software license management study guide – ecp

International Business Software Managers Association Software LicenSe management

Study GuIde

OVeRVIeW

At last, an introduction to the basics of software asset management (SAM) and

software license management (SLM) for a wide-ranging audience! Based on our

popular PCSLM course, this comprehensive guide is written in uncomplicated English and

allows you to cover the course material at your own pace.

Organizations of all sizes and industries around the world have a need to

manage software licenses proficiently. In fact, today the wide variety of

individuals involved in IT service management—and even many non-IT

staff—would benefit from a solid foundation in effective software license

management practices.

WhAt yOu’ll tAke AWAy

Learn practical tips and best practices.

Apply concepts to your work by completing the self-assessment exercises.

Review illustrations, graphics and key terms in each chapter to

understand how concepts relate and summarize main points.

Prepare to take the Practitioner Certificate in Software License

Management (PCSLM) exam as well as administer an SLM program

at your company.

Through this guide you’ll learn practical tips and best practices for software

license management that can be applied to your organization right away.

We show many examples of SLM in practice to illustrate how, when successfully executed, SLM is a

good business investment. The case studies also show how professionals who implement SLM best

practices have thoroughly incorporated a “culture of compliance” in their workplace.

The guide’s self-assessment exercises enable you to apply each chapter’s concepts to your work

environment. Illustrations and graphics show how concepts relate and summarize main points.

There is also a handy list of key terms in the front of each chapter. You’ll find that the practice

exercises enable you to figure out the best way to handle everyday SLM situations. We also provide

the answers!

the Study guide iS organized into Seven chapterS:

1 Auditing and Compliance Basics

2 Licensing Overview

3 Assessing Your SAM Proficiency

4 Tools and Technology

5 Making the Business Case

6 External Audits

7 Self-Audits

WhO ShOuld uSe thIS GuIde

IT service and software management pros at any size organization involved in the following areas:

• Software or hardware inventory (whether automated or manual)

• Purchasing

• Technical support

• Contract management

• Legal

• Compliance or internal audit

Plus, non-IT staff including business unit managers, project managers and administrative and support

staff involved in acquiring, approving or distributing software, should also understand the essential

elements of software license management and would benefit from this guide.

CeRtIfICAte exAMPractitioner Certificate in Software license Management exam (PCSlM)

When you complete the study guide and exercises, you’ll be prepared to take the PCSLM exam as

well as administer an SLM program at your company. The multiple-choice exam can be completed it

in about one hour. Your exam will be scored and, if you pass, you’ll receive a certificate of completion.

COStS And hOW tO ORdeR

The study guide is available in PDF format for $195.

The exam fee is $150. Quantity discounts are offered.

OrDer The guIDe and exaM OnLIne at

IBSMA.com/publications.html or call IBSMa at

1.734.930.1925.

International Business Software Managers Association

Software LicenSe managementStudy GuIde

for more information visit iBSma.com

IBSMA 400 north First Street | ann arbor, Michigan 48103 u.S.a. | O 1.734.930.1925 | f 1.734.930.2316

http://www.IBSMA.com/publications.html

http://www.IBSMA.com

SAMPLE COPY

Contents in detail

Software LiCenSe management

InternatIonal BusIness software Managers assocIatIon

study guIde

SAMPLE COPY

SAMPLE COPY

v

Contents

introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1about this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

who should use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

How to use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

the main topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

How each chapter is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

other resources and help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1 auditing and Compliance Basics . . . . . . . . . . . . . . . 5the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

overview and objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

the starting point: software license management terms . . . . . . . . 7

software compliance audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Motivations for compliance audits . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

testing your knowledge of compliance audits . . . . . . . . . . . . . . . . .14

the self-audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

getting audit-ready . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

case study: optimized license management . . . . . . . . . . . . . . . . . . .19

study questions, review and exercises . . . . . . . . . . . . . . . . . . . . . . . .21

2 Software License agreements: terms, types and negotiation tips . . . . . . . . . . . . . . . . . . . . . . . . . 25

the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

overview and objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Proof of license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

classifying licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Quick self-check of licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

nine negotiation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

case study: remixable license pools . . . . . . . . . . . . . . . . . . . . . . . . . . .44

study questions, review and exercises . . . . . . . . . . . . . . . . . . . . . . . . .45

SAMPLE COPY

Software LiCenSe management study guIde

vi

3 assessing Your Sam Proficiency . . . . . . . . . . . . . . . 51the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51


Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

embarking on a saM self-assessment . . . . . . . . . . . . . . . . . . . . . . . . .53

the foundation: six saM process areas . . . . . . . . . . . . . . . . . . . . . . . .54

Investigating your saM processes . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Quiz: applying Iso/Iec 19770-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

starting a self-assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

case study: conducting a self-assessment . . . . . . . . . . . . . . . . . . . . .62


4 tools and technology . . . . . . . . . . . . . . . . . . . . . . . . . 71the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72


criteria and constraints for tool selection . . . . . . . . . . . . . . . . . . . . .73

exercise: Identify your criteria for tool selection . . . . . . . . . . . . . . . .75

Point, combined and suite solutions . . . . . . . . . . . . . . . . . . . . . . . . . . .76

factors in selecting tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

Mapping functions to standard process areas . . . . . . . . . . . . . . . . . .81

four performance priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

case study: Planning for a technology overhaul . . . . . . . . . . . . . . . .85

study questions, review and exercises . . . . . . . . . . . . . . . . . . . . . . . . .86

5 making the Business Case: roi . . . . . . . . . . . . . . . . 91the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91


Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Business case basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

developing the roI-centric business case . . . . . . . . . . . . . . . . . . . . .95

respond to objections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

Bringing it all together: sample business case . . . . . . . . . . . . . . . .105

case study 1: reporting return on investment . . . . . . . . . . . . . . . .107

case study 2: calculating roI & starting an slM program . . . . . .108


SAMPLE COPY

Contents

vii

6 managing external audits . . . . . . . . . . . . . . . . . . . 121the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121

overview and objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

the auditors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

overview of the audit process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124

compliance review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

How to handle an audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

exercise: determine your audit readiness . . . . . . . . . . . . . . . . . . . . .128

commanding compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

Be honest, not defensive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

case study: cashing in on compliance . . . . . . . . . . . . . . . . . . . . . . . .132


7 Self-audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143

standards and frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143


Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144

exercise: which would you use? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

establishing the control environment . . . . . . . . . . . . . . . . . . . . . . . .150

communicate and educate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150

self-audit execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

case study: optimized software license management . . . . . . . .156


index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

SAMPLE COPY


viii

introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1about this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

who should use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

How to use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

the main topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

How each chapter is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

other resources and help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1 auditing and Compliance Basics . . . . . . . . . . . . . . . 5the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

overview and objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

the starting point: software license management terms . . . . . . . . 7Software asset management (SAM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7License compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7License type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

software compliance audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Digging deeper into external audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Details on auditors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Publishers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Third parties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Motivations for compliance audits . . . . . . . . . . . . . . . . . . . . . . . . . . . .12The cost of piracy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Reports of noncompliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Random checks and other motives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

testing your knowledge of compliance audits . . . . . . . . . . . . . . . . .14

the self-audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15Stakeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

getting audit-ready . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16Risk control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Cost control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Competitive advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

case study: optimized license management . . . . . . . . . . . . . . . . . . .19

case study review questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Vocabulary quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Contents in DetailSAMPLE COPY

Contents in detail

ix

exercise: are you audit-ready? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

answers and guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

2 Software License agreements: terms, types and negotiation tips . . . . . . . . . . . . . . . . . . . . . . . . . 25

the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26


Proof of license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

classifying licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28Licenses by product type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Sales channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Upgrades and downgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Licenses by duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Licenses by metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Quick self-check of licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

nine negotiation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341. What software are you buying? What services does it include? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342. What product use rights come with the software? . . . . . . . . . . . . 353. When will you pay? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364. How much does the software cost now? . . . . . . . . . . . . . . . . . . . . . 375. How much might the software cost later? . . . . . . . . . . . . . . . . . . . . 386. How is a contract dispute or variance handled? . . . . . . . . . . . . . . . 397. What happens if the relationship ends or changes significantly? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408. What common terms, or boilerplate, define the legal agreement? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419. What constitutes acceptance of customized software? Who will support/control the customizations? . . . . . . . . . . . . . . . . 41

case study: remixable license pools . . . . . . . . . . . . . . . . . . . . . . . . . . .44

case study review questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Vocabulary quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

exercise: Bolster your contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

exercise: self-assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48


SAMPLE COPY


x

3 assessing Your Sam Proficiency . . . . . . . . . . . . . . . 51the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51


Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

embarking on a saM self-assessment . . . . . . . . . . . . . . . . . . . . . . . . .53

the foundation: six saM process areas . . . . . . . . . . . . . . . . . . . . . . . .54Organizational management processes . . . . . . . . . . . . . . . . . . . . . . . . . . 55Core SAM processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Primary process interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Investigating your saM processes . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Quiz: applying Iso/Iec 19770-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

starting a self-assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59Stakeholders and organizational concerns . . . . . . . . . . . . . . . . . . . . . . . . 59Setting the scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

case study: conducting a self-assessment . . . . . . . . . . . . . . . . . . . . .62

case study review questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Vocabulary quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

exercise: saM self-assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66


4 tools and technology . . . . . . . . . . . . . . . . . . . . . . . . . 71the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72


criteria and constraints for tool selection . . . . . . . . . . . . . . . . . . . . .73Budget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Business needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Process maturity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

exercise: Identify your criteria for tool selection . . . . . . . . . . . . . . . .75

Point, combined and suite solutions . . . . . . . . . . . . . . . . . . . . . . . . . . .76

factors in selecting tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

Mapping functions to standard process areas . . . . . . . . . . . . . . . . . .81

four performance priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83Urgency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Ease of use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Core specialty emphasis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

case study: Planning for a technology overhaul . . . . . . . . . . . . . . . .85

case study review questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86

SAMPLE COPY

Contents in detail

xi

Vocabulary quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87

exercise: selecting the right tool for you . . . . . . . . . . . . . . . . . . . . . . .88


5 making the Business Case: roi . . . . . . . . . . . . . . . . 91the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91


Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Business case basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92What is a business case? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92A five-point approach to business case development . . . . . . . . . . . . 93

Management commitment is paramount . . . . . . . . . . . . . . . . . . . . . . . . . 93Don’t forget other key stakeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Speak in business language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94The best defense is a good offense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Success is contagious . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

developing the roI-centric business case . . . . . . . . . . . . . . . . . . . . .95Establish context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Align with business objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Calculate ROI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Defining exposure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96ROI in six simple steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

1. Tabulate software license figures . . . . . . . . . . . . . . . . . . . . . . . . 972. Calculate per-product exposure . . . . . . . . . . . . . . . . . . . . . . . . . 983. Calculate net exposure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 984. Calculate benefit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1005. Calculate investment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1016. Report return on investment . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Outline implementation alternatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

respond to objections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

Bringing it all together: sample business case . . . . . . . . . . . . . . . .105

case study 1: reporting return on investment . . . . . . . . . . . . . . . .107

case study 2: calculating roI & starting an slM program . . . . . .108

Vocabulary quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

exercise: calculate your roi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112

answers and guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

6 managing external audits . . . . . . . . . . . . . . . . . . . 121the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121


Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

SAMPLE COPY


xii

the auditors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122Publishers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Publisher motivations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Compliance agencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

overview of the audit process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

compliance review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125Settlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

How to handle an audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125Demanding compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Consider your contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Work with publishers and tool providers . . . . . . . . . . . . . . . . . . . . . . . . . . 126Keep your own records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

exercise: determine your audit readiness . . . . . . . . . . . . . . . . . . . . .128

commanding compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

Be honest, not defensive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129Talk with legal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130Circulate nondisclosure agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130Know the roles and clarify the methods . . . . . . . . . . . . . . . . . . . . . . . . . 130Always negotiate the settlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

case study: cashing in on compliance . . . . . . . . . . . . . . . . . . . . . . . .132

Vocabulary quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137

exercise: Preparing for an external audit . . . . . . . . . . . . . . . . . . . . . .138


7 Self-audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143the basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143

standards and frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143Adding value via conformance, compliance and certification . . . . 143


Key terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144Frameworks: COBIT and ITIL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Standards bodies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

ISO/IEC 19770-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

exercise: which would you use? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

establishing the control environment . . . . . . . . . . . . . . . . . . . . . . . .150Assess risk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Change your attitude . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

communicate and educate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150

self-audit execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152Assemble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

SAMPLE COPY

Contents in detail

xiii

Locate data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152Collect data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153Costs, risks, optimizations and open loops . . . . . . . . . . . . . . . . . . . . . . . . 153Action recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

case study: optimized software license management . . . . . . . .156

Vocabulary quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160

exercise: executing a self-audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161


index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

SAMPLE COPY

SAMPLE COPY

1

introduction

about this guide Software license management (SLM) is the active manage-ment and administration of software allocation, deployment, licensing and contractual obligations. License management encompasses managing the risks associated with software license compliance as well as the costs of acquiring software.

Software license management is an invaluable IT discipline, although just a few years ago programs dedicated to the field existed only in pockets of the corporate world, at the largest and most mature organizations. These trailblazing IT depart-ments realized the advantages of maintaining airtight control over software licenses, to the tune of more favorable contracts with software publishers, enhanced public image, increased infrastructure security and hundreds of thousands—some-times even millions—of dollars in return on investment.

This study guide is designed to help you learn about software license management as a subcategory of the larger practice of software asset management. When you complete the study guide, you will be prepared to take IBSMA’s Practitioners Certificate in Software License Management (PCSLM) exam as well as administer an SLM program at your organization.

You will learn the concepts and applications of software license management via various methods, from narratives about SLM to case studies to illustrations. All of these are designed to help you put the concepts and skills into practice as well as answer questions on the exam.

We show many examples of SLM in real-world situations and offer practical tips and best practices that can be applied right away. Each chapter includes a short case study to illustrate how SLM, when successfully applied and implemented, is a good business investment. The case studies also show how the professionals who implement SLM best practices have thoroughly incorporated a “culture of compliance” in their environment.

in thiS ChaPter

About this guide

Who should use this guide

How to use the guide

The main topics

How each chapter is organized

Other resources and help

SAMPLE COPY


2

The self-assessment exercises are a key component of this guide and enable you to apply each chapter’s con-cepts to your work environment.

This guide includes several tools to help apply what you learn. Illustrations and graphics show relationships of concepts and summarize main points. There is also a handy list of key terms in the front of each chapter. You’ll find that the reviews and exercises in each chap-ter enable you to practice figuring out the best way to handle the SLM situations that you’re likely to come across in your work. We also provide the answers!

who should use this guideOrganizations of all sizes, industries and nationalities have a need to manage software licenses. For small organiza-tions with fewer than 500 desktop computers and a few servers, typically one person is responsible for software license management, and it may be just one aspect of his or her job. For larger organizations with upwards of 5,000 PCs and many servers, several people may be dedicated to license management or the job could be divided by product or computing platform.

In fact today, the wide variety of individuals involved in IT service management—from software or hardware inventory (whether automated or manual), to purchasing, technical support, contract management and legal ser-vices—could all benefit from a solid foundation in effec-tive software management practice. Non-IT staff includ-ing business unit managers, project managers, adminis-trative and support staff involved in acquiring, approving or distributing software should also understand the essential elements of software license management.

This guide is designed to be the introduction to license management for a broad audience and provide a founda-tion even for individuals with little technical background. We assume, however, that our reader has basic familiarity with business concepts and experience in a commercial, government or educational work environment.

How to use this guideThe average reader will need roughly 10 hours to com-plete the study guide and all the quizzes and exercises. You may choose to read straight through or break your

study time into sections. The chapters are logical seg-ments of work.

At the end, you will be prepared to take the PCSLM exam and we recommend you take the exam as soon as possible. The exam is offered online, has 30 multiple-choice questions and you can complete it in one sitting. It takes about one hour. Once your exam is scored and you pass, you will receive a certificate of completion from the International Business Software Managers Association.

When you purchased this book you were offered an opportunity to pre-pay the exam fee. If you did, contact IBSMA when you’re ready to take the exam. If you did not pre-pay you can register online for the exam at any time at IBSMA.com and pay the exam fee.

the main topicsIn the first half of this book, we’ll cover the why, what and how of software license management: How to com-bat rising risks and costs from over- and under-licensing through stating and meeting basic compliance objec-tives; and how to negotiate strong software license agreements and undertake self-assessments.

In the second half, we apply this knowledge. We look first at tools for automating software asset management (SAM), then we detail how to craft a business case to bring management onboard with a license manage-ment program. We then delve into the action items that move external audits along and make self-audits effective.

The study guide is organized into seven chapters:

1. Auditing and Compliance Basics

2. Licensing Overview

3. Assessing Your SAM Proficiency

4. Tools and Technology

5. Making the Business Case

6. External Audits

7. Self-Audit

The detailed contents section at the beginning of the book, outlines the topics, exercise and case studies included in each chapter (see Contents in Detail, page viii).

SAMPLE COPY

introduction

3

How each chapter is organizedEach chapter uses the same structure to present the concepts and examples of successful implementation.

to get started, the In This Chapter and the first section introduce you to the main topics. The Overview and Objectives section states specifically what you will be able to do by the end of the chapter. The Key Terms list summarizes all the new terms you will encounter.

each topic area includes illustrations and tables to summarize graphically the concepts and their relation-ships. Key terms are introduced near the items they define. Icons for key terms, details and new ideas appear throughout the book.

Key terms icon—indicates a new key term

Details icon—indicates details, key examples or a closer look at a concept

new ideas icon—indicates new ideas, additional material and applying what you’ve learned

reinforcing the learning . Exercises designed to help you recall the main points of a topic, as well as syn-thesize what you learn, entail answering questions about samples cases and include vocabulary quizzes.

Case study . A short story is included in each chapter based on real-world examples. These show how orga-nizations use software license management to improve operations and the bottom line. Each case study is followed by review questions and short quizzes.

review questions, exercise—a review summarizes the main points of the chapter

Quiz icon—indicates a short quiz or exam on the chapter’s contents

application to your organization . A final exercise helps you assess if you are ready to apply the ideas to your organization. This exercise consists of several parts that may include giving a current rating of your organization’s software license management capabilities compared to the ideal, and then listing action items that you’ll need to complete.

And finally the answers to the quiz in each chapter are the last section of each chapter.

answers and guidance to case study and quizzes.

other resources and helpThe study guide includes a detailed contents list at the front as well as an index of topics at the back.

More than 500 software license and IT asset management terms are summarized in an online glossary which can be accessed at IBSMA.com/glossary.html.

Additional publications on software licensing, tools and SAM processes are available from IBSMA. For more information visit IBSMA.com.

SAMPLE COPY

SAMPLE COPY

171

index

aabandonware, 13academic case study, 156–58, 170acceptance of software, 36–37, 39, 41–42, 43taccess restriction

in audits, 127in SAM tools, 79, 83

accountability for noncompliance, 151accounting firms in external audits, 10, 123acquisitions and mergers

as audit trigger, 13, 15, 124competitive advantage in, 18provisions in software license agreements, 38, 40

activation key, 8, 27, 32active metering, 32additional hard costs, 98–99administrative costs in calculating ROI, 99, 119American National Standards Institute (ANSI), 146–47tannual licenses, 30tANSI (American National Standards Institute), 146–47tAnswers and Guidance

audit and compliance basics, 24audits, external, 138, 142audits, self-, 170business case and ROI, 115–19licenses (software license agreements), 49negotiations, 49SAM tools, 90self-assessment of SAM, 70

Apple Remote Desktop, 127application dependency mapping tools, 155asset types in self-assessment of SAM processes, 60audit and compliance basics, 5–28. See also audits, external;

audits, self-as component of SAM, 7idefined, 8Exercise, 23Overview and Objectives, 6Quizzes, 14, 22, 24, 26, 28Review, 21and risk control, 16

audit control as SAM tool component, 79t, 82t

i indicates illustration t indicates table

SAMPLE COPY


172

auditors, external, 9–12, 122–24. See also audits, external

questions from, 138–39, 142types, 10–12

audits, external, 121–42actions and objectives, 129tauditors, 9–12, 122–24Case Study, 132–35, 142by compliance agencies, 19–11, 124compliance review in, 124–25as component of SAM, 7idefensive tactics, 125–31defined, 8Exercises, 23, 128, 138–42increase in, 5, 10language, 39, 126–27, 145managing, 121–31motivations for, 12–13, 123–24notification, 124–25, 127Overview and Objectives, 122phases of, 124–25preludes to, 9, 121preventing, 94, 125–27provisions in software license agreements, 39–40,

124–27questions from auditors, 138–39, 142questions to ask, 131Quizzes, 14, 22, 24, 28, 137, 142reactions to, 129Review, 136roles in, 129–31scope of, 11and self-assessment of SAM processes, 56settlements, 12t, 124–25, 129t, 131statistics on, 95, 122strategies for, 125–31surveys on, 10, 95, 122, 124terms of, 124–27, 130–31, 133by third-party agencies, 9–11, 124timeframe, 124–25, 130–31triggers, 9–10, 12–13, 40, 123–24, 127

audits, internal. See audits, self-audits, self-, 143–70

action recommendations, 140–41, 155assembling, 151–53and audits, external, 94, 125benefits of, 15–18, 131Case Studies, 19–21, 24, 156–58, 170and compliance reviews, 125

compliance with ISO/IEC 19770-1, 148as component of SAM, 7idefined, 8documenting, 127executing, 151–55Exercises, 140–41, 161–70external parties in, 15–16frequency of, 15, 151need for, 143Overview and Objectives, 144planning, 151–52provisions in software license agreements, 39questions for, 152Quizzes, 14, 28, 160, 170reporting, 151, 153–54Review, 159risk control and, 15–16, 154–55roles in, 15, 152sample report, 154scope of, 151–52stakeholders in, 15–16, 152standards and frameworks, 143–48triggers for, 9, 15

auto-discoveryin audits, external, 40in audits, self-, 151–52, 154in calculating ROI, 97defined, 73as SAM tool component, 76–77, 79t, 82t, 151

automated contract management, 5automatic renewals, avoiding, 40awards for copyright infringement, 16. See also

settlements

Bbacking up documentation, 28, 152–53bankruptcy, publisher, 40bargaining power. See negotiating software license

agreementsbenchmarking, 64, 71, 127benefits of

self-audits, 15–18, 131software asset management (SAM), 5, 16–18, 95–96,

100–101software license management (SLM), 1, 5, 95–96,

100–101, 150best practices

and conformance, 148defined, 52frameworks, 144–45

SAMPLE COPY

index

173

SAM process areas, 54–55boilerplate, 41, 43tbridges, database, 84British Standards (BS), 146–47BSA (Business Software Alliance), 11, 124budget contract renewal as audit trigger, 15tbudget for SAM tools, 73–75business case for software license management,

91–120Case Study, 107–9, 115–16considerations in, 93–94, 105–6defending, 94defined, 92developing, 95–106Exercise, 112–14, 116–19for optimization of self-audits, 155Overview and Objectives, 92presenting, 105–6Quiz, 111, 116return on investment (ROI), calculating, 96–102Review, 110sample, 105–6and SAM tools, 73–74, 78tstages of, 95supporting data for, 95

business language, 94business needs and SAM tool selection, 74–75, 81–82tBusiness Software Alliance (BSA), 11, 124business units

in reporting self-audit results, 154in self-assessment of SAM processes, 60

business value components of SAM tools, 81–82t

cCAAST (Canadian Alliance Against Software Theft), 11,

124CAL (client access license), 31tCanadian Alliance Against Software Theft (CAAST), 11,

124canceled checks as proof of license, 27caps and limits on maintenance fees, 38, 40Case Studies

audits, external, 132–35, 142audits, self-, 19–21, 24, 156–58, 170licenses (software license agreements), 44–45, 49optimization of software license management,

19–21, 24, 156–58, 170return on investment (ROI), 107–9, 115–16SAM tools, 85–86, 90

self-assessment of SAM processes, 62–64, 70case studies, using in business cases, 94certificates of authenticity, 27–28certification

conformance vs. compliance, 145tdefined, 144IBSMA Practitioners Certificate in Software License

Management (PCSLM), 1–2of ISO/IEC 19770-1 compliance, 148

change managementdefined, 8, 55and risk control, 16ias SAM tool component, 79t, 82tand software asset management, 7

change managers and SAM tools, 80client access license (CAL), 31tCMDBs (configuration management databases), 146,

155COBIT (Control Objectives for Information and related

Technology), 145, 147t, 161combined tool, 76–77communication of compliance, 150–51competitive advantage benefits

calculating, 100–101communicating, 150defined, 96and return on investment (ROI), 91, 100–101of self-audits, 15, 18

competitive upgrade licenses, 29–30compliance

agencies, 9–12, 124automation of, 148basics of, 5–28calendar, 15Case Study, 132–35, 142and certification, 145tcommanding, 129–31culture of, 93, 150–51, 156–57defined, 7, 144demanding, 126–27educating, 150–51initiatives, 125with ISO/IEC 19770-1, 148negotiating terms of, 37, 39, 127proving, 143, 148reporting (See audits, self-)review (See audits, external)risk assessment of, 150

SAMPLE COPY


174

compliance (cont’d)and risk control, 16ias SAM process area, 55statistics on, 95in university case study, 156–57

concurrency licensesdefined, 31tand license pools, 84monitoring, 32, 36tracking data for audits, 153

confidentialityin audits, 10, 123, 130in software license agreements, 41

configuration managementinvolvement in SAM self-assessment, 59

configuration management databases (CMDBs), 146, 155

configuration vs. custom development/implemenation, 41

conflict provisions in software license agreements, 39–40, 43t, 126

conformanceand certification, 145tdefined, 144to ISO/IEC 19770-1 and audits, 56, 148

constraints for SAM tool selection, 73–74consulting firms, 10, 15, 99, 101contract disputes, provisions for, 39–40, 43t, 126contraction activity, 36contract management. See also documentation

calculating ROI with tools, 97defined, 28, 55need for, 28as SAM tool component, 71, 78t, 81t

contract renewals/obligations and self-audits, 15tcontracts. See software license agreementscontract specialists, 94, 126, 130control environment, 150–51

and data collection, 152defined, 150Exercises, 162as SAM process area, 55and SAM tool components, 81–82tand universities, 156–57

Control Objectives for Information and Related Technology (COBIT), 145, 147t, 161

control of resources as audit trigger, 10tconversion rights, cross-platform, 38copyright

damage awards, 16

duration of, 13education employees on, 150–51

Copyright Royalty and Distribution Reform Act of 2004, 16

core SAM process areas. See SAM process areascore specialty emphasis and SAM tool selection, 83–84,

86corporate governance, 7, 55corporate responsibility, 5cost allocation as trigger for self-audits, 15tcost control

in Case Study, 20from self-audits, 15–18statistics on, 95

costsin calculating ROI, 96–101, 119future, 38, 43thard, 96–99identifying in self-audits, 154–55one-time, 37of piracy, 12provisions in software license agreements, 36–38, 43trecommendations for, 155of SAM implementation alternatives, 102–3soft, 96–97

counterfeit software, 27–28credits, 38, 40criteria for SAM tool selection, 73–74, 78–80, 83–84

Exercise, 75, 88–89cross-platform conversion rights, 38culture of compliance, 93, 150–51, 156–57customized software, 36–37, 41–43, 84

ddamage awards, 16. See also settlementsdata assembly for self-audits, 152–53database bridges, 84data collection, 130–31, 151, 153data location, 151–53data normalization, 79t, 80defensiveness in audits, 125, 129–30defensive tactics in presenting a business case, 94definitions in software license agreements, 37–39, 41delivery

of software, 34, 36, 41of tech support, 38

demonstration software/licenses. See evaluation software

deploymentdefined, 8

SAMPLE COPY

index

175

double, 126–27and license pools, 84and software asset management, 7

descriptions in software license agreements, 34–35, 41–43

direct support (SAM tools), 81–82tdisaster recovery, 35, 127discontinued software, 40discounts, 37discovery software. See auto-discoverydisputes, provisions for, 39–40, 43t, 126Distributed Management Task Force (DMTF), 146–47tdivestiture activity

as audit trigger, 15t, 124provisions in software license agreements, 38, 40

DMTF (Distributed Management Task Force), 146–47tdocumentation, software, 27, 34documentation of audit process, 131documentation of software license agreements. See

also contract managementand audits, 125–27backups, 28, 152proof of license, 27–28

double deployment, 126–27downgrade licenses, 30, 153due diligence as trigger for audits, 10t, 15tduration of acceptance period, 42duration of licenses, 28, 30, 37

eease of use and SAM tools, 83, 85education on compliance, 150–51, 156embedded third-party software, 39employees

compliance, encouraging, 93, 150–51, 156–57costs of, 101defining, 35monitoring, 153, 155and SAM tool selection, 80in self-assessment of SAM processes, 53, 59–60in self-audits, 15, 152in software license management, 2, 94surveys, 15, 150tips on noncompliance, 12

end-user license agreements (EULAs), 27end-users. See also culture of compliance

as audit triggers, 10tas stakeholders, 94surveys for self-audits, 15, 150

enforcement, employee, 151enhancements, 38enterprise licenses, 31–32, 40entitlement, 28error correction, 38errors, payment, 39EULAs (end-user license agreements), 27evaluation activity in software license agreements, 35evaluation software

licenses, 28–29and piracy, 13provisions in software license agreements, 35, 127

event notification as SAM tool component, 79t, 82tExercises

auditing and compliance basics, 9, 13audits, external, 128, 138–42audits, self-, 161–70calculating ROI, 108–9, 112–14, 116–19licenses (software license agreements), 33, 47–49,

166–67piracy, 13respond to objections, 104, 115SAM tool selection, 75, 88–89self-assessment of SAM processes, 66–70standards and frameworks, 149, 161, 170

expansion activity, 36expenses. See costsexposure

calculating, 98–99defined, 96and implementation alternatives, 102–3

extension options, 40external parties in self-audits, 15–16external references for software license agreements,

34–35

fFAST (Federation Against Software Theft), 11, 124feature and function components of SAM tools, 79t, 82tFederation Against Software Theft (FAST), 11, 124fees

in calculating ROI, 99, 101maintenance, 36–38, 40, 155one-time, 37

financial forecasting, 17financial management as SAM tool component, 78t, 81tfines

avoiding through self-audits, 15in calculating exposure, 98–99

SAMPLE COPY


176

fines (cont’d)compliance agencies and, 11, 124as hard cost, 96settlements, 12t, 125, 129t, 131

forecastingand budgeting for SAM tools, 73financial, 17usage, 36

frameworksCOBIT and ITIL, 61, 145–46, 147tcompared to ISO/IEC 19770-1, 147tdefined, 144Exercises, 149, 161, 170value of, 143

Freescale Semiconductor, 93freeware, 13, 29tfuture costs, 38, 43t

ggap analysis. See self-assessment of SAM processesglossaries in software license agreements, 37–38Glossary of Software License and IT Asset Management

Terms, 3, 145government agencies as auditors, 10–12

Hhard costs, 96–99hard-disk loading, 27–28hardware, 13, 15, 60, 166harvesting, 84help desk, 59, 74t, 80,108, 116, 170honesty and audits, 129–30

IIBSMA (International Business Software Managers

Association), 1–3IBSMA Practitioners Certificate in Software License

Management (PCSLM), 1–2IEC (International Electrotechnical Commission), 52,

146–47tignorance as a defense, 13, 129IMAC (install/move/add/change) activity, 55, 61, 78timplementation alternatives, outlining, 102–3incident management, 16, 55, 79t, 82tindemnification, 39, 127indirect support (SAM tools), 81Information Industry Association, 11Information Systems Audit and Control Association

(ISACA), 145, 147tInformation Technology Infrastructure Library. See ITIL

(Information Technology Infrastructure Library)infrastructure, defined, 16installation

configuration, 41install/move/add/change (IMAC) activity, 55, 61, 78tprovisions in software license agreements, 35–36, 41and usage data, 153

integration of SAM with IT servicesas optimization, 155and SAM self-assessment, 53, 61and SAM tools, 84and self-audits, 152, 155

internal audits. See audits, self-International Business Software Managers Association

(IBSMA), 1–3International Electrotechnical Commission (IEC), 52,

146–47tInternational Organization for Standardization (ISO), 52,

146–47t. See also ISO/IEC 19770-1interoperability of SAM tools, 79t, 82t, 84inventory management and inventories

in calculating ROI, 97defined, 8Exercise, 166–67, a27in SAM, 7, 16, 55as SAM tool component, 71, 79t, 81–82tfor self-audits, 152–53

investment, return on. See return on investment (ROI)invoices, 27–28, 37ISACA (Information Systems Audit and Control

Association), 145, 147tISO/IEC 19770-1

compared to IT frameworks, 147tconformance/compliance, 56, 149defined, 52Exercises, 68–70, 149, 161, 170optimization recommendations, 155Quiz, 57–58SAM process areas, 54–58and SAM tools, 74, 77, 81–82t, 148self-assessment against, 51–52, 56–61, 66–69

ISO/IEC 19770-2, 148ISO/IEC 19770-3, 148ISO/IEC 20000-1, 146ISO/IEC 20000-2, 146, 147tISO (International Organization for Standardization), 52,

146–47ITAM, 17, 59, 95ITIL frameworks, 61, 145–47, 161ITIL (Information Technology Infrastructure Library), 61

SAMPLE COPY

index

177

IT service management (ITSM). See ITSM (IT service management)

IT servicesand SAM, 7, 16SAM integration with, 53, 61, 84, 152, 155and SAM self-assessment, 61software license management in, 5

ITSM (IT service management)defined, 61integration of SAM processes, 61SAM tools, 79t, 82t

IT standards. See standards

jJTC1 (ISO/IEC), 146

Kkey, activation/license, 8, 27, 32key concepts, explaining, 95Key terms, 6, 26, 52, 72, 92, 122, 144

llanguage, audit, 39, 126–27, 145language, business, 94leasing software, 13legal departments

and audits, external, 125–26, 129t, 130–31and audits, self, 15and business case creation, 94and software license agreements, 41

legalese, 41liability, vicarious, 13, 129–30liability limitations, 39license agreements. See software license agreementslicense compliance. See compliancelicense compliance audits. See audits, externallicense metrics

and calculating ROI, 97defined, 28and license types, 30–32and negotiations, 30, 32, 35–37, 127and pricing, 35–37and SAM tool budget, 73tabulating, 97tracking for self-audits, 152–53

license pools, 44–45, 84license reconciliation, 152–54. See also audits, self-

defined, 73, 151Exercise, 168–69as SAM tool component, 78t, 81t

licenses (software license agreements), 25–50annual, 30taudit provisions in, 125–27backing up, 28, 152–53Case Study, 44–45, 49classifying, 8, 28–32client access license (CAL), 31tcompetitive upgrade, 29–30concurrency, 31–32, 36, 84, 153and custom development, 41–42defined, 8, 28documenting, 27–28, 125–27, 152. See also contract

managementdowngrade, 30, 153duration of, 28, 30, 37enterprise, 31–32, 40evaluation, 28–29Exercises, 33, 47–49, 165–67by metric, 31tmillions of instructions per minute (MIPS), 31tnegotiating, 34–43network, 31topen source, 31toriginal equipment manufacturer (OEM), 29tOverview and Objectives, 26and ownership, 25per device, 31–32perpetual, 30t, 155per user, 31–32product descriptions in, 34–35by product type, 28–30proof of, 27–28Quiz, 46, 49retail product, 29tReview, 45SaaS (software as a service), 29tself-assessment, 48–49shareware, 29tsite, 31–32, 36solution provider, 29tsubscription, 8, 30t, 155suite, 29tsummary of considerations, 43tterminating, 40types of, 8, 28–32upgrade, 29–30, 38volume, 8, 31–32

license surpluses. See over-licensinglicense transfers, 13, 35

SAMPLE COPY


178

life-cycle managementas part of SAM, 7, 55, 76and payment, 36and SAM tools, 71, 74, 77–78t, 81t

life-cycle process interfaces (ISO/IEC 19770-1)optimization of, 155as SAM process area, 55, 61and SAM tool components, 81–82t

limits on maintenance fees, 38, 40litigation, provisions for, 39

Mmaintenance fees, 36–38, 40, 155maintenance of custom software, 42management

business case for software license management, 91–103

and culture of compliance, 150–51involvement in self-audits, 15and SAM self-assessment, 59

manual inventories and calculating ROI, 97, 100–101market domination and audits, 123measuring. See metering; metrics, licenseMedavie Blue Cross, 93mergers and acquisitions

as audit trigger, 13, 15, 124competitive advantage in, 18provisions in software license agreements, 38, 40

metering, 32, 153–54. See also metrics, licensemetrics, license

and calculating ROI, 97defined, 28and license types, 30–32and negotiations, 30, 32, 35–37, 39, 127and pricing, 35–37and SAM tool budget, 73and software costs, 37tabulating, 97tracking for self-audits, 152–53

migration, hardware/software, 13, 15, 35, 126MIPS (millions of instructions per minute) license, 31tmonitoring tools, 18, 32, 153, 155. See also metering;

metrics, licensemotivations for audits, 9–10, 12–13, 40, 123–24

nnegotiating software license agreements, 34–43

audit terms, 38–40, 124–27considerations in, 34–42

and cost control, 17Exercises, 47–49and integration of SAM and IT, 84and license metrics, 30, 32, 35–37, 127Overview and Objectives, 26, 34Review, 45

net benefit, calculating, 100–101net exposure, calculating, 98–99net hard cost, 98net investment, calculating, 101network licenses, 31tniche specialties in SAM tools, 84no-charge items, 35noncompliance

costs of, 16, 91, 98employee accountability, 151reasons for, 25settlements and rewards, 12t, 124–25, 129t, 131

nondisclosure agreements, 125, 129–30nonproductive applications, 18, 101normalization, data, 79–80notification of audit, 124–25, 127

oOASIS (Organization for the Advancement of Structured

Information Standards), 146–47objections, responding to, 104, 115OEM (original equipment manufacturer) licenses, 29tOGC (Office of Government Commerce), 146–47open loops, 154–55open source software, 7, 13, 31toperations management and interfaces (SAM process

area), 54–55, 81–82toptimization of software license management

Case Studies, 19–25, 28, 156–58defined, 154recommendations for, 155

oral agreements, 133organizational concerns in SAM self-assessment, 59organizational management SAM process areas, 54–55,

81–82tOrganization for the Advancement of Structured

Information Standards (OASIS), 146–47original equipment manufacturer (OEM) licenses, 29toutside assessors, 127over-deployment, 15, 124. See also under-licensingoverlap periods, 35over-licensing

and audits, self-, 15

SAMPLE COPY

index

179

costs of, 96, 154credits for, 38–39exposure calculations, 98reasons for, 51recommendations for, 155

Overview and Objectivesaudits, external, 122audits, self-, 144basics of auditing and compliance, 6business case and ROI, 92SAM self-assessment, 52SAM tools, 72software license agreements, 26

ownership, proof of, 27–28ownership of software, 7, 25, 42

Ppaperwork. See documentation of software license

agreementsparameterization, 41passive metering, 32payment, proof of, 27payment terms, 36–39, 43tPCSLM (IBMSA Practitioners Certificate in Software

License Management), 1–2penalties. See finesper device licenses, 31–32perpetual licenses, 30t, 155per-product exposure, calculating, 98personnel. See employeesper user licenses, 31–32piracy

as audit trigger, 10t, 12, 123and control environment, 150–51costs, 12–13, 16defined, 12Exercise, 13hard-disk loading, 28reasons for, 25

planning and implementation (SAM process area), 55, 81–82t, 155

platforms in SAM self-assessment, 61point tools, 76–77, 83policies, management

and culture of compliance, 36, 93, 150–51, 156in self-assessment of SAM processes, 59–60

presentation, business case, 92, 94–95, 104–6pricing and use, 35–37. See also metrics, licenseprimary life-cycle interfaces. See life-cycle process

interfaces (ISO/IEC 19770-1)primary process interface area, 54–55, 81–82t. See also

life-cycle process interfaces (ISO/IEC 19770-1)privacy in audits, 130problem management, 16, 55, 79t, 82tprocess areas. See SAM process areasprocess maturity, 74–75procurement and requisition as SAM tool component,

78t, 81tprocurement departments, 15, 59, 94product activation key. See activation keyproduct catalog, 78t, 80, 153product descriptions in software license agreements,

34–35product exposure, 98. See also exposureproductivity

calculating, 119monitoring, 155

product schedules, 35, 37, 41product type licenses, 28–30product use rights, 7, 35–36, 43tprofessional service agreements (PSAs), 42Profiles in Excellence, 93profiling in SAM tools, 83project management expenses, 101proof of compliance. See complianceproof of license, 27–28proof of payment, 27proprietary information, 41Provance, 84PSAs (professional service agreements), 42publishers

aggressive, 122–23audit motivations, 10t, 12–13, 123–24as auditors, 10, 122–24and audits, self-, 15bankruptcy, 40defined, 10involvement in software license management,

125–27and ISO/IEC 19770-2, 148and ISO/IEC 19770-3, 148merger, acquisition, and divestiture activity, 40negotiating with, 17, 34–43, 124–27records, 27, 132–33relationships with, 40, 43t, 123–25, 129–30

purchase orders, 27purchasing processes, centralizing, 5pushback on business case, 94, 104, 115

SAMPLE COPY


180

Qquestions

for negotiations of software license agreements, 34–42

for self-audits, 152Quizzes

auditing and compliance basics, 14, 26, 28audits, external, 137, 142audits, self-, 160, 170business case, 111, 116licenses (software license agreements), 46, 49return on investment (ROI), 111, 116SAM tools, 87, 90self-assessment of SAM processes, 57–58, 65, 70

rrandom check-ups as audit trigger, 10t, 12–13recommendations from self-audit, 154–55reconciliation, license, 152–54. See also audits, self-

defined, 73, 151Exercise, 168–69as SAM tool component, 78t, 81t

record-keeping. See also contract managementof audit process, 131for audits, 125–27, 132–33backups, 28, 152proof of license, 27–28

redundant purchasing, reducing, 17relationship management, 55relationships with publishers

and audits, 123–25, 129–30negotiating with, 17, 34–43

remixable license pools, 44–45removal of installations, 16, 154–55renewals, automatic, 40renting software, 13reporting and analysis as SAM tool component, 78t, 81treports

in business case presentations, 95self-audit, 153–54

resistance to software license management, 94, 104, 115

retail product licenses, 29treturn on investment (ROI), 91–120

business case, developing, 95–106calculating, 96–102defined, 92Exercises, 108–9, 112–14, 116–19presentation of business case, 91–92, 102, 105–6

Quiz, 111Review, 110of SAM tools, 84of self-audits, 15

revenue generation as audit trigger, 10t, 12–13, 123Reviews

auditing and compliance basics, 25audits, external, 136audits, self-, 159business case and ROI, 110licenses (software license agreements), 45negotiations, 45SAM tools, 86self-assessment of SAM processes, 64

rewards, whistle-blower, 12trights

audit, 32cross-platform conversion, 38second-use, 32, 153–54use, 7, 35–36, 43t

risks. See also control environmentand audits, 15–16, 154–55costs of exposure, 91, 98–99, 102–3

ROI. See return on investment (ROI)

sSaaS (software as a service) licenses, 29t, 83sales channels and license types, 29–30, 37sales departments and audits, 133SAM. See software asset management (SAM)SAM consultants and external audits, 123SAM process areas. See also ISO/IEC 19770-1

compliance certification, 148Exercise, 68–69integration with ITIL (Information Technology

Infrastructure Library), 61overview, 54–58SAM tools and, 74–75, 81–82t, 148self-assessment, 51–70

SAM tools, 71–90and audits, external, 125and audits, self-, 15t, 151, 153–54automated compliance, 148in calculating ROI, 84, 97, 101Case Studies, 85–86, 90combined, 76–77components, 78–79t, 81–82tand concurrency licenses, 32costs of, 101

SAMPLE COPY

index

181

criteria, 73–74, 78–80, 83–84defined, 71Exercise, 75, 88–89integration with IT services, 84and ISO/IEC 19770-1, 81–82t, 148metering with, 32Overview and Objectives, 72performance priorities, 83–84point, 76–77, 83Quiz, 87, 90Review, 86sizes of, 76–77suite, 76–77, 80, 83–84, 155vendors, 15–16, 125–27

Sarbanes-Oxley, 5scope

of audits, external, 11of audits, self, 151–52of calculating ROI, 97defined, 53of implementation options in presentations, 102–3and selection of SAM tools, 83of self-assessment of SAM processes, 60–61, 67

scoping access restriction, 83script linkages, 84SC7 (subcommittee 7), 146–47. See also ISO/IEC 19770-1second-use rights, 32, 153–54security

as reason for SAM self-assessment, 51and SAM tools, 79t, 82–83

self-assessment of SAM processes, 51–70and audits, 56business case for, 94Case Study, 62–64, 70defined, 51Exercises, 66–70Overview and Objectives, 52Quizzes, 57–58, 65, 70reasons for, 53Review, 64roles in, 59–60and SAM tool selection, 77, 81scope of, 60–61stages of, 53istakeholders in, 53, 59–60starting, 59–61

self-assessors, 59–60service desk, 59, 80service level agreements (SLAs), 79t, 82t

service level management, 55service providers in self-audits, 15services agreements, professional (PSAs), 42services included in software license agreements, 34–35settlements, 12t, 124–25, 129t, 131shareware licenses, 29tSIIA (Software & Information Industry Association),

11–12, 124site licenses, 31–32, 36SLAs (service level agreements), 79t, 82tslide show sample of business case, 105–6SLM. See software license managementsnapshot of compliance. See auditssoft costs, 96–97software

asset inventory, 16custom, 36–37, 41–43, 84demonstration, 13, 28–29, 35, 127embedded third-party, 39evaluation, 13, 28–29, 35, 127free, 13, 29tleasing, 13migration, 10, 13, 15, 126nonproductive, 18, 101open source, 7, 13, 31trenting, 13as a service (SaaS), 29t, 83unlicensed, 61, 166unsupported, 13unused, 40used, 13virtualized, 166

software asset management (SAM). See also SAM process areas; SAM tools

benefits of, 5, 16–18, 95–96, 100–101components of, 7idefined, 7implementation options in presentations, 102–3and incident management, 16infrastructure, 16integration with IT services, 53, 61, 84, 152, 155and problem management, 16publisher and vendor involvement, 126–27self-assessment, 51–70software license management as part of, 5success of, 93surveys, 10, 17, 95, 122terms, basic, 7–8

Software & Information Industry Association (SIIA), 11–12, 124

SAMPLE COPY


182

software license agreements, 25–50annual, 30taudit provisions in, 125–27backing up, 28, 152–53Case Study, 44–45, 49classifying, 8, 28–32client access license (CAL), 31tcompetitive upgrade, 29–30concurrency, 31–32, 36, 84, 153and custom development, 41–42defined, 8, 28documenting, 27–28, 125–27, 152. See also contract

managementdowngrade, 30, 153duration of, 28, 30, 37enterprise, 31–32, 40evaluation, 28–29Exercises, 33, 47–49, 166–67by metric, 31tmillions of instructions per minute (MIPS), 31tnegotiating, 34–43network, 31topen source, 31toriginal equipment manufacturer (OEM), 29tOverview and Objectives, 26and ownership, 25per device, 31–32perpetual, 30t, 155per user, 31–32product descriptions in, 34–35by product type, 28–30proof of, 27–28Quiz, 46, 49retail product, 29tReview, 45SaaS (software as a service), 29tself-assessment, 48–49shareware, 29tsite, 31–32, 36solution provider, 29tsubscription, 8, 30t, 155suite, 29tsummary of considerations, 43tterminating, 40types of, 8, 28–32upgrade, 29–30, 38volume, 8, 31–32

software license compliance. See compliancesoftware license management

basic terms, 7–8defined, 1, 5, 7as part of software asset management, 5surveys, 94–95

software licenses. See software license agreementssoftware metering. See metering; metrics, licenseSoftware Publishers Association, 11solution provider license, 29tspecialty emphasis and SAM tool selection, 83–84spreadsheets in self-audits, 153–54St. Thomas University, 93stakeholders

in audits, external, 10–12in audits, self-, 15–16, 152in business case creation, 93–94in self-assessment of SAM processes, 53, 59–60

standardsbodies, 146–48defined, 144Exercises, 149, 161, 170and frameworks compared, 147tself-audit, 143–48

statement of purpose, 53, 64, 66statistics on software license management, 95, 122streaming SAM tools, 84subcommittee 7 (SC7), 146–47t. See also ISO/IEC 19770-1subscription licenses, 8, 30t, 155suite licenses, 29tsuite SAM tools, 76–77, 80, 83–84, 155surpluses, license. See over-licensingsurveys

in business case creation, 94–95of end users, 15, 1502008 Survey Report on Software and IT Asset

Management, 10, 17, 95, 122, 124suspicion of noncompliance as audit trigger, 10t, 12

ttabulating software license figures, 97TAG (U.S. Technical Advisory Group), 147ttargeting business units in self-assessment, 60taxes, 9–10, 37, 41TCO (total cost of ownership), 38, 78ttechnical support, 38termination of software license agreements, 40terms

basic, 7–8defining in software license agreements, 37–38, 41

test environments, 153

SAMPLE COPY

index

183

third-party agencies, 9–12, 124third-party software indemnification, 39timeframe

of audits, 124–25, 130–31in implementation alternatives, 103tof usage in software license agreements, 127

tips of noncompliance, 9–12, 124tools, SAM. See SAM toolstools for self-audits, 151total cost of ownership (TCO), 38, 78ttransfers of licenses, 13, 35trial licenses. See evaluation softwaretriggers, audit, 9–10, 12–13, 40, 123–24

defining in software license agreements, 127for self-audits, 9, 15

true-up purchasesdefined, 11, 122as hard cost, 96pricing in software license agreements, 37from self-audits, 15, 155

uunauthorized copying. See piracyunder-licensing, 51, 96, 123–24. See also fines; true-up

purchasesuniversity case study, 156–58, 170unlicensed software, 61, 166unused software, 40updates vs. maintenance, 38upgrade licenses, 29–30, 38, 42urgency and SAM tool selection, 83, 85U.S. Technical Advisory Group (TAG), 147tusage tracking tools, 155used software, 13use rights, 7, 35–36, 43tuser interface/data fields of SAM tools, 79t, 82t

Vvariance in implementation alternatives, 103tvendor management with SAM tools, 78t, 81tvendors. See publishersverification and compliance (SAM process area), 55,

81–82tvicarious liability, 13, 129–30virtualized software, 166Vocabulary Quizzes

auditing and compliance basics, 26, 28audits, external, 137, 142audits, self-, 160, 170

business case, 111, 116licenses, 46, 49return on investment (ROI), 111, 116SAM tools, 87, 90self-assessment of SAM processes, 65, 70

vocabulary terms, basic, 7–8volume licenses, 8, 31t, 32

wwarranty terms, 36, 39whistle-blower awards, 12wizards, 79t, 82tworkflow management, 79t, 82t

SAMPLE COPY


184InternatIonal BusIness software Managers assocIatIon

at last, an introduction to the basics of software asset management (saM) and software license management (slM) for a wide-ranging audience!

Organizations of all sizes and industries around the world have a need to manage software licenses proficiently. In fact, today the wide variety of individuals involved in IT service management—and even many non-IT staff—would benefit from a solid foundation in effective software license management practices.

Based on our popular Practitioners Certificate in Software License Management (PCSLM) course, this comprehensive guide is written in uncomplicated English and allows you to cover the course material at your own pace.

Learn practical tips and best practices.

Apply concepts to your work by completing the self-assessment exercises.

Review illustrations, graphics and key terms in each chapter to understand how concepts relate and summarize main points.

Prepare to take the PCSLM exam as well as administer an SLM program at your company.

We show many examples of SLM in practice to illustrate how—when successfully executed—SLM is a good business investment. The guide’s self-assessment exercises enable you to apply each chapter’s concepts to your work environment. Illustrations and graphics show how concepts relate and summarize main points. There is also a handy list of key terms in the front of each chapter. You’ll find that the practice exercises enable you to figure out the best way to handle everyday SLM situations.

For more information visit IBSMA.com.

Software LiCenSe management

study guIde

SAMPLE COPY

software license management study guide – ecp

Documents