Obvious though it may sound, in almost every software audit the most crucial element contributing to a positive outcome is an accurate inventory of what software is deployed. Unfortunately, far too many businesses faced with an audit end up receiving grossly over-inflated compliance-purchase demands, because the inventory data received by the auditors and used to…
If your company uses a Microsoft Service Provider License Agreement (SPLA)—and it probably does if Microsoft considers you to be in the commercial hosting business—you will be audited at some point. Typically, Microsoft SPLA customers are audited once every three years. When that time comes, it is important to know how your company may be…
Each of the major software publishers has one or two tricks up its sleeve – tricks that often are missed by licensees – affecting how its server products may be used in virtualized environments. For example, Microsoft SQL Server requires a minimum of four core licenses per vCPU, even if the actual number of vCPUs…
Managing a complex IT environment very challenging, even before becoming involved in an external software audit from a software publisher or a third-party auditing entity. Businesses facing VMWare audits in particular should be prepared to take a number of steps to ensure compliance and avoid exacerbating any potential copyright infringement claims. Step 1: Identify the…
Most businesses that try to plan for software audits and to estimate the potential exposure they could incur in the event of those audits know that the primary cost components of that exposure typically are the prices associated with any licenses they may have failed to acquire. For example, if a company determines it has…
Microsoft’s Services Provider License Agreement (SPLA) is the principal licensing agreement for companies that want to use Microsoft products to deliver hosted software solutions over the Internet. Microsoft’s standard volume license agreements expressly prohibit using the software for “commercial hosting” purposes (though, limited exceptions are offered for certain use cases and subject to specific requirements)….
Software auditors such as KPMG, Deloitte and PriceWaterhouseCoopers like to have things their way. It’s an understandable impulse – with likely hundreds of audits pending at any one time, the natural inclination is to standardize the process around a single set of tools and processes with which the auditors are most familiar. However, those tools…
Often, after signing a Master Service Agreement (“MSA”), a service provider and its client will memorialize the details of the project by crafting a Statement of Work (“SOW”). The importance of the terms in a SOW is sometimes overlooked by both business and legal teams because an SOW is commonly considered a business document rather…
Software-compliance audits initiated by IBM can be extremely burdensome and time-consuming and can force companies to face challenges that are somewhat unique among major-publisher audits. For one example, a significant component of IBM’s business model is the acquisition of other software vendors and the integration of those vendors into IBM’s product portfolio, which can complicate…
Businesses contacted by Adobe for software audits can be lulled into thinking that those investigations entail less exposure risk than audits by other publishers, like Microsoft or IBM. Adobe audits typically are conducted directly by Adobe representatives, rather than by a third-party auditor like Deloitte or KPMG, and the inventory data usually is provided by…
Oracle maintains what I consider to be the most aggressive audit program of any major software publisher. Its licensing rules can be extremely difficult to understand, and they frequently are not clearly stated in the applicable license agreements. Moreover, Oracle’s License Management Services (LMS) team typically is unforgiving when it comes time to apply those…
It is common practice for software publishers to incorporate by reference various licensing rules and policies to govern the usage of the publishers’ software products. For example, Microsoft’s volume license agreements (such as MPSAs or Enterprise Agreements) incorporate Microsoft’s Product Terms, Online Services Terms and Service Level Agreement for Online Services (among other documents), with…
Oracle’s “Technology” software products (such as its WebLogic and Database programs) are very popular products. Unfortunately, as we have explained numerous times here, Oracle’s license agreements and compliance practices entail numerous pitfalls for unwary users of those products. Being caught in one of those pitfalls can result in substantial, unforeseen expenses following an audit by…
Many companies would like to know whether and to what extent their existing Oracle software product licenses entitle them to use that software in a third-party cloud-hosting environment – such as Amazon Web Services’ (AWS’s) Elastic Compute Cloud (EC2) environment – and, if so, whether that usage would be subject to different license metrics or…
Of the many complex licensing arrangements Oracle offers to its customers, none seem to generate as much confusion and consternation as the Unlimited License Agreement (“ULA”). For companies that have already determined that they are not going to renew their ULAs with Oracle, the following are a few guidelines to follow to minimize the risks…
If your business model involves hosting applications, websites or data, chances are that Microsoft will require you to obtain and follow a SPLA. Businesses that use Microsoft software for internal use only, or where third-party access is anonymous or unauthenticated, do not need a SPLA. With limited exceptions, Microsoft does require customers engaged in commercial…
The General Data Protection Regulation (GDPR) became effective on May 25, 2018. GDPR is the widest sweeping privacy regulation to hit the global market since the 1995 EU Data Protection Directive. GDPR is a regulation that requires businesses to protect the personal data and privacy of EU residents (EU data subjects). This new legislation introduces…
BSA| The Software Alliance (the “BSA”) is an organization that acts on behalf of software publishers to enforce copyrights. The membership of the organization may undergo changes, which can impact an existing software audit if a member leaves during the course of the audit and the BSA no longer has power of attorney to enforce…
While the over-arching concept underlying a software audit initiated by a publisher like Microsoft or IBM is the same as that in an audit initiated by the BSA | The Software Alliance or the Software & Information Industry Association (SIIA) – a comparison of software entitlements to software deployments in an effort to identify any…
BSA | The Software Alliance (BSA) is an organization that represents software companies and prosecutes alleged unlicensed use of those member companies’ software products. The BSA generally initially sends a company a letter indicating the company may be out of compliance with applicable software license agreements and demanding that the company investigate and inspect each…
