8 Top Tips for Upping Your SAM Game and Software Compliance

Many IT organizations think it’s too difficult to take on software asset management (SAM), also called software license management (SLM). They think that it’s too expensive to do (especially when they assume an expensive SAM technology is required), is people intensive, and/or is hard to justify on an ongoing basis.

I’m here to tell you that this is completely not the case. With the investment in SAM, if done correctly, the potential to save money and time, and to reduce risk, far outweighs the drawbacks.

SAM capabilities are often sold to organizations based on fear – the fear of fines, reputational damage, and even prison time for company directors. But, while these are valid risks, and fears, SAM is not just about ensuring software license compliance. SAM is also about ensuring the effective financial stewardship of the software asset estate.

Thus, SAM can also help you to reduce costs – by ensuring that the correct amount is spent on software assets (as well as with license reuse) – along with mitigating risks, all in the process of keeping your software asset environment under control.

And SAM also doesn’t have to be a big, upfront expenditure. Instead, organizations can start at a pace that suits their capabilities and pockets.

So, with this in mind, I’d like to offer these eight tips for upping your organization’s SAM game and software compliance.

1. Understand the Required SAM “Ecosystem”

Many people make the mistake of thinking that a new SAM tool will fix all their software license management issues. But SAM isn’t just about investing huge sums in a tool. Instead, it’s more about having the right people and processes in place. Ultimately, you can have all the expensive SAM tools in the world but, without the right knowledge, checks, and governance, the financial and legal risks associated with being under-licensed will still exist.

So before starting anything, work out – based on your required SAM capabilities over time – what is needed in terms of people, process, and technology, plus how this will change over time.

2. Start with Your Biggest Area of Exposure

As with IT asset management (ITAM) per se, don’t try to fix everything at once because you’ll end up doing one or more of the following:

  • Spreading your attention and resources too thinly
  • Starting and not completing
  • Doing many things poorly rather than one thing well
  • Finding and having to deal with multiple roadblocks all at once
  • Running out of steam

Instead, prioritize.

Top Priority GIF - Find & Share on GIPHY

Start with your biggest areas of risk and cost – the software that’s used across the organization by many people. For example, software products from IBM, Microsoft, SAP, Adobe, or Oracle. You will probably also find that, the harder it is to ensure compliance with a particular vendor’s products, the more chance there is that they will be keen to audit customers.

You can always expand out over time, but the key thing about getting started with SAM is to deal with the riskiest areas first so that you reduce any potential adverse impact further down the line.

3. Understand What a License Is

The answer is, it depends. There’s a lot of confusion about what constitutes proof of license but the reality is – different vendors will require different things when it comes to licensing evidence.

Don’t believe me? Here is a list of just some of the things that can be considered a license by different software vendors:

  • The software in its packaging
  • The master copy of the software itself on the master media
  • Distribution copies of software on the freestanding media or servers
  • Installed operational instances of the software
  • Software pass codes or license keys
  • Software maintenance authorization codes
  • Documentation
  • Paper-based or digital software license certificates
  • License terms and conditions
  • Support contracts
  • Upgrade components
  • Software release documentation

The bottom line? When purchasing software, get written confirmation from the vendor as to what constitutes agreed proof of license.

4. Know Your Subject for Software Audits

When you have your agreed proof of license from each software vendor, make sure that you have all the information needed for future compliance audits (by the vendor) covered. This could include:

  • Name of software
  • Vendor or manufacturer name
  • License details and reference number
  • Version number
  • Licensing terms – for example, is it a perpetual license or subscription based? Does it automatically renew?
  • How license usage will be measured
  • Usage limitations
  • Geographical limitations
  • Support details
  • Upgrade pathway
  • Provision for third-party software integration
  • History of product and vendor names, as these will change over time due to corporate mergers and acquisitions

5. Build a Standard, and Hopefully Optimized, SAM Process

Work with your purchasing and IT support teams, map out the process(es) for software assets from request through to retirement. And look for any gaps that can be addressed via additional SAM activities or process(es).

Things to consider include:

  • How are software requests managed? Centrally via the IT service desk and service requests? What about break-fix or incidents?
  • How does the purchasing team communicate with the service desk? And is there a fit-for-purpose audit trail?
  • How are software changes managed? And is licensing a consideration when assessing planned work?
  • Do you have a formal release management process with a definitive media library (DML) that could become a central point of installation?
  • Are there any acceptable usage or information securities policies that could be used to further support SAM?

At the very least, make sure that a service request is required for all software asset installations such that an audit trail is in place.

6. Use the IT Service Desk as a Control Point

As well as being a central point of contact for service requests, the service desk is also a central point of control – ensuring that nothing gets lost, ignored, or forgotten about.

By including the service desk, you go a long way in ensuring that every software asset is linked to an incident or service request and that the right software is deployed at the right time, to the right person, and with the right license being held.

7. Have a Capability to Check Installs to Licenses

In a perfect world, what we have in our live environments would perfectly match what was agreed in the license documentation. But as you probably know – we don’t live in a perfect world.

So, it’s important to build some verification tasks into your SAM processes. If you don’t yet have automation or a SAM toolset in place, then build some checks into existing activities. So, for instance, when a service desk analyst logs a software ticket, some additional questions are added to the script to capture licensing information. This will give you a “point in time” reconciliation that can be built on over time.

If you do have access to SAM tools, and existing network discovery information, then look at what can be automated such that you can easily report on available licenses versus installed instances of the software.

8. Don’t Ignore the CSI Opportunities

Commit to an ongoing improvement process.

If your organization doesn’t have a formal continual service improvement (CSI) register (and process), then consider making one specifically for SAM. It doesn’t need to be complicated, it could be as simple as an Excel spreadsheet acting as a lessons-learned log – tracking “own goals” and improvement opportunities from audit findings, to instances of over-licensing.

Also look at current industry best practice – be it the itSMF for practical guidance or the ISO/EC 19770 SAM standard for governance and compliance.

Finally, as your SAM processes mature and deliver tangible results, getting buy-in will become easier and you’ll have more of your software estate under control. What’s not to love, right?

What do you think of these eight software compliance tips? What else would you add? Please let me know in the comments.

Posted by Joe the IT Guy

Joe the IT Guy
Joe the IT Guy

Native New Yorker. Loves everything IT-related (and hugs). Passionate blogger and Twitter addict. Oh...and resident IT Guy at SysAid Technologies (almost forgot the day job!).

Leave a Reply

Your email address will not be published.