Any activity with “audit” in the name sounds about as much fun as root canal. Such is the case with software audits which are generally performed by the largest software companies on the planet such as Microsoft, Oracle and SAP. Microsoft tends to dominate the conversation when it comes to software audits given their breadth of products and various licensing models which can overwhelm even the most seasoned MSP or IT professional. While an audit is something you should take seriously it’s not something you should be afraid of if you’re prepared.
Microsoft MAP Inventory and Assessment tool[/caption]
This week I want to dive into the different types of audits Microsoft performs and cover a few best practices you can utilize when preparing for an audit. I’m working under the assumption that everyone wants to honestly pay for the software they are using. If you work for a company and are unsure if you’re in compliance, this would be a good time to start asking questions, and quickly move towards compliance. Two Types of Microsoft Software Audits Microsoft performs two types of audits: Software Assessment Management (SAM) and Legal Contracts and Compliance (LLC). SAM: This is usually the first type of audit you will receive. A SAM audit is Microsoft’s way of saying, “Let’s take a look to make sure you’re in compliance. If not, we’ll work together to help bring you into compliance.” SAM is often referred to as a “self-audit” because you’ll be asked to fill out forms detailing the Microsoft software you’re using and compare it to what you’ve already purchased. Some consider this approach as extending an olive branch. Some companies have been offered deals or new licensing agreements to help facilitate bringing them into compliance. Those who have gone through a SAM say Microsoft is genuinely helpful as long as you are making an honest attempt to become compliant. Microsoft pays for a SAM audit which is performed by a partner such as SWI. Your participation in a SAM is voluntary. But understand that if you decline, you can expect to be presented with the next type of audit. LLC: Microsoft will issue an LLC when a customer refuses a SAM. These are not voluntary and could mean that someone has accused your company of intentional software piracy. If you’ve been issued a LLC audit it may be best to consult an attorney.* These audits that are handled by the Business Software Alliance (BSA). The BSA is the largest anti-piracy group in existence and is hired by nearly every large software company to perform this more invasive audit. “One of the things we make clear right from the start is that this is a serious matter,” Jenny Blank, programs manager for the BSA said in a Redmond Magazine piece, “The penalties allowed by law are up to $150,000 per title infringed.” Best Practices
- Don’t Procrastinate – You don’t want the process to snowball on you. If you feel your company may be out of compliance it’s best to get it taken care of as soon as possible. Microsoft is more understanding when they know you’re serious about becoming compliant.
- Don’t Assume Legitimacy – Unfortunately, there are dishonest resellers out there taking advantage of companies by selling them pirated software. What’s worse is that many companies don’t realize they are using pirated software until an audit uncovers the truth. Your best course of action is to work with a trusted certified reseller.
- Keep All Receipts – You will be asked to prove you purchased that laptop running a copy of Windows 8 or Office 2013. If it’s running Microsoft software you’ll need to prove that you legally purchased it, and that includes all OEM and Retail licenses.
- Keep Current Inventory of All Software – This should seem like a no-brainer, but, by no fault of your own, you may have walked into a situation where it’s not clear what software is being used at your organization or an organization you work with. In this case, one of the first things you should do is perform a baseline inventory of all installed software. This will enable you to spot gaps in compliance. Microsoft provides a free Assessment and Planning Toolkit for this very purpose.
- Work with Your Vendor – There’s a good chance you won’t be 100% compliant for every piece of software in your company. That’s normal, and Microsoft expects this. Microsoft also expects you to work quickly to become compliant, which will involve working with your vendor to determine what it will cost to become compliant. Management is going to want that number so it’s best to understand the costs as soon as possible.
Microsoft customers with an Enterprise Agreement (EA) or other Microsoft Volume Licensing contract are considered to be compliant, as long as the company has met the annual true-up requirements. Most audits are issued to customers under Open or Selection licensing agreements, which are used primarily by small and mid-sized companies. According to a 2012 survey by IDC, almost 75% of software vendors believe their customers do not manage software license entitlements correctly. This helps explain why the frequency of software audits more than doubled between 2008 and 2011. If you’re running Microsoft software, there’s a very good chance you’ll be asked to participate in a SAM audit within the next year or so. You will save yourself a lot of time and hassle by working today to become compliant instead of waiting for the notice to arrive. *This article is for informational purposes only. Any legal matters should be discussed with an attorney.
You May Also Like
- Backup and Disaster Recovery Business Continuity Cloud Compliance Cybersecurity Data Protection Data Resilience Ransomware
The Vital Role of Replication in Ensuring Data Resilience
November 20th, 2024 - Backup and Disaster Recovery Business Continuity Compliance Cybersecurity Data Protection Data Resilience Ransomware
Achieving Enhanced Malware Protection in the Face of Ever-Evolving Threats
November 5th, 2024 - Backup and Disaster Recovery Business Continuity Compliance Cybersecurity Data Protection Data Resilience Ransomware
DCIG Review: Embracing Hybrid Clouds and Mitigating Ransomware Threats with Arcserve UDP 10
October 31st, 2024