Here is an excellent article in CIO Magazine covering software audit awareness (HERE). We need more like this. However, DO NOT
STOP HERE. This article lets you know just enough to be dangerous.
For nearly 15 years I've been working with enterprises from around the world to teach them how to minimize their exposure to non compliance audits. These audits are incredibly costly - even crippling - and the business technology consumer simply has no idea how to manage audit assurance. What's even more hazardous is that a majority of so-called training programs on the market are being sponsored or delivered by the very organizations that want to conduct that predatory audit on your company.
For nearly 15 years I've been working with enterprises from around the world to teach them how to minimize their exposure to non compliance audits. These audits are incredibly costly - even crippling - and the business technology consumer simply has no idea how to manage audit assurance. What's even more hazardous is that a majority of so-called training programs on the market are being sponsored or delivered by the very organizations that want to conduct that predatory audit on your company.
Here are a few observations about the article:
$. The key to all audits is that you agreed to be audited,
at any time, for any reason, or for no reason at all. That's correct. A clear
majority of licenses lock you into agreeing to be audited. And you accepted the
clause!
$. When you receive that audit letter, you are required to LOCK down all changes to your systems. That means, from the date the letter was written.
$. According to the auditing groups themselves, the average lawyer is THEIR best friend during an audit because that average lawyer has no idea how to manage a copyright compliance audit. i.e. In fact, the majority of lawyers will advise you to settle out of court - whether you are compliant or not. Unless you thoroughly understand the process, you WILL lose & you WILL pay whatever the auditors want to charge you. Figure an average minimum of $2,000 per computing device. More for servers.
$. Comparing what you have loaded against what you are entitled to possess is only the tip of the audit iceberg. You also have to prove you distributed the products correctly, prove your documentation is "written" according to the auditors' standards, and an entire raft of hidden scams - all designed to ensure you lose.
$. Don't expect the original license terms to still be in place when you are audited. Most licenses developed in the past ten years permit the copyright holder to change the terms & conditions at will & essentially without notifying you. You'll lose.
$. Still think you're compliant? Several VERY major software industry players (Yes, I guarantee you have their products) will backtrack any and ALL upgrade licensed products as well as uninstalled products back as many as ten years (That's 10 years) to ensure that your entire upgrade path is correct. It won't be. Pay up...
$. By the way... Most of the time you are only given 30 days to conduct the audit. Jump on that & negotiate an extension or (you guessed it) You'll Lose.
$. During an audit, would you like to bet you’ll still have products that you “thought” were uninstalled? Many of the more popular software publishers are well aware that some of their products cannot be completely uninstalled by the operating system service. During an audit, they know precisely which files to look for & where to look to “prove” you still have the product. In some cases, even a single file can expose you to fines & penalties.
$. You know that vendor or consulting firm you purchased product from or that you hired to help you configure systems? Guess where a large percentage of non compliance reports come from. Yes, your suppliers, consultants, employees, ANYONE who knows enough about your systems can report you & initiate an audit.
$. In many developed countries, the enforcement industry players are offering rewards to anyone who can report your company for violations of software licenses. In the US, two enforcement groups are offering up to $1,000,000 for reporting non compliance. (Of course whistle-blowers will never receive that amount - more like around $4,500) Further, there are more than 100 of these predatory auditors around the globe, nearly two dozen in the US alone. There's serious cash to be had in auditing you. Shouldn't you have a better defense?
Every one of these tales of woe (and many more) has been
repeated by companies around the globe, of any size (down to five or six
computers), in every industry.
If you want to know more about the business technology
CONSUMER side of predatory software license compliance audits, please let me
know. I'll be glad to help you sort out the facts from the scams. You can also
take a look at several quick audit-related overviews here: http://www.taminstitute.org/training-video-overviews/
No comments:
Post a Comment