Jump to content

Software licensing audit: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m Reverted edits by Therag18 (talk) to last version by SmackBot
In court, it is copyright infringement, not "software piracy"
Line 16: Line 16:
From time to time internal or external audits may take a forensic approach to establish what is installed on the computers in an organisation with the purpose of ensuring that it is all legal and authorised and to ensure that its process of processing transactions or events is correct.
From time to time internal or external audits may take a forensic approach to establish what is installed on the computers in an organisation with the purpose of ensuring that it is all legal and authorised and to ensure that its process of processing transactions or events is correct.


Software audits are a component of corporate risk management, and they certainly minimise the risk of prosecution for [[Copyright infringement of software|software piracy]] due to use of unlicensed software. Most vendors permit the company to settle without prosecution though in serious cases, prosecutions certainly occur. In addition with a strict software usage policy the risk of [[viruses]] are minimised by preventing uncontrolled software copying.
Software audits are a component of corporate risk management, and they certainly minimise the risk of prosecution for [[Copyright infringement of software|copyright infringement]] due to use of unlicensed software. Most vendors permit the company to settle without prosecution though in serious cases, prosecutions certainly occur. In addition with a strict software usage policy the risk of [[viruses]] are minimised by preventing uncontrolled software copying.


Software audits should not be confused with [[code audit]]s, which are carried out on the [[source code]] of a software project.
Software audits should not be confused with [[code audit]]s, which are carried out on the [[source code]] of a software project.

Revision as of 02:50, 13 January 2008

Software Asset Management is an organization process, which is outlined in ISO/IEC 19770-1. It is also now embraced within # ISO 27001:2005 Information Technology - Security Techniques - Information Security Management Systems - Requirements[1] and ISO/IEC 17799:2005 Information Technology - Security Techniques - Code of Practice for Information Security Management.[2]

Software Asset Management is a comprehensive strategy that has to be addressed from top to bottom in an organization to be effective, to minimize risk. A software compliance audit is an important sub-set of Software Asset Management and is covered in the above referenced standards. At its simplest it involves the following:

  1. Identification of Software Assets.
  2. Verifying the Software Assets including licenses, usage, and rights.
  3. Identifying gaps that may exist between what exists on the installations, and the licenses possessed, and the rights of usage.
  4. Taking action to close any gaps.
  5. Recording the results in a centralized location with Proof Of Purchase records.

The audit process itself should be a continuing action, and modern SAM software identifies what is installed, where it is installed, its usage, and provides a reconciliation of this discovery against usage. This is a very useful means of controlling software installations and lowering the costs of licensing. Large organisations could not do this without discovery and inventory applications.

From time to time internal or external audits may take a forensic approach to establish what is installed on the computers in an organisation with the purpose of ensuring that it is all legal and authorised and to ensure that its process of processing transactions or events is correct.

Software audits are a component of corporate risk management, and they certainly minimise the risk of prosecution for copyright infringement due to use of unlicensed software. Most vendors permit the company to settle without prosecution though in serious cases, prosecutions certainly occur. In addition with a strict software usage policy the risk of viruses are minimised by preventing uncontrolled software copying.

Software audits should not be confused with code audits, which are carried out on the source code of a software project.

Controversy

Vendors subscribe to organisations such as the Federation against Software Theft (FAST) and the Business Software Alliance (BSA) as a means of providing an industry approach to control piracy, counterfeiting, and illegal use of software. They publicise campaigns against illegal use of software and reward any employees who notify them of any breaches which result in successful prosecution and/or recovery of license fees.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Software_licensing_audit&oldid=183965603"