8 Key Software Compliance Activities

Manage software compliance to manage cost and reduce audit risk.
Home / 8 Key Software Compliance Activities

Purchasing and administering software has never been more challenging than it is today. Licensing agreements and use rights are complex and are impacted by any technology choice made within your enterprise and in the cloud. These agreements are multi-million dollar investments where simple deployment errors can have material financial impact. Adding to compliance risk, a growing number of software vendors force audits that consume your time, resources and typically result in additional large purchases.

You can reduce your compliance risk by implementing these 8 key software compliance activities.

8 Key Software Compliance Activities

1. Be very clear about the vendor agreement terms and penalties

  • Gather all signed agreements
  • Review language for each purchased product along with all associated agreements
  • Understand compliance audit rights and procedures
  • Be clear about the remedy and cost of compliance resolution
  • Institutionalize the process for purchasing and deploying products to assure that the agreement terms are met
  • Work with vendor to consolidate agreements where advantageous
  • Identify any auto renewal or other triggered contract language
  • Review cancelation language
  • Research any related agreement language on the vendor website

2. Determine the type and quantity of licenses you own

  • Gather all purchase history for all owned entities
  • Be clear on upgrade rights and path
  • Look for ownership that might have been forfeited or transferred
  • Be aware of any geographic restrictions
  • Know when and where the purchase was finalized
  • Interview individuals who initiated the purchase when possible to understand the background
  • Review budget and purchase justification documentation

3. Know your software deployment footprint

  • Map all equipment and software on your network and in storage using discovery and inventory tools
  • Review equipment and software that has been removed from service
  • Develop a consolidated and reconciled Enterprise License Position (ELP)
  • Analyze deployment patterns including upgrades and adoption patterns
  • Examine active and planned technology implementation projects to assess footprint impact
  • Explore technology utilization metrics
  • Understand configuration standards and governance
  • Identify cross platform licensing implications
  • Review cross geography deployment
  • Analyze support, incident logs and maintenance history
  • Interview key stakeholders involved in the purchase and deployment processes

4. Understand your product use rights and risk

  • Map the key guidelines and triggers from all EULAs active at the time of product purchase, as well as, changes to the agreements to the present time
  • Dig deep into rules around environments that are shared, hosted, virtualized and otherwise different than traditional internal physical server installations
  • Pay extra attention to mobility rights as they vary by product version and are restrictive if you do not have active maintenance in place
  • Be clear about upgrade rights for each and every implementation
  • Review the detailed change history for each environment with an eye toward triggers that could alter compliance
  • Critically study agreement clauses that address acquisitions, divestitures, consolidations, and company growth
  • Be aware of VAR and vendor product strategies that are hidden away in the agreement language as they are often incompatible with your needs
  • Look for language with triggers requiring purchases, where licenses would be canceled, automatic contract renewal process is launched, or audits are required
  • As you study the agreements be aware that they are often intentionally written to be unclear and that changes are made often without notice
  • Review all internal governance regarding software license allocation as inconsistency can lead to compliance gaps
  • Interview key stakeholders to assess governance consistency and to understand why implementation choices were made
  • Your risk increases for every unknown attribute you uncover during your compliance review

5. Engage experts to assist as required

  • Complex and changing vendor rules require expert focus and deep understanding of licensing models and strategic alternatives
  • Without guidance well-intentioned technicians make choices with knowing licensing pitfalls resulting in unplanned and perhaps unnecessary spend
  • Compartmentalized teams typically make decisions without knowing the total footprint, ELP, or EULA requirements – and don’t have the time or expertise necessary to optimize choices
  • Experts use proprietary and industry tools to create a data lake of relevant information for detailed analysis
  • Industry, vendor, and product expertise enables decisions based on an extensive knowledge base
  • A focused team who analyses compliance on a daily basis for many clients and vendors is able to provide guidance with more confidence than an internal team who has infrequent exposure

6. Optimize license allocation

  • Document your baseline using the footprint and ELP information
  • Model financial models for each licensing model and hardware configuration
  • Verify viability of each model with subject matter experts
  • Determine the project cost and effort associated with the technology environment transformation
  • Launch a process to collect and reuse licenses as the environment changes
  • Implement the selected options for licensing models and hardware configurations
  • Establish a process to regularly monitor licensing and hardware configurations to assure continued optimization
  • Use experts to keep up to date on changes made by vendors that open new opportunity or introduce new risk

7. Purchase necessary licensing to achieve compliance

  • Document the pending purchase including details regarding why each choice was made
  • The knowledge and data that has been uncovered in this process will improve your negotiation position with the vendor
  • Complete the purchasing process and follow-up with the key stakeholders to assure that the implementation follows the plan for the purchased licensing

8. Implement process to maintain compliance

  • Refine governance and reintroduce the compliance process to the key stakeholders
  • Build a data lake of the information provided by discovery tools, inventory systems, and purchasing processes so that routine analysis is available
  • Conduct formal scheduled internal compliance audits and review observations and resolution with key stakeholders

Talk to BLC to learn more about Software Compliance.




113 Seaboard Lane, Suite A120, Franklin, TN 37067