Software Audits: The Importance of Timely Completion of Post-Settlement Obligations
Software audits initiated by software publishers or representative entities, such as the Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”), are often resolved by an out-of-court settlement.
Read More → 11 Secrets to Defending BSA, The Software Alliance Audits
The carefully crafted settlement agreements release an audited company from liability, contingent on the following obligations:
1) The accuracy of the submitted audit results,
2) Payment of the agreed settlement sum,
3) Circulating a software code of ethics to employees,
4) Completing a certificate of compliance, and
5) Submitting documentation to demonstrate software compliance.
Each of these settlement obligations is equally important, since the release of liability is conditional upon the successful and timely completion. The certification of the audit results and payment are typically performed at the time of settlement, unless the parties arrange for payment terms. However, the audited company must generally sign and circulate the software code of ethics to its employees within 30 to 45 days following settlement.
This form is generally provided by the BSA or the SIIA as part of the settlement agreement. The last two obligations are often challenging for the audited companies. The certificate of compliance must be completed after an audited company has ensured it has uninstalled or replaced all copies of software for which it was unable to locate a license. Unfortunately, some companies that were unable to locate proof of purchase documentation may be required to purchase the software again. It is helpful to work from the audit results to identify which software was allegedly unlicensed, and replace or uninstall those items. It is important to make any new purchases from authorized vendors or resellers in order to ensure each new purchase is a valid, licensed copy.
The SIIA and BSA require copies of these new purchases to be included with the certificate of compliance, which is typically due 30 to 60 days following settlement. It is important to be mindful of these deadlines to ensure that the settlement is not jeopardized by failing to complete one of the settlement obligations. If in doubt, a company should consider consulting an attorney experienced in software audits.