Embed Size (px)
Citation preview
Surviving a Software Audit
Or
How to Avoid One
Experience
• Years ago started at a firm just after an audit
• Attended the Software Publishers Association Software Management Course
• Implemented several software licensing management programs
Agenda
• Understanding the audit process
• Understanding the rules
• Avoiding the audit or minimizing its impact
Who Will Audit?
• Software and Information Industry Association (SIIA) – SPA is a Division of this organization
• Business Software Alliance (BSA)
How Does this Happen?
• 1-800 number
• Disgruntled employee
• Not so disgruntled employee
• Vendor
• Anyone can call
Anti-Piracy Actions
• Cease and desist letter– Minor infringements– Further action based on response
Scare Letters
• How is your firm doing?
• Do I respond?
Anti-Piracy Actions
• Self audit– Voluntary– Confidential– Proof of ownership
Proof of Ownership
• Dated invoices, purchase orders and/or receipts showing the product and quantity
• Dated software or hardware reseller reports itemizing the products and quantity purchased
Proof of Ownership
• Does NOT include original software
• Does NOT include original manuals or license certificates
• No mixing and matching
Anti-Piracy Actions
• Litigation– Summons and Complaint
• Self Audit
• Penalties based on the US or Canadian Copyright Act plus court costs and attorneys’ fees
• Destroy illegal copies
• Purchase all necessary software
– A matter of public record
Anti-Piracy Actions
• Ex-Parte Search and Seizure Order– Surprise Audit– Pay penalties based on US or Canadian Copyright
Act, court costs and attorneys’ fees– Destroy illegal copies– Purchase all necessary software
• A matter of public record
What are the Penalties?
• Cooperative Audit– Penalty of 3 times the manufacturer’s suggested
retail price of the software to SPA– Purchase all necessary licenses– Total = MSRP X 4
What are the Penalties?
• United States– Civil Penalties up to US$150,000 for each
infringed title– Criminal Penalties up to US$250,000 for each
infringed title and jail time of up to 5 years
What are the Penalties?
• Canada– Civil Penalties up to CDN$20,000 for each
infringed title– Criminal Penalties up to CDN$1,000,000 for
infringed title and jail time of up to 5 years
Understanding Licensing
• It’s not the intent that counts
• Read the agreement carefully
• Get vendors to answer licensing questions in writing
Understanding Licensing
• It’s not as easy as it looks– Concurrent– Home/remote/laptop use– Network licensing– Traditional or competitive upgrades– Client/Server licenses– ASP licenses
Understanding Licensing
• Individual and machine licenses– Individual licenses (one person, one workstation –
never on a server)– Machine licenses (one machine)– Suites (applications cannot be split)– Competitive upgrades
Understanding Licensing
• Font licenses– CPU based– Printer based
Understanding Licensing
• Network licensing– Concurrent user licensing - metering– Network license
• The publisher defines “network”
Understanding Licensing
• Site licenses
• Enterprise licenses
• Volume license agreements
• Client/Server licenses
Understanding Licensing
• Groupware– Concurrent usage– Number of users– Number of installations
Understanding Licensing
• Shareware
• Freeware
• Public domain software
Understanding Licensing
• The legal industry types– By timekeeper (Elite)– By DMS user (Workshare, changed)
Understanding Licensing
• OEM copies
• Transfer and resale
We’re being Audited!
• Negotiate the process
• Self-audit
• Gather the documentation
• Assess the damages
• Negotiate any penalties
• Cooperate!
Avoiding the Audit
• Documentation– Start with your accounting department
• Paid Invoices
• Purchase Orders
• Fixed Asset Systems
• Organizing the records
Avoiding the Audit
• Software manager– Trained on software management and licensing
• http://www.siia.net/piracy/seminars/csm.asp
– Keeper of documentation– Watch dog over IT staff– Keeper of the media– Educator
Avoiding the Audit
• Purchasing process– Use purchase orders– Disallow purchases via credit card where possible– Have a small number of people who can purchase
Avoiding the Audit
• Self audit– SMS– Track-it
Avoiding the Audit
• Establish a policy– Make sure all employees are aware– Sign off on the policy– Visit http://www.siia.net/piracy/policy/default.asp
for sample policies
Avoiding the Audit
• Education– Start with your IT Staff!– Next tackle management
• Demonstrate the costs in penalties• Educate them on how easy it is to be a target
– New hire training– Ongoing reminders– Announced and surprise audits
More Information
• Title 17of the U.S. Code, Sections 101, 106, 117, 501, 504 and 506 and Title 18 of the U.S. Code, Section 2319
• The Software and Information Industry Association (SIIA) http://www.siia.net/default.asp
• Business Software Alliance (BSA) http://www.bsa.org/usa/antipiracy/
• The European Leisure Software Publishers Association (ELSPA) http://www.elspa.com/
Final Words
• Law firms can be special targets
• Start with your own attitude
• Go to a software management class
