|
|
|
|
|
 |
|
White Papers Software audit letters and the health care industry (SAM & HIPPA)
"...a large medical center conducted a routine check to make sure its IT systems were complying with medical regulations. Results revealed inconsistencies between software and licenses, and because the licenses were complex, the center contacted SMS Inc. for recommendations in managing them more effectively. SMS Inc. worked with the center to implement a customized program of software asset management (SAM). The program promotes best practices that help the center comply both with software licenses and with unrelated medical regulations. It simplifies IT administration through efficient software distribution, tracking, and reporting. And it saves money by identifying a 20 percent volume-discount opportunity..."
SAM for the banking industry
"...Banks are no strangers to regulatory compliance. Basel, Sarbanes-Oxley, The Patriot Act and Basel II are being joined by private ratings institutions who peer deep into relationships with customers. Guidelines coming from the SEC and Standard & Poor’s “suggest” banks develop policies for analyzing and documenting customer’s objectives on regulatory issues. According to Moody’s Corporate Governance is increasingly a consideration in bank ratings. Banks are being set up to monitor their customer’s Corporate Governance. The risk is being shifted to banks by requiring they police corporate customers..."
SAM for IT governance
"...IT Governance adds value to the corporation. It increases profitability, valuations and price per share. Yet, 52% of corporate executives question IT’s value. This may be because fewer than 20% of companies have adopted a standard framework and 75% of firms have ineffective IT Governance. Today, shareholders have little tolerance for IT failures. Shareholder activism, inflated D&O premiums, decreased liability coverage, increased costs, in-depth audit probing and the attention of the Securities and Exchange Commission have elevated IT Governance to purview of the Board of Directors. Companies are most vulnerable and incur the highest risk in software asset management. Nine COSO/COBIT control objectives directly cover software assets. This paper examines the best practices and business benefits of a comprehensive software asset management initiative as it fits into the greater IT Governance framework..."
SAM for Sarbanes-Oxley
"...All well-governed IT departments recognize that the adoption of formal policies and procedures enables them to help their corporation meet Sarbanes-Oxley (or SOX) requirements. Performing a Software Asset Management (SAM) consultation identifies these rigorous policies and procedures that have been prescribed by international authorities such as Control Objectives for Information and Related Technology (COBIT), IT Infrastructure Library (ITIL), and the International Organization for Standardization (ISO) 9000, as well as with practices found in well-run, well-governed companies. In this white paper we discuss how comprehensive SAM initiative enables businesses to meet their obligations under SOX and exceed corporate goals for IT governance..."
|
Software Asset Management Q&A Q: What laws cover the use of software in the US? Q: What international laws cover the use of software? Q: What are the chances of becoming a "party of interest" to enforcement agents? Q: What types of proof of ownership are required to be compliant? Q: I believe my company is reasonably compliant. What is my exposure? Q: How long does an SMS audit take to complete? Q: Why should I outsource to SMS when we can do our own internal audit? Q: What laws cover the use of software? In the U.S., software and intellectual property rights are protected under the U.S. Copyright Protection Act as amended in 1964, 1980 and 1990, the No Electronic Theft Act of 1997, the Digital Millennium Copyright Act of 1998, the Software Rental Amendment Act of 1990 and Executive Order # 13103 September 1998. (back to top) Q: What laws are there in place internationally that cover the use of software? Two primary treaties cover software intellectual property rights internationally. They are the World Intellectual Property Organization Copyright Treaty of 1996 and the World Trade Organization's Trade Related Intellectual Property (TRIP) Rights treaty. In addition, the U.S. has a number of separate treaties with individual companies regarding the protection and enforcement of the intellectual property rights as they pertain to electronic media, such as software. (back to top) Q: What are the chances of becoming a "party of interest" to enforcement agents? Enforcement authorities report that the vast majority of their cases come from tips from disgruntled current and former employees. Your chances of being turned in increase with each successive round of downsizing. Pay close attention to employment actions such as less than glowing reviews, demotions, salary decreases and letting go of employees. Your exit interview will come back at you. (back to top) Q: My company has only 10 employees, the BSA won’t waste their time investigating a company of my size will they? The BSA does not publicize the average size of the companies they have investigated. Their view is: Illegal use is illegal use, piracy is piracy, and ultimately either your company is compliant or it isn’t.
A review of a list of companies that have been investigated and have settled or been fined will demonstrate one fact: Fortune 1000 corporations, mid-sized regional enterprises and "Mom & Pop" operations should ALL be on notice. (back to top) Q: What types of proof of ownership are required to be compliant? Dated receipts for purchase Dated packing slips Dated reseller invoices Original media (CD/DVD, Floppy Disks, valid electronic distributions, etc.) Copies of all license agreements for installed software Copies of all documentation for installed software Typically a combination of the above items are required to establish legal proof of ownership (back to top) Q: I believe my company is reasonably compliant. What is my exposure? The general rule is one license, one computer. Enforcement authorities and the courts have upheld the view that it is black-and-white. You are either in compliance or not. There are no shades of gray. (back to top) Q: What are the typical penalties and fees when the BSA requests a voluntary audit and finds instances of non-compliance? Negotiated penalties vary from case to case depending on a variety of factors including: 1) the level of cooperation from the company being investigated, 2) the number of illegal uses found, 3) the degree of non-compliance (i.e., is it a case of a few extra installations of a product or widespread misuse, counterfeiting, distribution, etc.), and 4) what programs and policies the company has in place to avoid illegal use of software.
The average publicized settlement in 2001 was $87,750 and increased to $247,750 in January 2009.
Non-compliance penalties and associated fees can include:
Q: My company received a software audit letter from a legal firm representing the BSA informing me that we are under investigation. What happens next? First, it is in your business’ best interest to comply with the terms of the document; Your level of cooperation will have a decided impact on any potential penalties that may be assessed in the event one or more instances of copyright infringement is uncovered.
Most initial letters request a voluntary software compliance audit to be accompanied by dated legal proof of ownership for all installed software.
Above all, understand your exposure. Here's where we can help - we have the experience and resources to help you prepare the necessary reports and we're happy to discuss your options with you on a confidential basis.
A word of caution: After you've received an audit letter, attempts to remove non-compliant products can usually be detected and will be taken into consideration in a court proceeding or settlement negotiation. (back to top) Q: How long does a software license audit take to complete? The time to conduct an automated audit and perform the reconciliation of software ownership records varies depending on the size and complexity of the network to be inventoried, and the availability of the necessary documentation to prove legal ownership. A typical time frame range for a company with 100 users is between 3 days and 2 weeks. (back to top) Q: Can I load the same single user application on my desktop and laptop at the same time? I’m only using the software on one machine at any time. Definitely NO – this is a common misconception and represents huge exposure for most companies who are unaware of the implications.
Most programs grant the purchaser a single user/single computer license; This means the software may only be installed on one computer and be used by one person at any time.
If you decide to upgrade to a new computer, the license dictates that you either uninstall the application from the old PC or purchase another license for the new system if you intend to leave the initial installation in place. (back to top) Q: I just purchased an upgrade for an old version of software that I want to install on a new PC. Can I just install the newer version on my new computer and leave the old software on the older PC? Do I now own two legal copies of the product? In most cases the answer is no, and again it is a common misconception among many users.
If you purchased an Upgrade version of a product (typically at a lower cost than buying the full product), you are effectively replacing the old license with the new license. You still have only one license.
This doesn’t give you the right to continue using the older version of the program as you effectively still have one SINGLE USE LICENSE, not two licenses. (back to top) Q: Why should I outsource to SMS when we can do our own internal audit? Typically a self audit is conducted by IT staff and/or administrative personnel who, in most cases, are not familiar with Federal Copyright laws, best practices and procedures; SMS has completed that work already.
In today’s economic climate, as well as when business is booming, most IT professionals are already taxed in terms of their job responsibilities and the time they have to do it; adding a time-intensive job like software compliance audits increases the burden and creates less time for their regularly assigned duties.
The hard and soft costs associated with refocusing internal staff to perform a self audit is typically much greater than outsourcing to SMS, especially when the impact of lost productivity is taken into account.
SMS can conduct an initial audit, assist in getting your software purchase and license record keeping and documentation in order, implement appropriate software policy and train your people on the proper use of software. Additionally, SMS can conduct periodic -- monthly or quarterly -- random audits to assure compliance going forward.
Outsourcing software compliance program to SMS demonstrates a company’s commitment to get and stay legal to its employees, investors, business partners and customers, software vendors and enforcement groups.
Outsourcing your software compliance assurance program to SMS makes sound business and financial sense. (back to top) Q: My company hired SMS™ to run an audit and found that we are not compliant. Is SMS™ obligated to inform the BSA and/or the Software Publisher? SMS™ maintains the confidentiality of our clients. Our business depends upon it. Our service is focused on assisting you to certify 100% compliance.
SMS™ conducts the audit and oversees the reconciliation of legal software ownership, and provides an initial report to the client that indicates whether or not they are in compliance.
The reports show where the deficiencies may be and SMS makes recommendations on ways to get 100% compliance implemented if required.
It is a client’s responsibility to determine how to proceed.
SMS™ considers the issued reports client confidential and does not divulge any findings to outside parties unless authorized to do so by the client or required by a court of law. We can provide independent 3rd-party verification of initial and ongoing compliance upon advanced written notification and approval by you. (back to top) ©2009 SMS, Inc.
|
Nov 2009 |
|||||
|
©2009 SMS, Inc.™ is an ITGS™ Company and a trademark of SMS, Inc. all rights reserved all other trademarks are property of their copyright holders SMS, Inc. Redmond, WA 98052 toll free (877) 790-5002 terms of use | sitemap | legal |
|||||||
