Understanding the Scope of a Software Audit
Software publishers regularly audit their customers to help ensure that the customers are properly licensing their software. Some software publishers conduct audits directly, but many choose to audit through companies such as the BSA | The Software Alliance (“BSA”), or the Software & Information Industry Association (“SIIA”), writes Keli Johnson Swan in Scott & Scott‘s Software Audit Blog.
Her article continues:
The first step in addressing the software audit is to understand the scope of the audit. The following are some key points to identify the scope of the audit.
1. Review the date of the initial audit letter. In a traditional audit with no look-back period, an auditing entity is only interested in the software installed as of the date of the audit. This is particularly important in environments that change frequently because a company that is undergoing an audit should preserve all information on its network as of the initial audit date (the “effective date”) in order to accurately capture its installation information and avoid potential spoliation of evidence allegations. It is important to make no changes to the network until the audit is completed to avoid prejudicing the outcome of the matter.
2. Include only software published by the auditing entity’s members or the publisher conducting the audit. The auditing process can be overwhelming and sometimes a company may simply forward the raw data from a network scan. This is problematic for several reasons, not the least of which is protecting against disclosing unnecessary information and privacy and security issues. It is important to include only the software within the scope of the audit. Additionally, it is important to conduct a secondary review of the audit data in order to avoid accidentally include false positives or free trial versions of software, since the auditing entity will penalize the audit target for every software installation for which it is unable to locate a license.
Software audits can be a convoluted process, so it is important for a company to seek advice from a legal expert with experience in software licensing in order understand all of the risks involved with various strategies when faced with a software audit.