are there any unauthorized copies that need to be legally
acquired?
��������������� Did the audit staff find surplus software that could be disposed
of or reallocated?
��������������� Are there any employee comments that that management should act
on?
Keep these audit reports for
future reference, in case questions arise later.
Developing a Software Management
Plan
Once
you�ve completed your audit, the software management team should be ready to
draft your organization�s software management plan. The software management
plan analyzes the input and information you collected during the physical audit
and the software usage survey to provide a concise look at how your
organization currently invests in software, how the investment process could be
improved to yield better returns, and what steps are necessary to attain that
improvement. It should include, at a minimum, the following elements:
��������������� Executive Summary:� A brief overview of the major elements of the plan for quick
review by senior management. This section should summarize the plan�s
objectives, the current situation, the corrective steps that need to be taken
to remedy any problems uncovered by the audits, and the benefits your
organization will realize from imple�menting the plan.
��������������� Objectives:�
A
brief description of the objectives of your software management plan. Examples
include:
-���� Significantly decrease our potential
liability for software copyright infringement
-���� Centralize software purchasing to realize
cost savings from volume licensing
��������������� Situation Analysis: �A brief description of how your organization currently acquires,
distributes, and uses software.� This
section should include:
-���� A summary of the process used for
requesting, acquiring, and distributing software with your organization.� In particular, this section should identify
any bottlenecks in the process, since the more restrictive the process is, the
more tempted users are to bypass it�and that can lead to higher costs and
inefficiencies. This section should also identify any parts of the process that
need further tightening, since a process that is too informal can result in
haphazard and inefficient purchasing.�
-���� The results of the software audit,
including a summary of software used, licenses purchased, and any license
deficiencies uncovered by the audit.�
-���� A summary of the results of the software
usage survey, together with any insights gathered as a result of this step.
��������������� Strategies and Implementation: �The corrective steps that need to be taken to accomplish your
objectives�and the methods for doing so.�
For example, if one of your objectives is to reduce your organization�s
liability for software copyright infringement, you may want to include an
action item to acquire any missing licenses. For each objective, you should
specify the strategies that you plan to apply to achieve that objective and how
you will assign, manage, and execute any follow-up actions that are necessary.
��������������� Benefits: A summary of the benefits your organization will
realize from implementing this plan. While some benefits may be specific to your
organization, many are generic in nature and will apply to most
organizations.� See �The Solution:� A Software Management Program� in Section 1
of this guide for some general benefits.
See Item 7 in Appendix A for a sample Software Management Plan.
Gaining Management�s Approval
One
of the primary benefits of developing a software management plan is that it
will help you make substantive changes that will improve your organiza�tion�s
return on its software investment. If you can quantify the cost savings you
expect to achieve through the plan, you will find it easier to gain the support
of senior management.�
To
do so, develop a presentation for senior management based on the Executive
Summary in your software management plan.�
The presentation should summarize the objectives of the plan, the
results of the software usage survey and physical audit, the corrective actions
that need to be taken, and the benefits that you expect to achieve by
implementing the plan. You will probably get the best results if you have the
senior management member of your committee lead the presentation.
You
will also need to gain the cooperation of other departments within your
organization.� You might want to start
by preparing a memo to be sent to all employees, explaining in brief what the
software management program is, how it will be carried out, and how improved
software management will benefit them. (For example, it will provide them with
the tools they need to perform their work efficiently while also protecting
their organization from the legal risks of piracy�risks that could result in
job loss.)�
You
could then invite those who would like more information to attend a
presentation at which you will present more detailed information.� Members of the software management team and
external auditors (if you are using them) should be present at this meeting to
answer questions.
Implementing
the Plan:� Taking Corrective Actions
While
some corrective actions can be taken immediately (for example, the replacement
of outdated versions of software with upgraded versions and the removal of
copies of unauthorized software), others will need to be addressed later. The
software management plan should clearly identify any such prob�lems and what
corrective actions need to be taken to resolve them. Then, as soon as senior
management has reviewed and approved the plan, the software management team
should begin taking these corrective actions. Such actions might include:
1.
Replacing obsolete copies with current versions. If, during the audit or
software usage survey, you discovered employees using out-of-date copies of
software, now is the time to upgrade them.
2.
Amending software acquisition procedures. It is not unusual to find
that software acquisition is not well coordinated from one department to the
next.� In such a case, a revised
approach�such as centralizing the software acquisition function to take
advantage of volume licensing options�could lower costs.
3.
Acquiring new software. The software usage survey may uncover situations in which
employees do not have the tools they need to do their jobs effectively. In such
cases, you will need to acquire and install the necessary software.
4.
Authorizing additional copies. If the audit or software usage survey
identified users who have installed the organization�s software on a secondary
machine (whether owned by the organization or by the user), verify whether the
licenses for those programs permit their use on an additional machine.� If they don�t, then you will need to remove
the software from the secondary machine�or purchase another license.
5.
Reassigning software. Copies of software not in use will need to be reassigned to other
workstations or removed for storage in a central location, where they will be
available to others who may need them.
6.
Resolving flagrant violations. Software copyright infringement is often the
result of ignorance of the law, inadequate policies, or inadequate enforcement
of existing policies. But if your audit uncovers more serious problems�such as
flagrant and deliberate violation of the law on the part of one or more
employees, or direct and intentional theft of company property�then you will need
to take immediate corrective action, up to and including terminating the
employee and referring the matter to legal authorities. If your organization
appears to tolerate flagrant violation of the law, the occurrence of such
violations is likely to increase. And when an organization�s employees break
the law, the organization puts itself and its officers at risk as well, as they
may also be held liable for the violations.
Continuing
the Software Management Program
The
software management program is a continuous business activity. Once the team
has been formed, the physical audit and usage survey performed, and the plan
written and adopted, the strategies contained in the plan will drive the
software management program through its life cycle.
While
the implementation process will resolve any immediate concerns, the plan may
also identify more significant, longer-range issues that will take more time to
carry out. In addition, as with any plan, you will need to update your software
management plan periodically�to reflect new or revamped policies and
procedures, new versions of existing software brought into the organization,
and even entire new classes of software that the organization starts to use.
You will also periodically need to repeat your audit of software licenses and
usage. You can streamline the auditing process by combining software audit
updates with other tasks, such as financial audits.
The
specific components of your software management program that will need ongoing
management will depend on your organization and the plan you have put together.
However, at a minimum, you will want to take a periodic look at:
��������������� The software management team
��������������� Software management procedures and policies
��������������� Ongoing software management
Each of
these components is discussed further below.
The
Software Management Team
Once
your organization has implemented its software management plan, the software
management team has fulfilled its primary function�which was to provide input,
guidance, and resources for carrying out the audit and creating the software
management plan. In some cases, it�s now time to disband the team so that the members can focus their full
attention on their respective jobs.
On
the other hand, the software management team is an important communi�cations
link between the IT department and the rest of the organization. After working
together through the process of the audit and the plan, this group now
represents an invaluable asset in which the organization has invested a signifi�cant
amount of time and money.� Consequently,
you may want to consider leaving the team in place to receive ongoing feedback
from employees, solicit ideas and opinions, and communicate those suggestions
back to management as changes are implemented.
Software
Management Procedures and Policies
Although
your organization may already have made many minor changes in how it acquires,
distributes, and uses software, global decisions need to be implemented more
slowly and may require more research. These include:
��������������� New acquisition procedures. In many organizations,
control of soft�ware assets has been decentralized to department managers, who
may not know how many copies of a specific software program are on hand within
the organization. Therefore, they may request more copies when possibly another
department has unused copies. This decentral�ized approach to software
acquisition may also result in the acquisition of expensive single-user copies,
instead of realizing the cost savings available from multiple-license packages
or volume license agree�ments. Fine-tuning the acquisition process can help
your organization save money while also ensuring that employees have the
software they need. Through this process, you may also identify ways in which
your organization�s acquisition policies have become unnecessarily burden�some,
preventing users from getting the tools they need in a timely manner.
��������������� Standardization. The inability of employees
to transfer information because of software incompatibilities or a lack of
standardization is a serious obstacle to productivity. Getting the organization
to use common sets of software tools, fonts, and naming procedures for files
can make information transfer less complicated and save thousands of hours per
year.
��������������� Controls over outside use of software. Some license agreements
permit the use of software on secondary laptops for employees performing
legitimate work duties. By knowing what the license agreements for each
software product permit�and implementing policies to achieve and maintain
compliance with these licenses�your organization can extend the value of its
software while also helping to prevent theft and loss. These controls can also
help ensure that software and documentation used by employees who permanently
leave the organization get properly reassigned to new employees, reducing
wasted resources.
��������������� Security and disaster recovery. In spite of good intentions,
security and disaster recovery procedures are usually implemented immediately after
a disastrous virus attack or security breach. By making security and disaster
recovery procedures a vital part of your ongoing software management plan, your organization may be able to
avoid many losses.
Ongoing
Software Management
As
much as 50 percent of an organization�s software can undergo change within a
year. These changes include the acquisition of new types of software and new
versions of existing software, as well as the addition of new vendors. The
arrival and departure of employees will also add to the state of flux for
software needs. Because of so much ongoing change, it�s a good idea for all
organizations to periodically evaluate their software usage
There
are two possible ways to deal with the continuing need for software management:
��������������� Perform a fast implementation. With this approach, the
organi�zation conducts the entire software audit in all the company�s
departments at the same time each year. This method is faster than the rolling
implementation and provides a more current picture of the licensing status of
an organization. However, depending on the size of the organization and audit
resources deployed, it may be more disruptive to the organization.
��������������� Perform a rolling implementation. With this approach, the
organi�zation conducts the software audit on a rolling basis, auditing each
department at a different, preset time throughout the year. This approach
reduces the overall disruption of the organization and allows audits to be
scheduled to accommodate the needs of the IT department. However, it usually
works best for organizations that use an internal, rather than external, audit.
Organizations using an external service provider may prefer either a fast
implementation or some combination of a fast and rolling implementation to keep
costs down.
Section 3�Understanding Copyright Laws
Every discussion of software
usage touches at some point on the concepts of copyright and license
agreements. Yet most IT professionals are unclear about what the term
�copyright� means and how it affects the licenses under which the organization
uses its software.
In the simplest terms,
�copyright� means �the right to copy.� Copyrights are one of the forms of
protection that apply to �intellectual property��that is, some expression,
idea, or thing that results from intellectual effort. Intellectual property
includes not only inventions that are covered by patents, such as new and
useful processes or machines, but also such items as trademarks, logos, and pub�lished
works. In general, a copyright is a protection under law for specific types of
�works,� including such creations as computer programs, books, plays,
choreography, pictures, audiovisual depictions, sound recordings, and
architectural renderings.
Although most copyrighted
works do not need to be registered with the government in order to be
protected, many authors today register their works. Registration enhances the
ability of the author to sue anyone who infringes on the copyright (that is,
anyone who makes an illegal copy) and to collect damages and attorney�s fees
from the infringer.
It�s worthwhile for IT
professionals to take the time to develop a good understanding of copyrights
and license agreements.� Such an
understanding not only will help you establish policies and procedures to
prevent illegal use of software, but also will help you take full advantage of
your software licenses, so you can order and distribute software more
effectively.
The remainder of this section
discusses United States copyright law, Canadian copyright law, and resources
available to help you gain a better understanding of copyright law.
United States Copyright Law
The laws of the United States
that cover the management of copyrights are found in the United States
Copyright Act�Title 17 of the United States Code. These laws, which cover
software from the moment it is created, prohibit making or distributing copies
of software without the permission of the copyright owner.
Section 106 of the Copyright
Act gives the copyright owner the exclusive right to make or distribute copies
or adaptations of the work or publicly perform or display the work. No one else
may perform any of these acts without permission from the copyright owner. The
copyright owner is typically either the author of the work or�as is typical for
most software products�the business organization that employed the author. In
the latter situation, the work is often referred to as a �work for hire.�
The Copyright Act was amended
in 1980 to explicitly include computer software programs. Additional copyright
protection comes from the Software Rental Amendments Act, passed in 1990. This
act prohibits the commercial rental, leasing, or lending of software without
the express written permission of the copyright holder.
Rights of Copyright Holders
In brief, United States law
prohibits duplicating software for profit, making multiple copies or
installations for use by different users within an organiza�tion, and
transferring an unauthorized copy to another individual. If caught with pirated
software, the individual or company may be liable under both civil and criminal
law.
Under its civil provisions,
the Copyright Act enables copyright owners to recover damages from anyone who
violates their exclusive rights. Those who commit �infringement� violations
(described in section 501 of the Act) have to pay the copyright owner any
profits attributable to their infringement and any actual losses suffered by
the copyright owner�or else statutory damages of up to US $100,000 for each
work whose copyright they infringed (at the copyright owner�s choice).
Copyright trials under
criminal law are covered by Titles 17 and 18 of the United States Code, which
institute criminal penalties for software copyright infringement. Under these
laws, the unauthorized reproduction or distribution of 10 or more copies of software with a total retail value exceeding
US$2,500� if done willfully and for
the purpose of either commercial advantage or private financial gain�is a
federal crime that can carry criminal penalties of as much as
US$250,000�plus up to five years in jail.
�The United States Government has been an active participant in
protecting the rights of copyright owners. As an example, when the Business
Software Alliance conducts a raid at an organization�s business premises,
federal marshals or local law enforcement officers also participate. Federal
judges have shown their intolerance of copyright violators by handing down
increasingly large damage awards against infringers. As part of this trend,
companies requested to do self audits by the BSA have recently paid substantial
penalties for past infringement, including a $403,500 settlement
by Budget Rent-a-Car and a $525,000 settlement by the Oriental Trading Company
in late 1998 and early 1999, respectively.
Duration of a Copyright
For any work created after
January 1, 1978, the duration of the copyright depends on how many people
created the work�and under what conditions:
��������������� For works created by a single author, the copyright lasts the
lifetime of the author plus 50 years.
��������������� For works created by more than one person, the copyright lasts the
lifetimes of all of the authors, plus 50 years after the death of the last
author.
��������������� For works created by an unknown author, by someone using a pen
name, or by someone hired to do the work (�works for hire�), the copyright
lasts for 75 years after the year of first publication or 100 years after
creation, whichever comes first.
Works created before 1978 are
governed by different rules. However, since these rules do not apply to PC
software, we won�t go into them here.
Canadian Copyright Law
Before 1988, Canadian courts
determined copyright protection of computer programs on a case-by-case basis.
In 1988, Parliament amended the Canadian Copyright Act to expressly include
computer software programs in its defini�tion of literary work. This amendment
clearly confirms that software is entitled to copyright protection under
Canadian law.
The Canadian Copyright Act
specifically prohibits making unauthorized copies of software programs without
the consent of the copyright owner. The only exceptions are a user's right to
(1) make a backup copy or (2) adapt a program to another computer language to
make it compatible with the user's computer. Both of these exceptions are
limited to a single copy for personal use that must be destroyed when the user
is no longer the original owner.
The Canadian Copyright Act
also makes it an offense to knowingly produce, distribute, or import for sale
copies of computer programs that infringe on an owner�s copyright.
Finally, effective January 1,
1994, a rental right was added to the Canadian Copyright Act. In the case of
computer programs, the rental of a computer program without the copyright
owner�s permission constitutes copyright infringement.
Under Canadian law, an
individual or company caught with pirated software may face civil and criminal
penalties. Civil law permits the court to issue an injunction against a
copyright infringer ordering him or her to immediately stop the illegal
activity, to pay damages if applicable, and to surrender any profits received
to the copyright owner. Criminal penalties for copyright infringement include a
fine of up to CN$1 million, a jail term of up to five years, or both.
Additional Copyright Resources
You
can gain a more in-depth understanding of copyrights and license agreements
from brochures, training programs, and videotapes available from the leading trade
associations serving the software industry. For more information, contact:
q�������������� BSA (The Business Software Alliance)
1150 18th
Street NW Suite 700
Washington, DC
20036
202-872-5500
(voice)
202-872-5501
(fax)
1-800-688-2721
(piracy hotline)
E-mail:� piracy@bsa.org
q�������������� CAAST (The Canadian Alliance Against Software
Theft)
PO Box 6272
Station A
Toronto, Ontario
Canada M5W 1P7
800-263-9700
(hotline)
q�������������� SIIA (Software Information Industry Association)
1730 M Street
NW, Suite 700
Washington, DC
20036-4510
800-388-7478
(voice)
202-223-8756
(fax)
E-mail: piracy@spa.org
www.siia.net
q�������������� ASP (The Association of Shareware Professionals)
157-F Love Ave.
Greenwood, IN
46142
317-888-2194
(voice)
317-888-2195-2765
(fax)
E-mail: execdir@asp-shareware.org
www.asp-shareware.org �
All of these associations are active both in educating organizations
about the requirements of copyrights and licenses and in monitoring compliance.
Appendix
A:
Sample Forms and Documents
The
following forms and documents may be helpful in organizing for and conducting
your software audit.� These forms are
guidelines only, and organizations should feel free to create or use any form
that meets their needs, as long as it provides them with the necessary audit
and inventory information.�
1.� Sample Memo to Employees
Date:
To:���������� All Employees
From:������ IT Department
Subject:�� Audit of Computer Software
During the month of ___________, the
Information Technologies Department will conduct our annual audit of software
used by our company. Your department is scheduled to be visited on
____(day)__________, _____(date)__________. The purpose of the audit is to
determine what software is in use at each workstation and whether the licenses
exist for each program.
In order to make the audit less
disruptive to your workday, we will try to accomplish these tasks as quickly as
possible.
The result of the audit will be a
more accurate accounting of our software assets. This will enable us to do a
better job of budgeting for future software acquisition, acquire software more
cost effectively, and free up funds for other resources.
Your cooperation is greatly
appreciated.
2. Sample Software Usage
Survey
Software
Usage Survey
The following is a short survey intended to help us determine how
you are using software on your PC and how we can assist you by providing the best
tools for your job. Your input and participation are appreciated.
1. List the
software programs you use most often in your work:
�������� ______________________________________hours
per day�
�������� ______________________________________hours
per day
��������������� ______________________________________hours
per day�
��������������� ______________________________________hours
per day�
��������������� ______________________________________hours
per day�
��������������� ______________________________________hours
per day�
2. What
software do you need that you do not currently have?
__________________________________________________
3. What
software do you want that you do not currently have?
__________________________________________________
4. Are you
currently using any company software on your home computer?�
_ Yes� _ No
5. Are you
currently using any personal software on your office computer?�
�_ Yes�
_ No
6. We
appreciate any other comments you may have about acquiring or using company
software:
________________________________________________________________
________________________________________________________________
________________________________________________________________
3. Sample Software Usage
Survey Summary
Summary of
Software Usage Survey Results
Section 1:� Software
programs used most often.
|
Software Program Title |
# of employees using |
|
Average hrs/week used2 |
Authorized/Not Authorized |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 Total hours per week used by all employees.
2 Average hours per week per employee (= total hours divided by
number of respondents).
3 Installed at the direction of the organization (authorized) or by
employee�s personal decision (not authorized).
Sections 2 & 3: Software
programs requested as necessary or wanted.
|
|
|
|
Departments with employees
who need or want it |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
�
Sections 4, 5, and 6:� Use of company and home software; comments.
7. Number of
employees using company software on their home computer: _______
8. Number of
employees using personal software on company computers: _______
9. Any other
comments:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
4. Sample Software Audit
Report
This
template is designed for use with every PC, workstation, and server visited as
part of the software audit.� If you use
a software audit tool, it will capture much of the needed information; if you
are not utilizing an audit tool you will need to obtain this information by,
physically surveying the hard drive of the machine. Instructions for using this
template follow the template itself.
Software Audit Report
Section 1: Audit Location & Contact
Profile: ���������� 1. Date:���������������������� Time:�������������������������
|
2 |
Department/Business Unit/Division Name: |
|
|
3 |
Site Location: |
|
|
4 |
Contact Name: |
|
|
5 |
Employee Telephone Extension: |
|
|
6 |
Company ID or position: |
|
|
7 |
Audit Software Used: |
|
Section 2: PC, Workstation, or Server Operating System &
Application Software Profile:
|
8 |
9 No. |
10 No. |
11 Name |
12 Size |
13 Date |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Instructions for Completing the Software
Audit Report
(Section 1)� Audit Location & Contact Profile:
1.
Enter the
specific date and time that each individual PC, workstation, or server was
visited for the purpose of data capture.
2.
Enter
the specific name of the department, business unit, or division of the
organization where the software audit is taking place: e.g. Sales Division,
Finance Department, Operations Business Unit.
3.
Enter
the site location: e.g., Trent Bridge Fifth Floor SW Wing.
4.
Enter
contact name. This should be the person responsible for the day-to-day use of the
PC, workstation, or server being audited.
5.
Enter
the title, telephone number, and fax number of the contact person.
6.
Enter
the company ID for the contact person: i.e., the personnel number or security pass
card number. (Whatever ID method you choose, this should remain consistent
across the software audit report.)
7.
If you
are using a software audit tool to capture the data from this PC, workstation,
or server, enter its name here.
(Section 2) PC, Workstation, or Server
Operating System & Application Software Profile:
8.
Enter
the publisher and name of the software product (e.g., Microsoft Word).
9.
Enter
the version number of the software product (e.g., 97).
10.
Enter
the serial number of the software product.
11.
Enter
the name of the software product�s executable file (e.g., WINWORD.EXE).
12.
Enter
the size of the executable file (e.g., 5.2 MB).
13.
Enter
the installation date if known.� (If you
are using audit software, use the date stamp it provides.).
5. Sample Software Audit
Summary
This
template is designed to assist you in tabulating data gathered during your
software audit, analyzing results, and implementing any needed corrective
actions. Instructions for using this template follow the template itself.
Summary of Software Audit Results
(Section 1) Summary of Audit Location & Contact
Profile:����������� Date:��������������
|
2 |
Company
name: |
|
|
3 |
Department/business
unit/division name: |
|
|
4 |
Address: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
Postal
code: |
|
|
6 |
Certification
contact name: |
|
|
7 |
Telephone
number: |
|
|
8 |
Fax
number: |
|
|
9 |
Company
ID or position: |
|
(Section 2) Software
Summary:
|
Software Summary Report |
|
||||||||||||
|
Software Product Profile |
Software
Licensing Summary |
|
|||||||||||
|
|
|
# of Instal�lations |
|
|
|||||||||
|
|
|
|
|
EU |
ML |
OL |
SL |
OEM |
I |
Unlicensed |
|||
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|||
Instructions for Completing the Template
(Section 1) Audit Location &
Contact Profile
1.
Enter the
date the audit summary was prepared.
2.
Enter the
name of your organization.
3.
If the
summary does not apply to the entire organization, enter the name of the
department, business unit, or division to which it applies.
4.
Enter the
entire address for the company or business unit.
5.
Enter the
postal (ZIP) code that goes with the address.
6.
Enter the
contact name. This should be the person responsible for the day-to-day use of
the PCs, workstations, or servers being summarized
7.
Enter the
telephone number of the contact person.
8.
Enter the
fax number of the contact person.
9.
Enter the
title or position of the contact person.
(Section 2) Software
Summary
This section records the total
number of copies and the type of license for each software program in use by
the organization. The licensing terminology is that used by Microsoft
Corporation for its licenses. In the section marked Software Product Profile
enter the following information for each software product identified through
the software audit:
1.
Name
2.
Version number
3.
Number of copies of this version
Use the Software Licensing Summary
to enter the number of licenses of each type that have been tracked and
identified for the software listed in the Software Product Profile
columns.� The meanings of the
abbreviations are as follows:
1.
EU = End-User License Agreement: Intended for use of a
single application product on a single computer.
2.
ML = Microsoft License Pack: Authorizes the making and use of
one additional copy of a specified, previously licensed Microsoft product. This
product does not contain any discs. For example, if you work in a small company
with two PCs and need to use Word on both computer systems, you could acquire a
single copy of Word and a Microsoft License Pack for Word that would allow you
to legally install the product on the first PC, as outlined in the Word end
user license agreement, and on the second PC, as outlined in the Microsoft
License Pack license agreement.
3.
OL = Microsoft Open License Program: For
customers that require a larger number of licenses, often for a variety of
Microsoft� products.
As with the Microsoft License Pack, a single product unit is used as the master
copy to install the number of product copies allowed under the Open License
agreement. The Open License agreement can be used for either application or
system products and for as few as 10 PCs.�
The number of Open licenses purchased is documented on the Open License
confirmation statement you received from Microsoft and/or via the eMOLP site at
https://emolp.Microsoft.com/.
4.
SL =
Microsoft Select License: Intended for large-volume organizations that
are willing to forecast the product volumes within each product pool
(applications, systems, and server products) that they expect to acquire over
the two-year term of the agreement.� By
doing so, they can significantly lower the cost of software acquisition.� The number of Select licenses purchased is
documented on the Select License confirmation statement you received from
Microsoft.
5.
OEM � Original Equipment Manufacturer: Licenses
you have received with the purchase of your computer hardware, primarily
operating system licenses.� These end
user license agreements are included in the box your hardware came in.
6.
I = Invoice: Software licenses for which you have been
unable to locate the end user license agreement, license confirmation, or other
proof of license, but have been able to track the purchase back to the invoice.
7.
Unlicensed: Installed software products for which there
are no corresponding records.
6. Sample Software Policy
Statement
[Organization] Policy on Use of Software
1.
[Organization] has licensed copies of computer software from a
variety of publishers. Licensed and registered copies of software programs have
been placed on computers within the organization and appropriate backup copies
made in accordance with the licensing agreements. No other copies of this
software or its documentation can be made without the express written consent
of the software publisher.
2. [Organization]
will provide copies of legally acquired software to meet all legitimate needs
in a timely fashion and in sufficient quantities for all of our computers. The
use of software obtained from any other source could present security and legal
threats to the organization, and such use is strictly prohibited.
3.
In some cases, the license agreements for a particular software
program may permit an additional copy to be placed on a portable computer or
home computer for business purposes. Employees will not make such additional
copies of software or documentation for the software without the approval of
[organization�s] Information Technologies Department.
4.
The unauthorized duplication of copyrighted software or
documentation is a violation of the law and is contrary to established standards
of conduct for [organization] employees. Employees who make, acquire, or use
unauthorized copies of computer software or documentation will be subject to
immediate discipline, up to and including immediate termination of employment.
5.
[Organization] reserves the right to protect
its reputation and its investment in computer software by enforcing strong
internal controls to prevent the making or use of unauthorized copies of
software. These controls may include frequent and periodic assessments of software
use, announced and unannounced audits of company computers to assure
compliance, and the removal of any software found on [organization�s] property
for which a valid license or proof of license cannot be determined, and
disciplinary actions, including termination, in the event of employee violation
of this policy.
7. Sample Software Management
Plan
XYZ Corp. Software Management Plan
In March 1998, a software management team composed of employees
from major departments throughout XYZ Corp. conducted the organization�s first
comprehensive review of how XYZ Corp. has acquired and distributed the computer
software required to fulfill its mission.
This review involved a physical audit of all software in use
throughout the organiza�tion; a review of policies and procedures for software
acquisition, distribution, and maintenance; and the creation of a software
management plan. The overall objective of the plan is to enable XYZ Corp. to
maximize the return on its investment in software.
As a result of this effort, the IT Department will initiate
projects this year to achieve the following goals:
��������������� Centralize software
purchasing to realize the cost savings from volume licensing.
��������������� Decrease significantly XYZ
Corp.�s potential liability for software copyright infringement.
��������������� Consider granting certain
employees Internet access to increase job satisfaction and productivity.
The XYZ
Corp. software management plan has three major objectives:
1.
Reduce software costs by centralizing purchasing.
2.
Reduce potential liability from employee copyright infringement.
3.
Consider granting Internet access to those employees for whom this
function is critical to their job functions.
Situation Analysis
XYZ Corp. made its first investment in personal computers in 1986
and has since invested in adding and upgrading units, which now total 486 PCs
located throughout XYZ Corp. headquarters facility and its four national field
offices.
In 1995, its
PCs were connected via local area networks (LANs), with remote access
interconnections between the LAN at headquarters and those of the national
field offices.
Over the past decade, significant changes have been made to XYZ
Corp.�s operating systems and applications, making them more valuable to the
organization and its mission. The changes have included using the Windows NT� Server as a
platform for the LANs, implementing the Windows� 98 graphical environment,
standardizing on a single suite of primary applications, and implementing
workgroup software for improved communication and workflow. At the same time,
the software industry initiated pricing changes and new licensing agreements
that provide opportunities for XYZ Corp. to make better use of its software
assets.
In March, an XYZ Corp. software management team composed of
representatives from departments throughout the company began developing a
software management plan designed to guide the organization�s use of software.
As part of the planning process, a comprehensive software audit
was conducted throughout the organization, and all existing policies and
procedures related to software acquisition, distribution, training, and use
were reviewed for their relevance and effectiveness. A summary of the audit
findings is shown in Figure A [insert Software Audit Summary].
At the same time, the team conducted the first survey of XYZ Corp.
employees who use PCs to determine what software was in use and how well it
performed in supporting the mission. A summary of the survey results is shown
in Figure B [insert Summary of Software Usage Survey Results].
Overall, the audit and survey show a high level of comfort with
existing policies and procedures. However, there are problems with illegal
duplication of software, indicating a need for stronger compliance and
anti-theft procedures. During the audit, 59 unaccountable software programs
were found on XYZ Corp. computers. Discus�sions with the employees involved in
each incident indicate that copies were made, in part, because XYZ Corp. does
not have a clear policy in place to communicate the requirements of copyright
law to employees. Establishing such a policy is important because, under U.S.
law, software copyright infringement on the part of XYZ Corp. would make the organization
liable for damages, even though the infringement is not deliberate. Fines on
these copies could exceed $500,000 if the organization is found guilty of
criminal actions with respect to these unauthorized copies.
In addition, the audit showed that
decentralized purchasing has led to expensive purchases of individual
licenses.� For example, 130 units of
Microsoft Office Professional full retail product were acquired by various
departments and individuals
within the company, when the company could have achieved significant discounts
through volume licensing options.� This
discovery highlights the need to centralize this function to achieve better
volume license pricing.
Furthermore,
we have found that employees would like Internet access and feel that they can
more efficiently perform their job functions with such access.�
Strategies and Implementation
Following are our plans for achieving the three objectives of the
software management plan.
1.
Reduce software expenses.
Strategy:
During 1998, XYZ Corp. will upgrade to new versions of the
following software:
��������������� Microsoft Windows
��������������� Microsoft Office Professional
��������������� AutoCAD
��������������� cc:Mail
Implementation:
Implement policies and procedures for software, including
designation of an �owner� of all software acquisition for the company.� Members from the IT Department should work
with Purchasing to ensure that the software is acquired in the most
cost-effective manner.
Communicate to all employees the newly formed policies for
centralized acquisition of software and the contact person responsible for such
acquisition.
2. Reduce liability for copyright infringement.
Strategy:
XYZ Corp. will establish the following corporate policy for software
use:� [insert Corporate Policy on Use
of Software]
Implementation:
This policy will be coordinated with Human Resources Department
for distribution to all employees.
3. Consider granting Internet access
for those employees where this function is critical to their job functions.
Strategy:
In the software usage survey, many employees indicated that
Internet access would help them to more effectively and efficiently perform
their job functions.� Further
investigation will be conducted to determine the precise number of employees
requesting Internet access, the particular job functions that will be enhanced
through this access, and the related costs of such access.
Implementation:
Human Resources will follow up with engineering and administrative
staff and will survey the need for Internet access.
IT Department will perform a cost analysis for Internet access as
well as determining hardware and software requirements.
Benefits
In addition to the obvious benefits of saving money through
centralized purchasing and lessening legal risk and liability by ensuring XYZ
Company is fully licensed for all installed software, there are other benefits
to the software management plan.� These
include:
Helping justify new technology.� In the absence of a documented framework for software acquisition
and use, XYZ may have made subjective and unsupported software acquisition
decisions.� The software inventory and
resulting management plan will help justify upcoming software investments and
streamline the acquisition process.
Improvement of employee morale.�
A major source of employee dissatisfaction is frustration in not
having the necessary software tools to adequately and efficiently perform job
functions.� Granting certain XYZ
employees Internet access will help improve morale and job satisfaction.
Appendix B:
Software Auditing Tools and Services
Software Inventory and
Metering Tools:
ABC Systems and Development,
Inc.�
(LanLicenser v3 Metering Tool)
25 Burlington Mall Road
Burlington, MA� 01803
781-270-0699 (voice)
781-238-6756 (fax)
E-mail: marketing@abcsystems.com
Attest Systems, Inc. (GASP v5.0 Inventory Tool)
100 Rowland Way, 2nd
Floor
Novato, CA� 94945-5011
415-209-1700 (voice)
415-898-6623 (fax)
E-mail: info@gasp.com
Business Software Alliance (SoftScan Inventory Tool)
1150 18th Street NW,
Suite 700
Washington DC� 20036
202-872-5500 (voice)
202-872-5501 (fax)
E-mail: software@bsa.org
Computer Associates
International, Inc.� (AimIT Asset and Inventory Management
Tool)
One Computer Associates Plaza
Islandia, NY� 11788
1-800-225-5224 (voice)
E-mail: info@cai.com
Funk Software (AppMeter Metering Tool)
222 Third Street
Cambridge, MA� 02142
800-828-4146 (voice)
617-547-1031 (fax)
E-mail: sales@funk.com
Janus
Technologies, Inc.� (Argis Asset Management Tool)
Suite 400, 2000 Cliff Mine Road
Pittsburgh, PA� 15275-1008
412-787-3030 (voice)
412-787-3099 (fax)
E-mail: info@janus-tech.com
Microsoft Corporation
(Microsoft Systems Management Server,
Systems Management Suite)
One Microsoft Way
Redmond, WA� 98052-6399
800-426-9400 (voice)
Pathfinder (The Barefoot Auditor Inventory Tool)
Pathfinder, 227, George,
Lane, Bredbury, Stockport
SK6 1DJ,
United Kingdom
44-161-406-7399 (voice)
44-161-406-7410 (fax)
E-mail: info@pathfind.demond.co.uk
Peregrine Systems (AssetCenter Asset Management Tool)
12670 High Bluff Drive
San Diego, CA� 92130
519-481-5000 (voice)
519-481-1751 (fax)
E-mail: info@peregrine.com
Performance Publishing
Ltd.� (Expert Audit Inventory Tool)
Kille House, Chinnor Road
Thame, Oxfordshire
Ox9 3NU England
44 (0) 1844 215122 (voice)
E-mail: info@ppublishing.com
Software
Information Industry Association (SPAudit / KeyAudit Inventory Tools)
1730
M Street, NW, Suite 700
Washington,
DC 20036
800-388-7478
(voice)
202-223-8756
(fax)
E-mail: piracy@spa.org
Tally Systems Corporation (NetCensus Inventory Tool, CentaMeter
Metering Tool, Cenergy Systems Management Suite)
PO Box 70
Hanover, NH� 03755-0070
800-262-3877 (voice)
781-890-3077 (fax)
Tangram Enterprise Solutions,
Inc.�
(Asset Insight Asset Tracking Tool)
11000 Regency Parkway, Suite 401
Cary, NC� 27511
919-653-6000 (voice)
919-653-6224 (fax)
E-mail: services@tangram.com
WRQ, Inc.� (Express
Software Manager Inventory and Metering Tool)
1500 Dexter Avenue North
Seattle, WA� 98109
800-872-2829 (voice)
206-217-0293 (fax)
E-mail: info@wrq.com
Software Inventory and Asset
Management Services:
Corporate Software &
Technology (License Consulting Services)
2 Edgewater Drive
Norwood, MA� 02062
781-440-1000 (voice)
781-440-7718 (fax
Inacom Corporation (Asset Management Services)
10810 Farnam Drive
Omaha, NE� 68154
800-843-2762 (voice)
E-mail: dmarkle@inacom.com
Micropath Inc.� (Asset Management
Services)
2353 130th Avenue NE
Suite 110
Bellevue, WA� 98005-1759
425-702-1887 (voice)
425-702-3730 (fax)
E-mail: info@micropath.net
Software Spectrum (Zero Footprint Audit Service)
2140 Merritt Drive
Garland, Texas� 75041
800-624-0503 (voice)
972-864-7878 (fax)
Appendix C:
Self-Assessment Survey for Software Management
SELF-assessment
����� survey
For Customers in the
Microsoft Volume Licensing Program
SELF-assessment
survey overview
Find
out how your company�s software
management
measures up.
Microsoft has developed this survey to assist customers in
assessing the administration of their Microsoft Volume Licensing Program. If
your survey results reveal some risk and if internal resources are not
available, it is highly recommended that you contact your Large Account
Reseller and/or an approved consulting firm knowledgeable about Microsoft
Volume Licensing Programs to further analyze your company�s software management
needs and implement a best-practices solution.
Q. What is software management and why should my company care how
it is measured?
Software management is a set of policies, procedures,
technologies, and people within an organization�all working toward a common set
of objectives that allows the organization to take full advantage of all its
software assets. Software management helps the organization reduce legal risks
associated with inadequate management of software licenses and it also presents
potential cost savings.�
Q. What would an organization gain from this self-assessment
survey?
This survey highlights an organization�s current approach to
administration of software assets and compares these procedures with the �best
practices� of other organizations. Based on the results of the survey,
recommendations are made and resources are suggested that could help increase
the efficiency of the organization�s software management program.
Q.� What benefits can be expected
from a properly implemented software management program?
A properly implemented program will optimize an organization�s
investment in software by maximizing the benefits of these resources while
helping reduce costs and lower the risk of copyright infringement. A recent
study (Interpose/IDC 1997) showed that a properly implemented software
management program in a 2,500-PC environment could reduce total cost of
ownership of that organization�s overall desktop computer system by 10 percent
per year using the Microsoft� Windows� 95 operating system and by up to 33
percent using the Windows NT� operating system with the Zero Administration
Initiative.
For a self-assessment of your organization�s current software
management procedures and its administration of the Microsoft Volume Licensing
Program, please turn the page.
Benefits of Software Management
The
benefits of an efficient software management program can include improvements
in:
� Software strategic planning and budgeting
� Managing technological change
� Streamlining technical support/help-desk efficiency
� Reducing losses from theft and misuse
� Cost-effective acquisition strategies
� Disaster recovery plans
� Network maintenance and management
� Reducing risk and liability for intentional or unintentional
copyright infringements
� Reducing or eliminating computer viruses
� Easing the burden of system/licensing administration
How to use this survey
This document is intended to be a general guide on key issues to
be addressed when assessing compliance with the Microsoft Volume Licensing
Program, and its use is entirely voluntary. It provides a general risk
assessment based on answers to a series of questions. The importance of the
answers to the questions varies from company to company; however, taken in
whole, they should help to create a realistic assessment of how an
organization�s Volume Licensing Program is managed.
This document does not address every issue regarding compliance
with the terms and conditions of the Microsoft Volume Licensing Agreement. It
is intended only to be a guide, and a positive result is not a guaranty or
warranty that your company is compliant with all of the terms and conditions of
the Microsoft Volume Licensing Agreement. If internal resources are not
available, it is highly recommended that you contact your reseller and/or a
consulting firm knowledgeable about Volume Licensing to further analyze your
company�s software management needs and implement a best-practices solution.
section 1
Software management strategy
1.����� Does your company have a clearly written
software management policy approved and sponsored by senior management?
�������� Yes___�� No___
2.����� Does your software management policy
include a code of conduct that addresses disciplinary action for its violation?
�������� Yes___�� No___
3.����� Is
the software management policy clearly communicated to all of your employees?
�������� Yes___�� No___
4.����� Does your company have a training program
in place to educate employees on software licensing issues and the software
management policy?
�������� Yes___�� No___
5.����� Are
your employees held accountable for their computer system usage and content?
�������� Yes___�� No___
6.����� Does
your company�s software management policy include a standardized procedure for
acquiring software?
�������� Yes___�� No___
7.����� Does your company�s software management
policy include procedures for securing the software media after acquisition?
�������� Yes___�� No___
8.����� Does
your company�s software management policy include procedures for distributing
the software within the organization?
�������� Yes___�� No___
9.����� Does
your company�s software management policy include procedures for maintaining
and securing software licenses?
�������� Yes___�� No___
10.���� Is
the ownership and maintenance of your company�s software management policy
clearly defined?
�������� Yes___�� No___
section 1
risk rating
Number of Boxes Checked Yes
Low Risk ......................................... 8
or More
Medium Risk
............................................. 5�7
High Risk..................................... Fewer
than 5
section 2
Software management execution
1.����� Does
your company perform periodic audits relative to your software management
policies and procedures to ensure adherence?
�������� Yes___�� No___
�����������
2.����� Is
there one individual within your company who is held accountable for the
company�s software management policies and procedures?
�������� Yes___�� No___
3.����� Does your company maintain accurate
hardware records of its information technology assets (e.g., has your company
conducted an inventory of its hardware within the past 24 months and kept
up-to-date records)?
�������� Yes___�� No___
4.����� Do
you retain a license for the operating system from the hardware vendor for each
new ��� computer your company buys?
�������� Yes___�� No___
5.����� Does
your company maintain accurate records of its installed software (e.g., has
your �������� company conducted an
inventory of its software within the past 24 months and kept
�������� up-to-date
records)?
�������� Yes___�� No___
6.����� Have periodic and random checks of
installed software been conducted to reconcile the actual installed software
against the software inventory?
�������� Yes___�� No___
7.����� Does
your company maintain physical inventory of licenses for all its software?
�������� Yes___�� No___
8.����� Has there been a reconciliation of the
installed software to the actual licenses within the past six months?
�������� Yes___�� No___
9.����� Is there an approval process in place to
acquire and install software, and is this ������ approval
process followed consistently?
�������� Yes___�� No___
10.���� Is
there a system in place to keep track of newly installed software?
�������� Yes___�� No___
section 2
risk rating
Number of Boxes Checked Yes
Low Risk ......................................... 8
or More
Medium Risk
............................................. 5�7
High Risk..................................... Fewer
than 5
section 3
Volume
Licensing administration
1.����� Has
your company appointed an individual to be the Volume Licensing Administrator
for the Microsoft Volume Licensing Program?
�������� Yes___�� No___
�����������������������
2.����� Does this individual have influence over
your company�s software management policies and procedures?
�������� Yes___�� No___
3.����� Does this individual have authority over
the acquisition and distribution of Microsoft licensed software across
organizational and geographical boundaries?
�������� Yes___�� No___
4.����� Is the Volume Licensing Administrator
fully trained in the Microsoft Volume Licensing Program?
�������� Yes___�� No___
5.����� Is access to Microsoft software through
any means (CD or server installation) restricted and closely monitored?
�������� Yes___�� No___
6.����� Is
Microsoft licensed software distributed only after requests are properly
approved?
�������� Yes___�� No___
7.����� Is the product type, quantity, country of
usage, and distribution date of installed Microsoft licensed software
accurately monitored, logged, and kept throughout the company?
�������� Yes___�� No___
8.����� Are
your company�s Microsoft licensed software usage logs consolidated monthly and
usage for each Volume Licensing Enrollment submitted to the respective
reseller?
�������� Yes___�� No___
9.����� Are Microsoft-issued license confirmations
reconciled with your company�s submitted usage reports?
�������� Yes___�� No___
10.���� Does your company notify Microsoft, through
the enrollment form or in a letter, of eligible affiliates that are using
licenses acquired under your Volume Licensing Enrollment?
�������� Yes___�� No___
section 3
risk rating
Number of Boxes Checked Yes
Low Risk ......................................... 8
or More
Medium Risk
............................................. 5�7
High Risk..................................... Fewer
than 5
Survey assessment
A.���� �Low
Risk� in All 3 Sections:
�������� It is likely that an adequate software
management program is in place, software licenses are tracked, and Microsoft
Volume Licensing Agreement terms are met.
�������� Recommendation:
Continue to maintain and improve your
software management program and work closely with your reseller to keep abreast
of the latest developments and technology in this area. Also visit the Web
sites listed on the last page for tips and tools on managing your soft�ware and
administering your Volume Licensing program in accordance with the terms and
conditions of your Volume Licensing agreement. In addition, please provide
Microsoft with your feedback through your reseller. We welcome suggestions you
may have to improve this licensing program.�
B.���� �Medium
Risk� in 2 or 3 Sections:
It is likely that some components of your
software management program are not in place, software licenses are not
adequately tracked, and Microsoft Volume Licensing Agree�ment terms might not
be met. Also, your company might be at legal risk.
�������� Recommendation:
An immediate and thorough examination of
your company�s policies and procedures and their proper execution is highly
recommended to help reduce possible operational, financial, and/or legal risk.
With a Medium Risk exposure, depending on the available resources, it is
possible that the situation could be investigated and resolved internally.
However, if internal resources are not available, it is highly recommended that
you contact your reseller and/or a consulting firm knowledgeable about Volume
Licensing to further analyze your company�s software management needs and help
you implement a best-practices solution.
C.���� �High Risk� in 1 or More Section(s):
It is highly likely that most components
of your software management program are not in place and/or not complied with.
In addition, there is a high possibility of legal risk from not meeting the
Volume Licensing and other software licensing terms and conditions.
�������� Recommendation:
It is strongly recommended that your
company immediately seek professional advice and services, including software
audit-related services, offered through your local reseller and/or a consulting
firm knowledgeable about Volume Licensing to help you implement an effective
software management program.
Resources
�
Your local Microsoft Account Manager
�
Your local reseller
Related resources
www.microsoft.com/select
www.microsoft.com/piracy
�����������
www.microsoft.com/syspro/technet/tco
www.bsa.org
Appendix D:
Microsoft Volume Licensing Programs
����������� ������ Microsoft
Licensing Information Sheet
Appendix E:
Microsoft Resellers
United States
Canada