Preliminaries
A. Clarify your objective
The only valid output of a software audit is:
1. A list of all software licence numbers installed on each computer
and server
2. A corresponding proof of purchase for each licence number
This defines the task, anything less is insufficient.
B. Get an asset database
With any more than about ten computers, you'll need a database
to search and sort your version numbers, license numbers, invoice
numbers and upgrades by computer and by vendor. Search tools like
Microsoft
Software Inventory Analyzer can also help.
We have a good little Filemaker
database that includes hardware and network fields and can be used
as a technology Asset Register. Contact
me for more info.
C. Book some time
This cannot be done between jobs, it must be a concentrated effort,
otherwise someone will be loading software onto a machine you checked
yesterday. If you're too busy, get someone to help. Remember, the
longer you put it off the worse it gets (we regularly conduct external
audits for companies, contact me for more
info).
Steps
Step 1. Physical audit
Visit every machine and record the software name; version number
and serial number of every application installed with the exception
of Freeware (Shareware in an office environment must be paid for).
You'll also need to record what servers the computer accesses to
ensure you have the right Client Access Licences (CALs). It is very
handy to have someone with a laptop recording this information straight
into the asset database. Resist the temptation to move software
around now, it is more efficient to leave it until the end.
Step 2. Licence collection
Go through your cupboards and pull out every original disk, rego
card, license agreement or software packet you have. Every vendor
has a different system; you need to locate something that identifies
the serial number. This should now be assembled into one master
folder using photocopies if necessary. This may not necessarily
be deemed proof-of-purchase by a BSAA audit so it is better to also
assemble the corresponding invoices.
Step 3. Assigning unique identifiers
If you have group licences, you'll need to assign unique identifiers.
Say you have a ten pack of application licences. For each computer
you need to code into your database 1 of 10, 2 of 10 etc. For each
and every proof of purchase you have, you can now cross-check on
your database to ensure the right number of copies are loaded.
Step 4. Assigning missing licence identifiers
Where you cannot locate your original certificates or where you
have double-ups of licence numbers, apply a missing licence code
such as 'XXX' to enable rapid sorting.
Step 5. Purging illegal software
By sorting on 'XXX' you can now find all the software that needs
deletion by machine.
Staying on top of it
Maintain an Asset Register and centralise software storage
Every piece of software loaded onto your machine must be recorded
in the asset register. Keep all software in one location only. Keep
a lever arch proof of purchase file of software license agreements
and certificates.
Even better - outsource your technology procurement
Most small and medium companies are too busy to properly maintain
a technology asset register, and even if they do their accounting
systems can rarely track where software was purchased from so establishing
proof of purchase can be very difficult and costly. A technology
procurement outsourcer will solve the problem. They can funnel
all your purchasing through one point and manage your asset register
and proof of purchase file for you. They can also save you a motza
on hardware and software purchases. Contact John
Dobbin for more info on procurement outsourcing.
Propagate a software policy
A sample policy can be found on BSAA's
site in the Software Management Information section. It is a good
idea to let employees know you take software compliance seriously.
If you are a director, you should have a look at their manual at
the same location and learn of the liabilities you have.
Audit once per year
No matter how hard you try, illegal software will probably get
onto your system in all but the smallest offices. One audit and
purge a year is good practice.
Hope this helps,
Adam McEgan
neXus network