The point when a Software Vendor chooses to perform a software review (an ‘audit’ in old money) of their software deployed within an organisation can be triggered by many different actions.
Organisations moving towards a more virtualised environment have a number of decisions to make.
There are several ways to purchase Adobe products via a Volume type agreement and it is important to know your options and the key differences before a purchase is made.
Microsoft is turning Windows Server 2016 into a cloud optimised server and System Center 2016 into management of traditional datacenter management and cloud environments. As a result, significant licensing changes are expected.
Audits are a fact of life now and another revenue stream for Vendors along with new sales. The chances of you facing an audit are now increasing, but is your organisation ready?
A SAM policy is an important part of your SAM programme and like any other policy, it is designed to ensure rules are followed and communicated appropriately.
There are two types of policy, one aimed at the end user which covers things like software use and security aspects, and the second which is an operating policy, covering aspects of SAM more from an operational governance perspective.
The business goals of your organisation will dictate the tightness of your SAM policy, creating a trade-off of user/IT enablement versus risk management. However, at any level you must ensure that for the policy to be effective, it must be clearly defined, communicated, enforced and managed.
Defining the SAM Policy
So, how do you start putting together a coherent and comprehensive SAM policy?
First of all you need to start by asking yourself a few questions:
1) What existing corporate policies and governance structure do we have in place, and do they
reflect our current business goals?
2) Who will be responsible for writing, maintaining and communicating the policy?
3) What processes do we need to define and manage an asset from requisition to retirement?
4) Who will be involved in the process and what responsibilities will they have?
5) How will the policy be enforced, both for users and for IT professionals?
6) Who is the audience for the policy?
What to include in your SAM policy
The content of a SAM policy differs from one organisation to another and depends on various factors such as the size of your organisation, users’ software requirements, staff mobility, use of mobile devices, structure of IT and procurement departments etc.
Your SAM policy needs to include strict guidelines that you want from a SAM governance perspective and which specifically relates to the SAM programme.
Tips on formulating your SAM policy
To ensure your SAM policy is effective, remember to:
1) Clearly define your policy and ensure it is easy to follow, enforce and manage.
2) Whilst the writing of the actual SAM policy is the responsibility of the IT Asset/SAM Manager, it is important that buy-in is sought from peers and all stakeholders involved or impacted by it.
3) Review and check your policy against business goals and align appropriately.
4) Differentiate between policy (why we do it), process (what we do) and procedure (how we do it, when we do it and with whom).
5) Standardise formatting for all policies (templating).
Policies should follow a uniform format, all policies should be structured in the same way throughout the organisation. In other words, if your organisation has existing policies, be sure to use them as a template to creating your SAM policy.
6) Create a Communication timeline/plan for distributing the policy details to stakeholders and business areas
7) Communicate the policy in line with your SAM processes and governance structure and corporate communications guidelines.
8) Your policy should be kept up-to-date. Initially it should be revised two months after release and then every 12 months thereafter.
Need more help?
So, if you still need some help building your SAM policy, ITAMS has developed a new one day workshop on SAM Policy Development for any newbie to SAM or existing SAM practitioner.
The workshop aims to help you identify, assess and develop appropriate policies to underpin your SAM practice and provide you with the core building blocks required to meet your business and SAM service goals. You’ll also get a set of best practice templates to take away.
For more information and to book your place, please visit click here.
Is your software asset data providing you with the right information to help you make informed decisions for your business?
In this post, ITAMS’ consultants define “data”, what data elements support IT asset management (ITAM) and what the data model comprises of for effective licence and compliance management.
Accurate, complete, and timely data is essential for reliable licence and compliance management. Regardless of how many sources you have, data coming into your asset repository must be of sufficient quality, quantity and coverage.
Data quality is the measurement of the correctness and completeness of data elements across all entities and the applications of standards, including attributes therein. When data is generated across multiple systems and then brought into the repository, where there are multiple data elements mapped to a single attribute, the data should, according to best practices, have the same format, i.e. Date = DD/MM/YYY.
Data quality also refers to the age of the data; it must be generated and transported in a timely fashion which supports the asset needs. Timeliness of data will depend on the asset (licence) and business requirements.
Data quantity then, is the measurement of the number of relevant data elements you have available to map against each entity. For example, if you are trying to create an asset profile, but all you have available to you is the product name and the date acquired, then you have insufficient data quantity. In order to create an asset profile, you would also need: PO number, SKU number, cost etc. Without the correct data quantity, your assets will not be complete.
Data coverage refers to the measurement of the availability of data elements, entities across the entire organisation in all environments and platforms. In order to generate a correct view of your assets, you must have data on Wintel, UNIX, Development and Test, Production, Disaster Recovery, Infrastructure, Regional Data etc. Unless you limit the scope of your SAM Service, you must have sufficient coverage for asset data.
Data elements in support of ITAM (of which SAM is a subset), must:
- Include all relevant data, not just software asset and licence data.
- Support all IT asset views resident in different technologies:
- Support specific requirements for analysis and reporting.
– Acquired (IT asset & licence repository).
– Installed (inventory discovery).
– Used (usage metering).
– Entitled (access authorisations).
The data model is comprised of:
- Entities – e.g. asset, contract.
- Elements (fields) – e.g., asset name, asset type.
- Definitions (purpose, intended content).
- Standards for key data elements – e.g., asset status.
- Attributes – e.g., alphanumeric, character.
- Links between entities – e.g., assets to licences to contracts.
- Relationships amounts entities – e.g., ‘installed on’, ‘assigned to’.
- Sources (systems-of-record) for each entity, possibly element.
Without data, your technology will not support your business requirements and be unable to provide you with the reporting and analysis information needed to make qualified decisions regarding your assets.
For more information about SAM data analysis services, please contact ITAMS.
SAM Market Trends – are you caught in the wave?
ITAMS’ specialist licensing consultants Monica & Adriana share some insight into how the Software Asset Management (SAM) market is changing, what this means to SAM providers and why end-users should not steer too far from the main principles of SAM.
“Having worked for several years in Oracle and now within ITAMS’ Oracle team, we are now in a great position to share a few thoughts with you, based on our experience working with both vendors and clients alike.
Without a doubt, the core strategy of a large software publisher is focused on revenue and not on achieving compliance for its end-users. In a large organisation, the need for a SAM process exists but the allocation of dedicated resources is not always covered. For this specific reason, SAM providers have emerged on the market and are here to help. However, things are not as simple as you might imagine.
Changes in the SAM industry have meant that organisations have started to spend a lot of money moving to new licensing models (that are vendor driven), and that are fast becoming “flavour of the month”. For example, let’s take the Cloud licensing model, which is suitable for a fully integrated service or when replacing an existing on premises software solution. The downside to moving to this type of licensing model is that if you‘re already tied into a licence term, you may need to re-invest in new licences.
Managing Software Assets has developed from a tactical fix into a strategic imperative. Even though IT budgets have remained flat, software spend continues to grow in terms of its percentage share of the overall IT budget.
SAM represents a business practice that involves managing and optimising the purchase, deployment, maintenance, utilisation, and disposal of software assets within an organisation. Furthermore, it enables an organisation to better understand the hierarchical ranking of software products from a vendor management perspective, as well as help it to make targeted software investments to support its strategic objectives. This being said the goals of SAM are to optimise IT costs, limit operational, financial, and legal risk related to the ownership and use of software.
So what should you do?
Firstly, you need to understand your software estate. So, what software licenses do you have, are they being fully utilised and are there any licences that are not being used and is there any software that is required?
In other words you need to be pretty sure about your organisation’s licensing position and especially with those vendors that consume the majority of your software licensing budget. There’s always going to be inconsistencies unless you keep an eagle eye on your estate. Once thing’s for sure though, with compliance comes responsibility. This being said, assess your current and future needs and act accordingly.
In a world in which SaaS (Software as a Service) and Cloud based software/licensing models are growing, one may be tempted to think that it could be the end of SAM as we know it. However, in our opinion, it’s the contrary. SAM will continue to prove its value as there are multiple reasons for investing in SAM services, in particular the necessity to manage user accounts, data and subscriptions.
Despite the fact that for many organisations the concept of “software asset management” (SAM) has largely been driven by the pressures of software license compliance, it is now widely agreed that SAM has become a vital business practice. Tracking software using excel spreadsheets is no longer the norm, with a significant number of growing companies now using key technologies to help them not only discover IT and software assets but also to track and manage assets over their lifetime.
Coming back to SaaS and Cloud licensing models, organisations must be aware of potential non-compliance situations arising from for example, accessing software from territories that are not included in the license rights, sharing user accounts or providing access to third parties and contractors to whom such access is prohibited.
To conclude, the best option for organisations at the moment is to explore what SAM services are out there. Initiate contact with a SAM provider, set a realistic yet effective and achievable framework of activity, taking into consideration the unique constraints of your organisation, existing tools and capabilities. Ensure you select an impartial partner, most probably one that does not resell software nor where interests blend. But, before you engage with a SAM partner, stop and ask yourself what does prevail, your requirements or those of your potential partner?”
For more information please contact ITAMS.
ITAMS’ Oracle licensing team provide an overview on Pool of Funds agreements.
For several years, Oracle has had an active policy to increase the number of Unlimited Licence Agreements (ULAs) signed with customers globally. This type of agreement is not something new, as some of the companies Oracle acquired previously have also used it.
For example, BEA Systems, (before its acquisition), used to offer their customers the possibility to buy licences using AYCE (All You Can Eat) agreements, these were replaced by Oracle ULAs, and PPBD (Prepaid Burn Down) agreements which are now, more or less, Oracle Pool of Funds (PoF).
Oracle decided to diminish the risk of letting customers choose the licences they wanted to use from the software listed in their ULA agreements, re-introducing the so called PoF agreements.
During the past year, the number of PoFs have increased and now, more and more ULA agreements take the shape of a PoF agreement.
So what exactly are Pool of Funds?
The Oracle PoF is a special type of licence agreement. In return for paying an upfront licence fee, end users get the right to deploy a mix of a pre-defined software against a fixed price, for a limited amount of time, until they reach the invested amount. If we refer to the initial agreements (ULAs) from which PoFs are derived, the conclusion is that Oracle dropped the option to select unlimited quantities (which is applicable only for ULAs) for the PoF agreements. This means that they can now, better handle any customers that are using large amounts of software, eliminating the risk of them using more software than what was initially paid for.
Customers must be re-assured that almost all the terms of a PoF deal are negotiable. The larger the company, the higher the discounts they will receive. Nothing is fixed, so more products can be included in the deal and the usage area can be expanded from a certain country to worldwide coverage. There are a lot of factors to take into consideration for this type of deal and they depend on the specific needs of the end-users.
Besides the licence fee, a customer must also pay for annual technical support based on the full PoF credit during each year of the PoF period and beyond. In addition, the PoF ordering document will specify a “Total Support Stream,” which the customer must maintain throughout the PoF period in order to keep the right to burn down the PoF credit until it is exhausted or the PoF period expires. Any failure to maintain the Total Support Stream will result in an early termination of the PoF period, and the customer must immediately declare licences in accordance with the contract conditions.
The Total Support Stream will include:
- Existing licences for the software programs that are included in the PoF agreement.
- All support for new licences included in the PoF agreement.
- Licences for the software programs that are included in the PoF owned by companies that are acquired by the end-user during the PoF agreement period.
- New licences for the software programs as included in the agreement, and as acquired against a price hold, after the signature date of the PoF agreement.
Usually, customers that have an active Pool of Funds agreement are contractually requested to provide periodical usage reports which are called “Licence Declaration Reports” (the standard term is every 6 months but this may vary from customer to customer). In this way Oracle is using the information from the report and updating their repository with the quantities provided.
An important fact is that, at the end of the contractual period, any unused licence credit will NOT be reimbursed; however, if at any time throughout the contractual period a client’s deployment worth exceeds the initial net credit, a new payment is due.
Furthermore, having a Pool of Funds deal doesn’t mean that Oracle will not conduct an audit during the term of the agreement in order to validate that the declared software listed in the Licence Declaration Report is complete and accurate. That is why our recommendation to customers that own PoF agreements is, to keep track of all licence records internally and if possible, use relevant SAM tools and support services that will ease their efforts.
ITAMS’ Licensing Analyst Sergiu provides an insight into the Oracle Licence Inventory.
The Oracle audit process represents a series of steps. The basis for this is Oracle’s so called “Licence Inventory”, although other software vendors may refer to it as ‘licence repository’/ ‘entitlement’, etc.
The Oracle licence inventory report is an excel spreadsheet summarising the licence products purchased by a particular customer and also a comprehensive overall picture of the historical support and licences.
How is this report used?
The report is used by Oracle Licence Management Services (LMS) consultants as a primary verification tool against which the original contracts are checked, in order for them to build a clear, simple and complete software repository. Later on, this will act as a guide for Oracle field consultants when managing their clients’ software accounts.
Grouped in several tabs, the information is based on the contract migrations report data and product migration rules. As a customer, special attention should be paid to your reference information, such as the correct spelling of names and ensuring that the address you have registered is the correct one. Also, pay particular attention to the status of your licences (if they are active or inactive) and the licence metric name of each licenced product.
Can the customer obtain this information from Oracle?
In 90% of cases, the customer will receive a “customer facing document”, where details about Oracle’s licencing audit report can be found. Included is a licence table (a simplified format of the licence inventory), nonstandard clauses (found in the original contracts), definitions of the licence metrics that the customer is licensed on (taken either from the original contract or from Oracle’s price lists) and finally, the minimum number of users /devices required for every software product (so these can be correctly licenced).
As Oracle consultants build the customer repository using different systems, sometimes the information lacks accuracy, so the customer should pay extra attention to ensure that the details contained in the inventory are correct.
For the customer, the most sensitive information to check is related to:
- Product name
- Licence Level
- Licence Term
- Support status
- Licence ownership
- Duplicate products.
For a customer to have a clear licencing position, they should ensure they have:
- A tool that is capable of tracking all software licences currently in use.
- Identified all the deployed licences across the organisation’s network. (Oracle uses measurement scripts which may be provided (but not in all cases). Customers must ensure that they know what the outputs are and that an expert is working on that.)
- Built and maintained a report with detailed information on licence use. In other words, keep track of licence use internally.
- Started comparing entitlement and deployment on a regular basis in order to have a strong compliance position.
After all the above are taken in consideration, the customer should have a clear view of whether they are under-licensed and need to acquire extra licences or whether they are over-licenced and need to uninstall licences.
Managing software assets can feel like an endless maze if you don’t know how to approach licensing information. Remember creating an efficient SAM process takes a lot of time and needs dedicated resources.