BSA Software Audit Updates: Membership Changes and Impact on Audits
By Keli Johnson Swan
Scott & Scott LLP
BSA| The Software Alliance (the “BSA”) is an organization that acts on behalf of software publishers to enforce copyrights. The membership of the organization may undergo changes, which can impact an existing software audit if a member leaves during the course of the audit and the BSA no longer has power of attorney to enforce the copyrights.
The BSA has lost of a few members recently, including Parametric Technology Corporation (“PTC”), Minitab, and TechSmith Corporation. Some publishers choose to enforce their own copyrights, while others elect to engage competing organizations such as the Software & Information Industry Association (“SIIA”) or Software Compliance Group. Recently, the BSA also gained new members, including DataStax, Salesforce, Splunk, and Workday.
The changes to the BSA’s membership may affect the scope of the audit, and a company targeted by the BSA should take the following steps to mitigate its exposure.
1. Review the publishers identified in the initial audit letter
The BSA’s initial audit letter will identify the specific BSA members participating in that particular audit. Although subsequent correspondence will often request the audit include all BSA members listed on its web site, the scope of the audit is limited to the members identified. This is particularly important because the BSA members must choose to participate in each audit. Otherwise an audit target may not be able to obtain a release of liability for potentially infringing software published by the non-participating BSA member.
2. Check Existing License Agreements for Audit Provisions
Once a company receives an audit request from the BSA and confirms the BSA members identified in the initial letter are active members of the BSA listed on its web site, it is important to check existing license agreements for audit rights. Some Microsoft license agreements contain specific audit provisions specifying notice requirements, a third-party auditor, and frequency of any software audits. Often these provisions can supersede the BSA’s requests for those particular products. Many companies request the BSA exclude any software that is bound by a specific audit rights provision in an existing license agreement from the scope of the BSA audit. This tactic often saves significant time and expense. However, Microsoft may opt to engage in an audit directly at a later date.
3. Obtain a release of liability for any non-compliant software
Some publishers are members of more than one third-party agency, and often a company receives more than one audit request governing the same time periods. In any event, if a company is paying to resolve a software audit, that company should get a release for the products in the scope of the audit.
The release of liability may be contingent on remediating any non-compliant software within a specific timeframe outlined in the settlement agreement. Software audits are complex, time-consuming, and burdensome. It is helpful to seek advice from an expert to navigate scoping and other legal issues.