Software licensing audit


Software licensing audit

Software Asset Management is an organization process, which is outlined in ISO/IEC 19770-1. It is also now embraced within # ISO 27001:2005 Information Technology - Security Techniques - Information Security Management Systems - Requirements [cite web|url=http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=42103&ICS1=35&ICS2=40&ICS3=|title=ISO/IEC 27001:2005|year=2005|accessdate=2008-03-23] and ISO/IEC 17799:2005 Information Technology - Security Techniques - Code of Practice for Information Security Management. [cite web|url=http://www.iso.org/iso/en/prods-services/popstds/informationsecurity.html|title=ISO/IEC 17799:2005|year=2005|accessdate=2008-03-23]

Software Asset Management is a comprehensive strategy that has to be addressed from top to bottom in an organization to be effective, to minimize risk.A software compliance audit is an important sub-set of Software Asset Management and is covered in the above referenced standards. At its simplest it involves the following:

# Identification of Software Assets.
# Verifying the Software Assets including licenses, usage, and rights.
# Identifying gaps that may exist between what exists on the installations, and the licenses possessed, and the rights of usage.
# Taking action to close any gaps.
# Recording the results in a centralized location with Proof Of Purchase records. The audit process itself should be a continuing action, and modern SAM software identifies what is installed, where it is installed, its usage, and provides a reconciliation of this discovery against usage. This is a very useful means of controlling software installations and lowering the costs of licensing. Large organisations could not do this without discovery and inventory applications.

From time to time internal or external audits may take a forensic approach to establish what is installed on the computers in an organisation with the purpose of ensuring that it is all legal and authorised and to ensure that its process of processing transactions or events is correct.

Software audits should not be confused with code audits, which are carried out on the source code of a software project.

Controversy

Vendors subscribe to organizations such as the Federation against Software Theft (FAST) and the Business Software Alliance (BSA) as a means of providing an industry approach to control piracy, counterfeiting, and illegal use of software. They publicise campaigns against illegal use of software and reward any employees who notify them of any breaches which result in successful prosecution and/or recovery of license fees.

External links

* [http://www.iso.org ISO Standard for SAM]
* [http://www.bsa.org Business Software Alliance]
* [http://www.siia.net Software and Industry Information Association]

References


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Software audit — can mean: * a software licensing audit, where a user of software is audited for licence compliance * software quality assurance, where a piece of software is audited for quality * a software audit review, where a group of people external to a… …   Wikipedia

  • Software Asset Management — (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. According to the Information Technology Infrastructure Library… …   Wikipedia

  • Open-source software — The logo of the Open Source Initiative Open source software (OSS) is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under a software license… …   Wikipedia

  • List of proprietary software for Linux — Though Linux is an open source operating system and usually comes bundled with free and open source software, proprietary software for Linux does exist and is available to end users. The following is a list of proprietary software for Linux:… …   Wikipedia

  • Volume license key — (VLK) is a term used by many computer software companies to denote the product key used when installing software licensed under volume licensing, which allows a single product key to be used for multiple installations.[citation needed] This form… …   Wikipedia

  • Microsoft Developer Network — The MSDN logo. The Microsoft Developer Network (MSDN) is the portion of Microsoft responsible for managing the firm s relationship with developers and testers: hardware developers interested in the operating system (OS), developers standing on… …   Wikipedia

  • OpenBSD — OpenBSD …   Wikipedia

  • Computers and Information Systems — ▪ 2009 Introduction Smartphone: The New Computer.       The market for the smartphone in reality a handheld computer for Web browsing, e mail, music, and video that was integrated with a cellular telephone continued to grow in 2008. According to… …   Universalium

  • Multi-core — A multi core processor (or chip level multiprocessor, CMP) combines two or more independent cores into a single package composed of a single integrated circuit (IC), called a die, or more dies packaged together. The individual core is normally a… …   Wikipedia

  • Certified Information Systems Auditor — [1] Certified Information Systems Auditor (CISA) is a professional certification for Information Technology Audit professionals sponsored by ISACA, formerly the Information Systems Audit and Control Association. Candidates for the certification… …   Wikipedia