201904.23
Off
0

Accurate Inventory Information Crucial to Audit Outcome

Obvious though it may sound, in almost every software audit the most crucial element contributing to a positive outcome is an accurate inventory of what software is deployed. Unfortunately, far too many businesses faced with an audit end up receiving grossly over-inflated compliance-purchase demands, because the inventory data received by the auditors and used to…

201904.18
Off
0

Preparing for the Inevitable SPLA Audit

If your company uses a Microsoft Service Provider License Agreement (SPLA)—and it probably does if Microsoft considers you to be in the commercial hosting business—you will be audited at some point. Typically, Microsoft SPLA customers are audited once every three years. When that time comes, it is important to know how your company may be…

201904.15
Off
1

How to respond to a VMware Audit

Managing a complex IT environment very challenging, even before becoming involved in an external software audit from a software publisher or a third-party auditing entity. Businesses facing VMWare audits in particular should be prepared to take a number of steps to ensure compliance and avoid exacerbating any potential copyright infringement claims. Step 1: Identify the…

201904.11
Off
0

Top Three Ways to Sabotage Your Licensing Compliance Under SPLA

Microsoft’s Services Provider License Agreement (SPLA) is the principal licensing agreement for companies that want to use Microsoft products to deliver hosted software solutions over the Internet. Microsoft’s standard volume license agreements expressly prohibit using the software for “commercial hosting” purposes (though, limited exceptions are offered for certain use cases and subject to specific requirements)….

201904.10
Off
0

Be Wary of Requests for Mystery Data

Software auditors such as KPMG, Deloitte and PriceWaterhouseCoopers like to have things their way. It’s an understandable impulse – with likely hundreds of audits pending at any one time, the natural inclination is to standardize the process around a single set of tools and processes with which the auditors are most familiar. However, those tools…

201904.04
Off
0

Settlement Structuring for IBM Audits

Software-compliance audits initiated by IBM can be extremely burdensome and time-consuming and can force companies to face challenges that are somewhat unique among major-publisher audits. For one example, a significant component of IBM’s business model is the acquisition of other software vendors and the integration of those vendors into IBM’s product portfolio, which can complicate…

201904.03
Off
0

Adobe Audit Demands Can Be Burdensome

Businesses contacted by Adobe for software audits can be lulled into thinking that those investigations entail less exposure risk than audits by other publishers, like Microsoft or IBM. Adobe audits typically are conducted directly by Adobe representatives, rather than by a third-party auditor like Deloitte or KPMG, and the inventory data usually is provided by…

201903.28
Off
0

Oracle Audit Risks

Oracle maintains what I consider to be the most aggressive audit program of any major software publisher. Its licensing rules can be extremely difficult to understand, and they frequently are not clearly stated in the applicable license agreements. Moreover, Oracle’s License Management Services (LMS) team typically is unforgiving when it comes time to apply those…

201903.27
Off
1

How to Contend with Oracle’s Many Licensing Policies

It is common practice for software publishers to incorporate by reference various licensing rules and policies to govern the usage of the publishers’ software products. For example, Microsoft’s volume license agreements (such as MPSAs or Enterprise Agreements) incorporate Microsoft’s Product Terms, Online Services Terms and Service Level Agreement for Online Services (among other documents), with…

201903.26
Off
1

How to Understand Oracle’s Use of its Partitioning Policy for Virtualization

Oracle’s “Technology” software products (such as its WebLogic and Database programs) are very popular products. Unfortunately, as we have explained numerous times here, Oracle’s license agreements and compliance practices entail numerous pitfalls for unwary users of those products. Being caught in one of those pitfalls can result in substantial, unforeseen expenses following an audit by…

201903.20
Off
0

Do You Need a Microsoft Service Provider License (SPLA)?

If your business model involves hosting applications, websites or data, chances are that Microsoft will require you to obtain and follow a SPLA. Businesses that use Microsoft software for internal use only, or where third-party access is anonymous or unauthenticated, do not need a SPLA. With limited exceptions, Microsoft does require customers engaged in commercial…

201903.14
Off
0

Negotiating a Data Processing Agreement Under GDPR

The General Data Protection Regulation (GDPR) became effective on May 25, 2018. GDPR is the widest sweeping privacy regulation to hit the global market since the 1995 EU Data Protection Directive. GDPR is a regulation that requires businesses to protect the personal data and privacy of EU residents (EU data subjects). This new legislation introduces…

201903.07
Off
1

Audit Inspections: How to Proceed with Inspecting Computers for Software Installations

BSA | The Software Alliance (BSA) is an organization that represents software companies and prosecutes alleged unlicensed use of those member companies’ software products.  The BSA generally initially sends a company a letter indicating the company may be out of compliance with applicable software license agreements and demanding that the company investigate and inspect each…