1.Business Advisor Series

Size: px
Start display at page:

Download "1.Business Advisor Series"


1 1.Business Advisor Series Software Asset Management Ensure license compliance, reduce risk, and increase IT saving

2 Foreword There are software licenses for every type of individual and organization from simple click-to-accept to negotiated license arrangements for larger organizations and specialized situations. BSA ensures that they receive their entitled rewards for their investment in the research and development of market leading products. Understanding the different types of licensing could have a significant impact on the way you make business decisions. By improving the awareness of the software assets at your disposal, you can leverage them more effectively to increase productivity and efficiency in your organization. Over the past 30 years, technology innovation and software advances have affected every aspect of our lives. When you only use licensed software, you are helping to ensure that thousands of developers continue to create quality, groundbreaking software, which in turn, supports countless individuals and businesses around the world to keep making breakthroughs of their own. BSA represents and protects the intellectual property of the world s leading commercial software publishers. This intellectual property springs from the bright ideas, creative mindshare, and long hours of development delivered by organizations. Many organizations and their employees tend to overlook or even ignore the licensing process often because they do not understand its importance. Some inevitably think that it is simply the responsibility of the IT manager or purchasing department. While the IT manager or department is generally the area of the company where this responsibility falls, it is essential for all users to respect the rights of the publisher, just as a customer is expected to pay for your work. How does implementing a strong Software Asset Management (SAM) program make good business sense? SAM protects your organization s software and helps identify the software in the company, where it is installed, and any licensing overlap either under-licensing or over-licensing. 1

3 An effective SAM program enables you to maximize cost efficiencies and make wellinformed business decisions. In addition to the business reasons outlined above, there are legal reasons for ensuring that your organization respects the software license of the software used to successfully run your business. Failing to respect these rights may result in copyright infringement claims against your company that can result in financial exposure. This guide is intended to help you and your organization understand the fundamentals of licensing and to take control of your software assets. We are proud of the role our members have played in enhancing productivity and advancing lives. We are equally excited about what has yet to emerge from this dynamic industry. To help us serve your needs more effectively, please ensure that you and your employees understand why licensing matters and take the steps required to ensure that software is managed effectively, so you can get the most from these assets. Additional information is available at Best regards, Robert Holleyman President and CEO Business Software Alliance 2

4 Why Does Licensing Matter? It s not what you say but how you say it what does your typeface say about your business? License compliance is a concern to many businesses and individuals around the globe. So why is it that over one-third of the world s business software applications are currently being used illegally in some form or another? This does not necessarily mean that individuals or businesses deliberately intend to break the law; however, regardless of intent, they could potentially expose themselves to serious legal and financial consequences, as well as operational and security risks to the company. By the same token, there are some significant, and perhaps unexpected, advantages that come with being license compliant. What is SAM? Software Asset Management (SAM) protects your organization from the risks associated with unauthorized software and helps you recognize what you have got, where it is running, and any licensing overlap. SAM is essential in today s business world. Organizations that have set up effective software licensing policies and practices are seeing the benefit in a number of ways. They are helping to protect their work environments from today s security threats; eligible to receive the latest upgrades and technical support from their software suppliers; and also reducing their operational (both license and management) costs company-wide. However, these benefits do not solely apply to large enterprises. It is important to note that an effective license management program, also known as Software Asset Management (SAM), is just as important to the small and medium size business. 3

5 Software Licensing: Understanding The Essentials What is a Software License? Licensing Misconceptions Software is the result of a creative process and, like books, music and films, is protected by copyright law. A software license represents the software publisher s permission for the installation and use of its software on a computer. As you would expect, the license contains the terms and conditions governing the legal use of the software, including the scope of licensing rights and any restrictions that relate to its purpose, location of use, or the hardware involved. The license agreement typically contains a definition of the product, acceptance terms and any warranty provisions. More complex agreements may also contain implementation schedules, confidentiality provisions and payment terms. A software license will frequently grant you a non-exclusive right for a specified user to use one copy of the software and will prohibit further copying and distribution of that software to other users or computers. There are many misconceptions about ownership and copyright. With commercial software, you, as the licensee (end-user), never assume ownership of that copyright. The user acquires the right to use the software according to the terms and conditions provided by the owner of the copyright in the end-user license agreement or negotiated agreement with the publisher. The only exception to this may be when custom software has been developed specifically for a company or individual and the agreement specifies who owns the rights to that software. Another common misconception relates to the unrestricted use of freeware or software that is offered to the user at no cost. This software is also copyrighted and you should always check the individual terms and conditions with the software provider. 4

6 Proof of Purchase = Proof of License Not understanding the importance, businesses may throw away valuable documentation relating to proof of purchase, such as receipts, in addition to the actual licenses. It is extremely important that you are able to prove that your organization has valid licenses for all of its software. Failure to do so may result in legal action. You should, therefore, keep a close track of your software inventory. In most countries, compliance is ultimately the responsibility of company directors or business owners, and not of individual employees. It is thus in your company s own interest to have comprehensive software management initiatives in place. used. However, volume licenses contain language that specifies how many copies of the software may be made from that license. Exceeding that number is a violation of the license terms. Singleuser licenses are just that: licenses where only a single user (or computer) may use the software. It is best to consult your license agreements to learn how you are permitted to use the software as well as check with your software reseller or publisher. Different types of licenses Understanding the different software licensing documents can be challenging, however the terms and conditions are, for the most part, similar from one license to the next. There are two distinct license types: the single-user and the multi-user. Multi-user licenses are sometimes referred to as volume licenses because they allow multiple copies of the same application to be 5

7 How software is licensed in a workplace The laws pertaining to license terms and conditions are broadly similar from one license to the next. That is to say, for every instance of software being installed on any type of device, there must be a corresponding software license or similar license agreement in place authorizing such use. For example, the ABC Design company, shown in the diagram, has five PCs and five Macs. The PCs are linked to two servers, one for and the other for general files. The five Macs are used for graphic design purposes and are loaded with design software. The PCs, on the other hand, are configured with an operating system and an /word-processing software suite. For ABC Design to be compliant and fully licensed, it will need the following licensing components: Five operating system licenses for the PCs Five word processing/ licenses Five operating system licenses for the Macs Five design software licenses for the Macs Two server licenses One server license 10 client access licenses (CALs), assuming a per seat agreement for each server. This will allow the legal linking of all computers on this network. 6

8 Common ways unauthorized software comes into the workplace. While there are many ways unauthorized software enters the workplace, the following are the more predominant ways: Using legally acquired software installed on more computers than the license allows; Making or distributing copies where not permitted under the terms of the license; Allowing employees to install software brought from their homes; Downloading unlicensed software from the Internet; Allowing third-parties to install software on machines for which you do not hold a corresponding license; and Using software outside the terms of the license. You may not realise that it is irrelevant whether the software is actually used or not. As soon as software is installed, a copy is made on the computer s hard drive; so from that moment, you must have a valid license to support its installation. In cases of illegal software use, software publishers may seek legal remedies that would require: Deletion of the unauthorized software; Agreeing to only use legal software; and Compensation. In some countries, this may be executed by the courts and result in civil or criminal prosecution. 7

9 Manage Your Software Effectively There are two sides of software management: on the one hand, good software management can lead to many advantages easier management, more visibility of your business and lower Total Cost of Ownership (TCO). On the other hand, failure to manage software assets effectively can lead to significant financial and legal headaches. The process for managing your software can be easily outlined in four easy steps: Step 1: Perform a software inventory. This is the first step to understanding your software assets. Perform a software inventory so that you can learn what is installed on each computer. Step 2: Match software to licenses. Now that you know what software is installed on your company s PCs and laptops, it is time to match the software with the licensing documentation. If under-licensed, you must acquire additional licenses for software you need and delete the software you don t need. If you find you are over-licensed, it demonstrates a need for a better SAM program in your company, to streamline the process and potentially save money. Step 3: Review policies and procedures. Establishing and following good policies and procedures for software use and license acquisition is a vital part of the entire software management process. If you already have policies in place, now is a good time to review and update them as necessary. Step 4: Develop a SAM plan. The final step in the SAM process is to develop a plan of action: analyze software needs, set up training, and determine how often it is appropriate to review your installed software and license records. Embed SAM into your organization for maximum efficiency, which generally results in lower IT costs. In many cases, an effective SAM program may reveal you have acquired more licenses than are necessary. However, you must implement a SAM program to see what you have installed versus what you have licensed. 8

10 The benefits of good software management Staying on the right side of legal compliance All company assets need to be tracked as they form part of the value of that company. Software is no different, it is just less visible. However, there is nothing invisible about the benefits that effective software management can bring: Peace of mind: That comes from being on top of your software assets and, correspondingly, reducing your risk. Technical support: Having the advantages of tutorials, full documentation, instruction manuals, training and support from your software supplier. Upgrade entitlements: Knowing you have access to the latest updates and tools - in terms of upgrades, information and technical support services. Reduced costs: Consider the cost control advantages when you only pay for what you are using and what your business actually needs. Increased productivity: You can improve corporate performance when staff have the education, training and the tools they need. The mechanics of licensing software are relatively simple. Companies find themselves non-compliant for the following reasons: No software management program has been implemented; Employees are given unrestricted access to the Internet and down load potentially unlicensed software; No clear policies prohibiting unlicensed software and outlining the consequences, have been defined for employees; Software has been bought from outside of authorized channels; and Mergers and acquisitions have taken place without a full appreciation of what is being inherited and there were insufficient checks to ensure that valid licenses were in place. Failure to manage software in the appropriate manner could increase risk to the company. You could save up to 30% on software costs with the implementation of an effective SAM program.* 9 *Source: IT Asset Management: Moving to Higher Ground, Frances O Brien, Gartner ITAM Conference 2003

11 Understanding the risks of poor software management These are the most common risks associated with poor software management: Legal exposure: which could result in prosecution or fines; Viruses: without due attention, these can corrupt your entire system; Lack of technical support: may not be available to unlicensed software; Business disruption: when the system crashes unexpectedly because of lack of controls; Lost productivity: losing out to those who do get the upgrades; and Overspend: without an audit, you may be paying for more licenses than you need. Employees should be instructed not to bring in personal software applications into the business since these may be unlicensed and may be infected with a virus. 10

12 Stay on the License Compliance Track: The Audit, Policies, and Procedures All employees must understand the value of commercial software, learn the difference between legal and illegal use and commit to proper use. To do this, your organization must have a clear policy explaining that the company is committed to managing its software assets. When employing new staff, employers should ensure that the terms and conditions of employment include the employee s responsibility to respect and uphold copyright law in the workplace. It is good company practice to ensure that you have a corporate policy relating to the use of software in your organization and that each employee receives a copy. Some companies make this part of the employee s employment contract. Tips on creating and implementing a software policy A sample corporate policy statement is provided in Appendix I. Make sure the policy is shared with everyone in your organization and ensure that everybody understands what it means. Appendix II is a sample that can be circulated to remind employees of the software policy in place. Allowing employees uncontrolled access to the Internet may introduce additional vulnerabilities. In many countries, a company may be held liable when an employee breaks the law by downloading unauthorized software and in some cases this could potentially mean imprisonment or fines for company directors. Unlicensed software could also expose your networks and sensitive business data to system-crashing viruses or allow others the ability to access files on your network. 11

13 Software life cycle Picture the life cycle of your software: from the moment it comes into the company to the moment it leaves. Now make sure your policies cover each of the five following stages in the life cycle of software management: Procurement Distribution Maintainance Monitoring Disposal (end of life) When you put your procedures together, make sure that you build software profiles for each of your users to easily identify who should be using what. These profiles will help you to recognize what you need now and in the future. This will also allow you to see, at a glance, software that is not being used so you can decide if you want to continue to maintain these programs. Ensure the software being requested is on the company s list of supported software; Buy only from reputable resellers; Work only with reputable Application Service Providers (ASPs), ensuring you maintain all relevant licenses and documentation with the ASP; Collect together original user materials, manuals, registration cards, licenses and receipts for each purchase; Make sure employees do not buy software directly at the workplace or charge to their expense accounts; and Ensure that software cannot be downloaded from the Internet by employees without special approval. While employee communication is a must, you should also have an effective software purchase procedure that may contain the following: Centralized purchasing; Make sure purchasing requests are in writing and have manager approval; 12

14 The Audit Process 1. Conduct your software inventory Only by knowing how many computers your organization has (desktops, laptops, servers and mobile devices) and what software programs are installed on those computers, can you determine how to proceed. An accurate inventory can answer the following questions: Are we using the most recent or most suitable version of the programs we need? Are we using outdated or unnecessary programs that can be deleted? Are there any other programs that we should obtain to become more productive or efficient? Are we making the most of our software investment by participating in volume licensing agreements? Are we wasting money on software upgrades for programs that we no longer need? Does each employee have the appropriate suites of software to meet their working needs? Do-it-yourself or engage a specialist You can complete such an inventory yourself, or you can engage the services of a specialised asset management company. The BSA has a number of free software audit tools, designed to help you identify and track licensed and unlicensed software installed on your computers and networks. Inventory checklist (1) the software No matter which tools you decide to use, make sure that you capture the following information for each copy of software installed on each computer: Product name Version Vendor Department owner License type License Expire date (if applicable) Inventory checklist (2) related material You should also make an inventory of material related to software on your computers, including: All disks, CDs, or other storage media used to install the programs on your machines; All original manuals and reference documentation; All license documentation; and All invoices, proofs of purchase and other documents proving the legitimacy of your software. This includes invoices for computer systems that were sold to you with pre-installed software. Go to for a list of free software audit tools that can assist you in the software discovery process. 13

15 2. Reconcile installed software with proof of license Once you have a complete inventory of all hardware and software you can make a comparison between the software that is installed on your machines against the number of licenses that you hold. As soon as you have identified any illegal software copies in your organization, you should delete them from your computers. Now you can make informed decisions about which software you want to keep, upgrade, or discard. Programs can be upgraded, if necessary, so that everyone is using the version that is most appropriate for your company. Any new purchases can be made at this point. 3. Establish and maintain accurate records Now that you know what you have and what you want, it is essential that you maintain this position moving forward. In order to do this, you must be able to keep accurate records of the following three registers: Hardware Asset Register Software Asset Register License Register Your company s licensing position could change on a daily basis, depending on the size and complexity of your operation. There are asset management companies that are able to offer expert advice with fully managed and integrated solutions that ensure these records are kept up-to-date with full status reporting. Finally, create a complete list of the software approved for the use by the company s employees. Keep this in a safe place and make sure that it is reviewed regularly. Consideration: Some companies lock their users PC s to prevent the user from installing software. 14

16 Staying on the right track Working with your software publishers Now that you are managing your software effectively, it is important to keep it that way. Regular checks on individual PCs, cross-checked with the three registers and individual profiles, will keep you on top of the situation. A number of asset management companies provide automated solutions. Larger organizations may choose server-based monitoring tools that can poll user PCs and laptops at intervals determined by you. These tools will produce up-to-the-minute exception reports to quickly highlight instances whereby illegal or non-approved software has been introduced onto a network or an individual machine. For smaller organisations, asset management companies are now offering remote management solutions to help you gain visibility on an on-going basis. There are three main categories of monitoring tools: Knowing exactly what your software requirements are will enable you to negotiate more effectively with software publishers and service providers. To be able to negotiate rights, you need to use existing management information about your software. Consider putting your software procurement out to competitive bid; investigate different methods and periods of payment to get the best deal for volume purchases of product suites. Hint: If you cannot find your receipts for the software you have licensed, contact your software reseller who may be able to assist. Client-based (resident on individual machines) Server-based Remote and ASP The cost and complexity of these offerings varies by vendor and geographical region. For local information, please visit: 15

17 Keep it safe and secure Being able to put your hands on documents that go with your software is very important. Make sure that you have a secure and central fire-proof storage area for the following: Original software DVDs, CDs Licensing agreements Warranties Manuals Invoices Receipts or proof of purchase Keeping everything together and safe means that you will always be in control of your software assets. 16

18 Appendix: Employer Tools For a sample SAM Policy, employee memorandum, and other beneficial employer tools, visit BSA s website at under Tools and Resources. 19

19 BSA Worldwide Headquarters th Street, NW Suite 700 Washington, DC USA Phone: Fax: BSA Europe, Middle East, and Africa 2 Queen Anne s Gate Buildings Dartmouth Street London SW1H 9BP United Kingdom Phone: + 44 (0) Fax: + 44 (0) BSA Asia-Pacific 300 Beach Road #25-08 The Concourse Singapore Phone: Fax: The Business Software Alliance (BSA) is the voice of the world s commercial software industry and its hardware partners before governments and in the international marketplace. Its members represent one of the fastest growing industries in the world. BSA programs foster technology innovation through education and policy initiatives that promote copyright protection, cyber security, trade and e-commerce. BSA, Business Software Alliance and the BSA logo are trademarks of the BSA, Business Software Alliance Incorporated and may be registered in certain jurisdictions Business Software Alliance. All rights reserved. Copy9ight Symbol 2007 Business Software Alliance. All rights reserved

Information Technology Governance

Information Technology Governance New York State Office of the State Comptroller Division of Local Government and School Accountability LOCAL GOVERNMENT MANAGEMENT GUIDE Information Technology Governance Thomas P. DiNapoli State Comptroller

More information


ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of

More information

An introduction and guide to buying Cloud Services

An introduction and guide to buying Cloud Services An introduction and guide to buying Cloud Services DEFINITION Cloud Computing definition Cloud Computing is a term that relates to the IT infrastructure and environment required to develop/ host/run IT

More information

Good Business for Small Business. Handbook Best financial practices for Canadian businesses

Good Business for Small Business. Handbook Best financial practices for Canadian businesses Good Business for Small Business Handbook Best financial practices for Canadian businesses www.visa.ca/smallbusiness Table of Contents Introduction ii I. Financing: Getting money to start and run your

More information

ENDON HIGH SCHOOL. Network Security Policy 2014-2016

ENDON HIGH SCHOOL. Network Security Policy 2014-2016 ENDON HIGH SCHOOL Network Security Policy 2014-2016 [Reviewed September 2014 to be reviewed every 2 years - next review October 2016 Contents Foreword... 5 ICT Security Policy for Endon High School...

More information

How to Decide to Use the Internet to Deliver Government Programs and Services

How to Decide to Use the Internet to Deliver Government Programs and Services How to Decide to Use the Internet to Deliver Government Programs and Services 1 Internet Delivery Decisions A Government Program Manager s Guide How to Decide to Use the Internet to Deliver Government

More information

Cyber-Security Essentials

Cyber-Security Essentials Cyber-Security Essentials for State and Local Government Best Practices in Policy and Governance Operational Best Practices Planning for the Worst Case Produced by with content expertise provided by For

More information

Records Management Best Practices Guide

Records Management Best Practices Guide Records Management Best Practices Guide A Practical Approach to Building a Comprehensive and Compliant Records Management Program Protecting and Managing the World s Information. Since 1951, Iron Mountain

More information

HIPAA Security Risk Analysis Toolkit

HIPAA Security Risk Analysis Toolkit HIPAA Security Risk Analysis Toolkit In January of 2013, the Department of Health and Human Services Office for Civil Rights (OCR) released a final rule implementing a wide range of HIPAA privacy and security

More information

Information Security Policy

Information Security Policy Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect

More information

The Definitive IP PBX Guide

The Definitive IP PBX Guide The Definitive IP PBX Guide Understand what an IP PBX or Hosted VoIP solution can do for your organization and discover the issues that warrant consideration during your decision making process. This comprehensive

More information

IP ASSETS MANAGEMENT SERIES. Successful Technology Licensing


More information

Our Worldwide Business Conduct Manual

Our Worldwide Business Conduct Manual Our Worldwide Business Conduct Manual We Do the Right Thing Introduction At P&G, we do the right thing. This may be a simple statement, but it s also the foundation of who we are as an organization. What

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Data Breach Response Guide

Data Breach Response Guide Data Breach Response Guide By Experian Data Breach Resolution 2013-2014 Edition Trust the Power of Experience. 2013 ConsumerInfo.com, Inc. Table of Contents Introduction 3... Data Breach Preparedness 4...

More information

Business Succession Planning Guide

Business Succession Planning Guide Business Succession Planning Guide NOTE: This book provides only a basic overview on the subject of succession planning and the publisher makes no warranties as to the accuracy of information as it relates

More information

Cyber Security Planning Guide

Cyber Security Planning Guide Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise

More information

Delgado Community College. Information Technology Security Policy

Delgado Community College. Information Technology Security Policy Delgado Community College Information Technology Security Policy Approved: *November 5, 2010 ) Delgado Community College IT Security Policy Page 2 *November 5, 2010 Table of Contents Title Page 1.0 Introduction

More information

Code of Business Conduct. Compass Group PLC. February 2011

Code of Business Conduct. Compass Group PLC. February 2011 Code of Business Conduct Compass Group PLC February 2011 CONTENTS Page Introduction Message from Richard Cousins 3 Code of Business Conduct 4 Getting Help and Advice 5 Speak Up 6 Visions and Values 7 The

More information

Due diligence for joint ventures, mergers and acquisitions in China

Due diligence for joint ventures, mergers and acquisitions in China Due diligence for joint ventures, mergers and acquisitions in China There are many ways to enter the Chinese market, including the establishment of a representative office, outsourcing production, founding

More information

CODE OF CONDUCT. Our reputation and integrity depend upon each of us assuming a personal responsibility for our business conduct.

CODE OF CONDUCT. Our reputation and integrity depend upon each of us assuming a personal responsibility for our business conduct. responsibility CODE OF CONDUCT Our reputation and integrity depend upon each of us assuming a personal responsibility for our business conduct. 02 Letter from Our CEO Dear ConocoPhillips Employees, Our

More information

Quantifying ROI: Building the Business Case for IT and Software Asset Management

Quantifying ROI: Building the Business Case for IT and Software Asset Management Quantifying ROI: Building the Business Case for IT and Software Asset Management Benefits of IT and Software Asset Management In today s increasingly competitive business environment, companies are realizing

More information

Financial management of not-for-profit organisations

Financial management of not-for-profit organisations Financial management of not-for-profit organisations November 2009 This guide was prepared by Jan Barned, financial management trainer, with the assistance of CPA Australia. CPA Australia wishes to acknowledge

More information

The Microsoft Office 365 Buyer s Guide for the Enterprise

The Microsoft Office 365 Buyer s Guide for the Enterprise The Microsoft Office 365 Buyer s Guide for the Enterprise Guiding customers through key decisions relative to online communication and collaboration solutions. Version 2.0 April 2011 Note: The information

More information


HEALTH INFORMATION TECHNOLOGY HEALTH INFORMATION TECHNOLOGY This transcript of the Health Information Technology online modules is provided for information purposes only. To obtain your AMA PRA Category 1 Credit for these modules,

More information

Standards for Internal Control

Standards for Internal Control Standards for Internal Control in New York State Government October 2007 Thomas P. DiNapoli State Comptroller A MESSAGE FROM STATE COMPTROLLER THOMAS P. DINAPOLI My Fellow Public Servants: For over twenty

More information



More information

Living Our Values Around The World

Living Our Values Around The World CODE OF CONDUCT Living Our Values Around The World Colgate s Code of Conduct sets forth our principles for working with each other, outside businesses, consumers, governments, local communities, and shareholders.

More information

CODE OF CONDUCT. Engineering the Future since 1758. MAN Group

CODE OF CONDUCT. Engineering the Future since 1758. MAN Group CODE OF CONDUCT Engineering the Future since 1758. MAN Group Please read this Code of Conduct thoroughly. It will support you in your day-to-day work. Version: 1.0 Applicable as of: January 1, 2011 CONTENT

More information

Outsourcing Workbook

Outsourcing Workbook Outsourcing Workbook Page 1 Copyright 2008 Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording,

More information