Trust, But Verify with Third-Party Software Vendors
Enterprise-level software solutions often are very complex products requiring a level of expertise that may be outside the experience or skill sets of generalist IT teams. Many businesses therefore rely on the services of independent software vendors and consultants to evaluate their needs for particular solutions, to procure the required licensing, and to deploy and configure the solutions on the businesses’ servers. Many of those vendors may even be recommended by the publishers of those software solutions, and their customers naturally feel as though they can rely on their advice and consultation regarding licensing requirements.
However, that reliance can lead to significant legal and monetary exposure in the event of a software audit initiated by the publisher of a software solution. In most cases, software license agreements place the responsibility for acquiring necessary licenses squarely on the shoulders of the company deploying the software, and not on those of any vendors that may have participated in the deployment of the software. Many license agreements also specifically disclaim any statements or representations made by third parties regarding applicable licensing rules or metrics. Therefore, failures to adhere to the rules set forth in the controlling software license agreements – even if those failures arose from inaccurate or incomplete guidance provided by authorized, third-party consultants – should be expected to be held against the company in the event of an audit.
This means that companies engaging the services of third-party vendors cannot afford to assume that the licenses acquired from those vendors really are adequate to support the products deployed by those vendors. While those vendors’ knowledge and services regarding the products they promote may be very valuable, it is critical for IT and legal teams to work closely with the vendors to ensure that they understand the full scope of the product deployments and the publishers’ licensing rules applicable to those deployments. If the vendor is unable or unwilling to participate in a detailed transfer of knowledge regarding applicable licensing requirements, then the company should consider either requiring the vendor to indemnify it against claims related to any licensing errors (which most vendors would reject) or identifying an alternative vendor or software solution.