8 Key Software Compliance Activities

1. Be very clear about the vendor agreement terms and penalties

• Gather all signed agreements
• Review language for each purchased product along with all associated agreements
• Understand compliance audit rights and procedures
• Be clear about the remedy and cost of compliance resolution
• Institutionalize the process for purchasing and deploying products to assure that the agreement terms are met
• Work with vendor to consolidate agreements where advantageous
• Identify any auto renewal or other triggered contract language
• Review cancelation language
• Research any related agreement language on the vendor website

2. Determine the type and quantity of licenses you own

• Gather all purchase history for all owned entities
• Be clear on upgrade rights and path
• Look for ownership that might have been forfeited or transferred
• Be aware of any geographic restrictions
• Know when and where the purchase was finalized
• Interview individuals who initiated the purchase when possible to understand the background
• Review budget and purchase justification documentation

3. Know your software deployment footprint

• Map all equipment and software on your network and in storage using discovery and inventory tools
• Review equipment and software that has been removed from service
• Develop a consolidated and reconciled Enterprise License Position (ELP)
• Analyze deployment patterns including upgrades and adoption patterns
• Examine active and planned technology implementation projects to assess footprint impact
• Explore technology utilization metrics
• Understand configuration standards and governance
• Identify cross platform licensing implications
• Review cross geography deployment
• Analyze support, incident logs and maintenance history
• Interview key stakeholders involved in the purchase and deployment processes

4. Understand your product use rights and risk

• Map the key guidelines and triggers from all EULAs active at the time of product purchase, as well as, changes to the agreements to the present time
• Dig deep into rules around environments that are shared, hosted, virtualized and otherwise different than traditional internal physical server installations
• Pay extra attention to mobility rights as they vary by product version and are restrictive if you do not have active maintenance in place
• Be clear about upgrade rights for each and every implementation
• Review the detailed change history for each environment with an eye toward triggers that could alter compliance
• Critically study agreement clauses that address acquisitions, divestitures, consolidations, and company growth
• Be aware of VAR and vendor product strategies that are hidden away in the agreement language as they are often incompatible with your needs
• Look for language with triggers requiring purchases, where licenses would be canceled, automatic contract renewal process is launched, or audits are required
• As you study the agreements be aware that they are often intentionally written to be unclear and that changes are made often without notice
• Review all internal governance regarding software license allocation as inconsistency can lead to compliance gaps
• Interview key stakeholders to assess governance consistency and to understand why implementation choices were made
• Your risk increases for every unknown attribute you uncover during your compliance review

5. Engage experts to assist as required

• Complex and changing vendor rules require expert focus and deep understanding of licensing models and strategic alternatives
• Without guidance well-intentioned technicians make choices with knowing licensing pitfalls resulting in unplanned and perhaps unnecessary spend
• Compartmentalized teams typically make decisions without knowing the total footprint, ELP, or EULA requirements – and don’t have the time or expertise necessary to optimize choices
• Experts use proprietary and industry tools to create a data lake of relevant information for detailed analysis
• Industry, vendor, and product expertise enables decisions based on an extensive knowledge base
• A focused team who analyses compliance on a daily basis for many clients and vendors is able to provide guidance with more confidence than an internal team who has infrequent exposure

6. Optimize license allocation

• Document your baseline using the footprint and ELP information
• Model financial models for each licensing model and hardware configuration
• Verify viability of each model with subject matter experts
• Determine the project cost and effort associated with the technology environment transformation
• Launch a process to collect and reuse licenses as the environment changes
• Implement the selected options for licensing models and hardware configurations
• Establish a process to regularly monitor licensing and hardware configurations to assure continued optimization
• Use experts to keep up to date on changes made by vendors that open new opportunity or introduce new risk

7. Purchase necessary licensing to achieve compliance

• Document the pending purchase including details regarding why each choice was made
• The knowledge and data that has been uncovered in this process will improve your negotiation position with the vendor
• Complete the purchasing process and follow-up with the key stakeholders to assure that the implementation follows the plan for the purchased licensing

8. Implement process to maintain compliance

• Refine governance and reintroduce the compliance process to the key stakeholders
• Build a data lake of the information provided by discovery tools, inventory systems, and purchasing processes so that routine analysis is available
• Conduct formal scheduled internal compliance audits and review observations and resolution with key stakeholders