When to Buy vs. Uninstall in Software Audits
One of the most common mistakes I encounter in software audits is what I call the post-effective date software buying spree. The buying spree occurs in response to a letter from a publisher or publisher’s attorneys requesting a self audit. Many clients are discouraged to learn that software purchases made after the date of the initial letter have no impact in a software audit matter. For this reason, I advise my clients against scrambling to acquire software in response to a software audit.
The first thing a target of a software audit needs to do is preserve the evidence of software products installed on the company’s computers as of the audit effective date. Second, the software installed needs to be reconciled against proof of purchase information to determine whether there is gap between licenses owned and software installed. Third, a decision needs to be made regarding whether to purchase or uninstall any unlicensed software. The auditing entity is only concerned with those products installed as of the audit effective date, and accepts only proofs of purchase dated on or before that date.
I advise my clients that regardless of what was installed on the audit effective date, they only need to purchase software licenses for products that they need to use going forward. Although it will not resolve past liability, companies may choose to uninstall unlicensed products at the conclusion of the audit matter, rather than purchase unnecessary software simply because it was installed on the effective date. At the conclusion of a software audit matter, the target must certify that it has come into compliance through the combination of buying and\or uninstalling the products in question.