Read our guide to managing a software license compliance audit: www.anglepoint...
Every audit is different so you will not rely on all of these each time but are some good general principles to keep in mind.
1. Is this a valid audit?
I mentioned one of the first thing that the software asset management (SAM) Team should do is analyze the audit notification. You should compare this to the stated audit right(s) contained in any and all signed/accepted publisher agreement(s). Software publishers will send requests for information that are NOT audit notifications.
If they have no contractual right to audit, you are not obliged to disclose any information during the software publisher audit response process. You need to be careful in your response not to trigger a full audit, but you should verify this with IT Legal and push back-not all requests for information need to be answered.
2. Push the tempo.
Hopefully you are executing proactive IT Asset Management-meaning that for your top software publishers you have a capability to understand your compliance position. This should mean you have no cause to stall or dig your heels in during an audit.
Therefore, if you are in an audit situation, your organization should be doing all of the administrative legwork-scheduling all follow-up meetings, inviting all participants, taking notes and actions. This will let you control the written record of everything that is being agreed during the audit.
3. No external scripts.
This one should be a no-brainer. If the software publisher is requesting for information, they will likely provide a script or method that will ‘make it easier’ for your team to send them reports. You should never disclose information to a software publisher you have not had a chance to first review.
If you are running a script developed by the software publisher, you have no control over what data is being disclosed. They are likely collecting information that is far above and beyond the scope of data required for an audit. Your response to this type of request should be that external scripts are prohibited by your Information Security team.
4. Clarify the scope of License Entitlement BEFORE any data collection happens.
You will need to push back on this topic as the software publisher will likely say they want to start collecting data as soon as possible. Your response should refer back to the commonsense basis-if you have not clarified the products and license entitlement scope in the audit, how can you start collecting license consumption/usage data?
Негізгі бет Tips & Tricks for Responding to a Software Compliance Audit | Software Asset Management
Пікірлер