Contract Management

Software Compliance: Staying In Your Lane While Online

May 20, 2020

software-compliance
Artboard 1 copy 18@2x Manage Software Costs

Ensure your business isn’t wasting spend on unused tools and licenses.

It’s not very often a business will check in on you after a transaction is made.

Few organizations think too much about what people are doing with their product once it has been purchased. Unless, of course, a license is involved. In the case of software, the buyer doesn’t necessarily own the software, but has just bought a license to use it in a certain way and for a certain amount of time. 

To be able to continue using the software, users must remain compliant with the license offered. 

What is software compliance? 

Software compliance is an umbrella term that refers to using software in a way that meets professional and government standards. Should a vendor conduct a software license audit, the number of licenses you have purchased better match the number of licenses actually installed on your computer. Surprisingly, there are a lot of ways that you could be using software illegally. 

Ensuring software compliance before an audit can save your organization from the negative consequences of those two numbers not adding up. 

Software asset management

Compliance is key when using software, and the bridge that will help you successfully cross the choppy waters of a an audit lies in software asset management. 

Software asset management (SAM) refers to the business practice involved in managing, deploying, maintaining, using, and disposing of software programs within an organization. Understanding where each software program stands in that lifecycle is necessary to stay compliant.

Here’s a quick checklist to make sure you have everything covered:

  • Know what software has been purchased
  • Know where it is installed
  • Know when to phase out what has been installed
  • Know the software usage policies

There are two subsets of software asset management: software license compliance and software license management. 

Software license compliance focuses on under-licensing, which looks at the number of licenses compared to the software deployed in the businesses. This process helps businesses avoid being audited and minimizes the impact of an audit if it happens. 

Software license management takes it a step further and hones in on ensuring the business has the right license and getting rid of unnecessary ones. 

Check both of those off for each product your business uses and reaching software compliance will be that much easier. But to really bring it home, there are a couple more steps you can take. 

How to ensure software compliance 

Being proactive in software compliance will always save you time in the long run. Here’s a checklist of action items for getting there. 

Be clear on terms and conditions

Staying compliant is a lot easier when the terms and conditions of a license are specific. This way, there is no ambiguity to what can and cannot be done with a certain product. While specificity is preferred for laying out the regulations to follow, it can also make things more complicated. Make sure you understand the terms, conditions, and penalties for violating your license or contract. 

Keep in mind that those expectations might change when it comes time to renew. Don’t review your contract at the first signing and forget it - keep an eye out for both major and minor requirement changes. 

Worried about not staying compliant?

G2 Track can ensure you are abiding by the following compliance items on a direct contract: 

  • SOC 2: ensures your service providers are managing and securing your data to protect the privacy of your organization and clients you work with
  • ISO 27001: analyzes all controls of a business’ information risk management process
  • CSA STAR: assesses the security of a cloud service provider
    Skyhigh Enterprise-Ready: ensures cloud services keep data secure 
  • GDPR Statement: requires that data holders provide certain pieces of information to the people whose data they are controlling and using 
  • Privacy Shield: determines whether or not companies have adequate protection in place
  • Data Processing Agreement: regulates particular aspects of data processing and the relationship between the controller and processor
  • Vendor Security Questionnaire: verifies that service providers follow information security practices
  • CCPA: provides citizens of California with the right to see the categories of personal data that a company has collected on them 
  • NDA: establishes confidentiality between the owner of the information and the recipient of it 

Understand your license

Failure to understand the nature of your software user license can result in a violation of a contract, and therefore, noncompliance.

Here are some common software models you might run into:

  • Proprietary licenses: a single software license for the entire organization.
  • Workstations licenses: one license must be purchased for every workstation where the software will be installed.
  • Single user licenses: a separate license must be purchased for each person that will be using it. 
  • Concurrent use license: a model that allows one license for a specific number of people to use at once. 

Make sure you understand the type of license you were offered and don’t mess with the parameters. 

Keep up with the policies

It’s one thing to have the IT department understand how to comply with the standards of the vendor, but getting the rest of the company up to speed can be another matter entirely. 

Make sure each department is educated on the license agreements. Translate the complicated jargon of a software license into procedures for employees to follow. Create processes, educate the organization, and check up on their usage from time to time. Make sure they understand that compliance is mandatory. 

Record licenses and usage

Keep a record of all the software you are licensed to use. This is good for your own records, but it will also make your case for proving you were compliant should a compliance audit come your way. 

When I say to keep a record, I do not mean to have all of your software usage and licensing info scribbled onto a post-it note that lives under a stack of paper. Tools like G2 Track can help you avoid manual record keeping by providing a better method for tracking licenses and usage. 

Tip: You can start managing your software compliance today for free — get started here with G2 Track.

In terms of the specific information you should keep, here’s a list:

  • Name of the software
  • Product ID
  • License number
  • Date of installation
  • Machine ID
  • Compliance verification

Establish a source of truth

You don’t want to be unsure of the location of your software license information, especially when an external auditor comes around. Establishing a single source of truth for everyone that needs information on the software licenses is crucial for compliance. 

Another great feature of G2 Track is that it can be just that. Spreadsheets, notepads, and general data entry are a thing of the past. Forget about lost, repeated, and contradictory information.

Centralize your software purchases 

As organizations get bigger and departments become less connected, organizations can’t afford to have multiple departments buying the software they need. While businesses want their employees to have the tools they need to get work done, they don’t want people buying software willy nilly. 

Having a streamlined software buying process is crucial for ensuring compliance. A common method for this is to have the IT department be the sole group that buys and installs software for the entire organization. Make sure other departments know they need to do this through IT, and that there will be penalties if they do not.   

Have knowledge of software audits

Another good way to prepare for audits, leave them unscathed, or avoid them altogether is to understand what they are and why they happen. 

A software audit is a review of a software program meant to check the quality and progress and compliance with licenses, plans, standards, and regulations. Vendor audits can occur for a number of reasons. Certain global organizations will offer rewards to software companies that find violators. They can either be notified by these organizations or current and former employees of a business. 

It is important to note that just because your organization is about to experience a software audit, it does not mean you are being accused of noncompliance. Some businesses, especially larger ones, will simply conduct audits on a regular basis. 

Conduct your own audits

If you purchase licenses from big-time software providers, you can expect an audit request. To be prepared, conduct an internal software audit so you have the chance to catch any compliance issues and fix them before the auditors do. 

Why comply?

Compliance is required of any business that uses software, but they don’t always meet the standards. 

First and foremost, software compliance protects the intellectual property of software publishers. 

Secondly, not only will complying help you avoid being audited or fined if one is requested, but it can also help you find areas where you have wasted software spend. Keeping up with all of this manually can be a challenge. Let G2 Track help.

Want to learn more about software and all of its moving parts? Check out our extensive guide on software asset management!

Artboard 1 copy 18@2x Manage Software Costs

Ensure your business isn’t wasting spend on unused tools and licenses.

Manage your software costs with G2 Track.