What If I Discover Unlicensed IBM Software on My Servers?
Software license compliance is a task that typically requires constant vigilance. Despite a CIO’s best efforts, it is almost inevitable that software will be deployed on a company’s computers at some point without having the necessary licenses to permit such use. For most software, the response to such a discovery will be to simply remove any unlicensed, unneeded products and to purchase licenses for whatever is left. However, with IBM software, that solution may not resolve all liability associated with the unlicensed deployments
Almost all IBM software is licensed under the terms of the International Program License Agreement (IPLA), the current version of which is available here. The IPLA contains universally applicable terms requiring that all product deployments be licensed and providing that IBM may conduct audits to verify that software has not been over-deployed. The IPLA is a “click-wrap” agreement, and it attaches once a business downloads, installs, copies, accesses or otherwise uses a software product. The IPLA does not include a licensing “grace period” for inadvertent installations. Therefore, a company incurs a licensing obligation to IBM as soon as it deploys IBM software in any way that would require a license purchase under the terms of the IPLA or any License Information document.
By itself, that kind of licensing model is not particularly unusual, in that most publishers do not write their license agreements to give customers an opportunity to deploy software without paying for it. However, the exposure analysis changes for IBM products deployed on a sub-capacity basis. Under those circumstances, the current International Passport Advantage Agreement (IPAA) includes a more express compliance requirement, obligating a licensee to “promptly place an order with IBM or Customer’s IBM reseller if Audit Reports reflect Eligible Sub-Capacity Product use in excess of Customer’s authorized level. IBM Software Subscription and Support coverage will be determined to begin at the time Customer exceeded Customer’s authorized level.” The IPAA does not include any terms specifying that unneeded installations may be destroyed in lieu of a license purchase. More importantly, though, the IPAA also requires that a licensee must create a written record of its sub-capacity deployments over time in the form of reports generated by IBM’s License Metric Tool (ILMT). Where most inadvertently installed software can be destroyed without a publisher ever knowing it in advance of an audit, the ILMT reports create a “paper trail” that can be used against the business when IBM’s auditors come calling.
To minimize licensing exposure resulting from unintended IBM product deployments, it may make sense for a business with heavy reliance on IBM software to consider deploying ILMT, as required by the IPAA, and then also deploying a secondary tool to help monitor environments at higher risk of over-deployments. Using the secondary tool can give a licensee an opportunity to take action to correct over-deployments without generating a potentially incriminating, auditable record.