Being audited is normal, even if it is not fun. Whatever database you use, or whatever your team looks like (in-house DBA or a Managed Service Provider), software licensing auditing must be on the radar.
What is a software licensing audit?
A software license audit is a formal, mandatory compliance review of a company’s use of products and services. Every software company has its own industry standards it expects all users to comply with. Having mandatory standard compliance reviews performed by auditors allows these software companies to maintain legitimate practices and protect intellectual property rights.
Auditing helps minimize corporate risk on all fronts. Software licensing companies want to avoid copyright infringements, and companies using the software want to remain reputable and avoid fines.
Challenges with software licensing auditing:
Fines can be debilitatingly expensive. An auditor’s job is to find problems, not be gentle. What might make trouble for your company? (Outside of copyright and illegal practices, of course)
- License changes between versions: some companies start with one software license and later switch to another. It might not be enough to detect that a library or code fragment has been used – an auditor is looking to see every version.
- Derivative works: some licenses have very specific conditions for linking and creating derivative works. An auditor will have to determine if the library has been linked or derivative work has been created.
- Internal source code fragments: some software packages have fragments of source code. They are provided for reference but are not compatible with internal policies. An auditor will look for the use of those fragments.
Why is software licensing auditing necessary?
Standardizing best practices is always going to be helpful to a company. Most database licenses have a formal license agreement and process that allows reasonable audits of usage and compliance. Auditors are not out to get you – they are out to make sure everyone is following the rules. That can be annoying and potentially expensive, but it must happen.
Imagine a world in which education was not standardized or monitored. Teaching children is great, but classrooms need procedures to be repeatable, sustainable, and trackable. Teachers must bring consequence to students not following the rules.
What is a typical audit procedure?
There is no smoke and mirrors here – a good auditor is always clear in exactly what they are looking for. Here is their general audit process:
- Identify software assets
- Verify software assets including licenses, usage, and rights
- Identify and close gaps that may exist between what exists on the installations, the licenses possessed, and the rights of usage
- Record the results in a centralized location with Proof of Purchase records
Best practices for being audited:
- Provide the information requested – and nothing more
- Keep track of all correspondence and review all requests and responses carefully
- Know what is going to be requested
- Items typically requested in an audit include:
- listing of the products and licenses your organization is using
- the hardware platforms and configurations (CPU type/size especially) in use for those products
- output from various OS and/or database scripts, and running of certain processes or procedures
- Be aware of how to handle being out of compliance
- Database representatives will work with you to determine additional licenses required and/or other options for resolution.
- Follow industry best practices to keep your licenses compliant before being audited
- These include cleaning up named user or CPU license surplus or deficits, reconciling minimum license requirements, purchase of any additional required licenses, etc.
- To be safe – audit yourself before anyone else does
If your organization has received a software or database audit request and you’re not sure where your licenses stand, Solvaria can provide answers!