Search:

Country Select Corporate English French Italian Portuguese Spanish

Home >  Company >  IT Management Expertise >  Software Asset Management

SAM*: Only a global approach is effective. 5 best practices

*SAM = Software Asset Management

A formidable productivity lever, software has also become one of the main items of IT expenditure and a source of legal, financial and technical risk. Software management is therefore a major challenge for any organisation.

Managing software is a task that can prove difficult. There are numerous difficulties: the diversity of licenses among publishers and for the same publisher over time, draft licenses that are difficult to understand or licenses that vary (installation, simultaneous access, server power, tokens, ASP, etc.), the ease with which the software is installed (download), difficulty of maintaining a historical record in the context of organisational evolution (mergers, acquisitions, restructuring, etc.)

Long dealt with technically, locally and tactically, the implementation of an effective Software Asset Management (SAM) policy calls above all for a global approach in terms of organisation, methods and tools of control. 

Specialists in IT management for more than 15 years, Staff&Line helps its clients to implement tools and methods for managing their software assets. The aim of this document is to present Staff&Line’s SAM vision while the new ISO 19770 standard (adopted in 2006 and devoted to SAM) is becoming widely implemented.

SAM: a critical challenge for the organisation as a whole 

To be fully understood, the challenges associated with SAM must be recognised not only in terms of potential risk but also at the economic level and in terms of competitive advantage for the organisation.

Minimising the risks

The non-existent or inefficient management of software assets exposes organisations to three main types of risks:

• Technical risks: software that is not properly licensed is not maintained and does not benefit from effective technical support. This causes an interruption in service or alters the quality of service. The non-control of software installations increases the risk of security breach: viral infection, intrusions, etc.
• Legal risks: according to the BSA (Business Software Alliance) the average rate of software piracy was 35% in Europe in 2004 (France: 45%, UK: 27%, Spain: 43%, Italy: 50%, Portugal: 40%). This represents a revenue shortfall of 12 billion dollars for the software industry which, to protect its interests, invests considerable funds in education and suppression. It should be noted that European legislation on copyright protection provides for the imposition of severe penalties on offenders (fines, suspended prison sentences, etc.) and IT management is often in the front line.
• Conformity with the new legal and financial rules: Sarbanes Oxley (SOX) and IFRS are just some of the many accounting and legal standards which require expenditure to be traceable and call for the careful management of assets, especially software, which is more difficult to apprehend because of its immaterial nature. Non-compliance with these standards may cause financial and image costs for the organisation.

Controlling IT costs 

Beyond the risks incurred, SAM enables the direct and indirect costs associated with software to be controlled and significantly reduced:

• Reduction in the over-purchase of software: It is very expensive for organisations not to manage their software: the purchase of more licenses than the number of workstations (for protection against problems of piracy); the acquisition of complete software versions when simple updates are all that is necessary; the upkeep of software that is no longer in use; the non-utilisation pure and simple of licenses by certain people (a study carried out in the United States by AMR Research showed that, of the 60 organisations surveyed, fewer than 50% of the software licenses acquired from CRM were utilised).
• Better negotiation with suppliers: Better knowledge of an organisation’s software assets enables it to negotiate better with its suppliers and therefore reduce investment and operating budgets. An effective SAM policy will enable the organisation to plan and group its purchases, make better use of the upgrade options available to it thanks to its control over the license agreements and to cancel maintenance contracts that are no longer of any use, etc.
• Reduction in support costs: Proper software management will also enable organisations to target their training efforts better, to tailor support to the actual needs of users, to anticipate incidents by distributing information documents (such as tips or knowledge bases), to standardise software by type of user, to industrialise its deployment, etc. By reducing the probable causes of incidents it is possible to significantly reduce support costs without compromising quality of service.

Improving IT efficiency

Today most organisations or administrations are equipped with hardware and software. The competitive advantages generated are more associated with an increase in productivity, speed and agility. Proper software asset management enables organisations to:

• increase the productivity of their users by reducing the time their IT infrastructure is unavailable: targeted training, anticipation of incidents, improved IT security, better backup management, etc.;
• deploy the new software or upgrades more efficiently through perfect knowledge of the configurations installed
• absorb organisational changes such as reorganisations, mergers or acquisitions more quickly.

SAM: a global approach is indispensable

The implementation of an effective SAM policy is a global approach which must be envisaged on 3 levels:

• Organisational: definition of a policy linked to corporate governance (what are the objectives?), establishment of an organisation (who is responsible?) and of a communications policy (to inform)
• Key processes: usage inventory and audit, license reconciliation, control, asset life-cycle management, contract management, financial management (cost monitoring, depreciation, budgets, charge back)
• Associated processes: Service Management (Service Desk, Change Management), on demand software distribution

By detailing each of these points, the text of ISO 19770 usefully highlights the absolute necessity of a global approach. 

ISO 19770

The new ISO 19770 standard aims to measure whether the level of software asset management (SAM) within an organisation is sufficient to meet the objectives of good corporate governance and qualitative IT support for users. From this point of view ISO 19770 is consistent with the International ISO/IEC 20000 standard in terms of quality of IT services.

According to these designers, good SAM practices make it possible:

• to manage risks of interruption in service, risks of altering the quality of service as well as the legal and image risks associated with piracy ;
• to control costs through better negotiation with clients, by avoiding the over-purchase of software, by improving budget management as well as by reducing the costs associated with the unavailability of the IT system and support ;
• to improve competitiveness.

ISO 19770 clearly envisages for SAM a global, strategic approach and not a local, tactical approach. 

For more than 15 years Staff&Line has helped several thousand clients worldwide to implement a SAM solution. Our experience has shown us that ad-hoc, local or reactive approaches are ineffective over the long term. Organisations generally fall at the following hurdles:

• A uniquely reactive approach: fearing control by a publisher or an enforcement body (BSA, FAST, etc.) the organisation draws up an ad-hoc inventory and makes an often costly and unbudgeted adjustment.
• A purely technical approach: having automatic inventory software, the organisation believes it has a good knowledge of its installed assets. More often than not, these organisations do not have processes for managing license contracts taken out in the past. In addition, the technical inventory tools (in contrast to management inventory tools) provide raw information that does not permit license reconciliation.
• A uniquely contractual approach: many organisations believe that SAM does not apply to them as they have signed contracts (group contracts or a organisation contract) enabling them to use the publisher’s software on all their workstations. This approach has the disadvantage of being costly as it does not take into account the actual needs of the users and therefore leads to the over-purchase of software. Nor does this type of contract protect the organisation from piracy concerning software that is not covered by these contracts.

The 5 best practices recommended by Staff&Line:

On the basis of our expertise we have chosen to implement 5 best practices to enable the reader to implement a genuine software management policy that is pragmatic, progressive and effective.

1. Establish the organisation’s software policy 

The software policy establishes the organisation’s software objectives. It expresses the organisation’s strategic, technical and budgetary choices. It must therefore involve the management of the organisation as a whole. The IT department must monitor its implementation. An essential element of the software policy is the “software library”, i.e. the list of software that is authorised within the organisation and its allocation per population of users, the methods of acquisition, the upgrading and deployment rules, the internal charge back procedures (where applicable), the support and training methods, etc.

 2. Set up a specific organisation

Once the software policy has been defined, it is essential to appoint, in direct liaison with the IT department, a person responsible for the software assets, who will promote the software policy defined by the organisation and its manager. This person must be officially recognised by the management of the organisation and may have local correspondents (depending on the size of the organisation). His or her initial role will be to formulate processes, to inform users and to supervise the implementation of SAM tools.

3. Implement pre-established procedures to manage licenses and their life cycle in the organisation 

The person responsible for the software assets must implement a set of formalised procedures covering:

• the methods for identifying the software assets
• the drawing up of permanent control inventories 
  reconciliation between the software present in the organisation and the licenses acquired
• the management of the entire life cycle of the software assets: expression of need, acquisition, upgrade, scrapping, possible resale, and all the events that may occur during the life of the software must be described and organised. 

4. Communicate

The person responsible for the software assets will also have a duty to familiarise the organisation’s staff with the software policy and the associated processes.

Team members must therefore be informed of their relevant rights and obligations under an IT charter. This charter will clearly explain the importance of the authenticity of the software both for the organisation (an employee forced to use pirated software may refuse to use it under the protection of labour law) and the employee (the employee being formally prohibited from installing pirated software on the organisation’s workstations). The charter must also specify the procedures for procuring software. In some organisations this charter is annexed to the employment contract and is signed by all its employees.

5. Implement a global tool

A global approach offers a global management solution. It must be possible to manage all the processes defined in a single, coherent policy, which is accessible to all the parties involved (with different rights).

This tool must have the following functionality:

• An automatic software inventory that is exhaustive and permanent
• A software audit tool to manage:

License contract management for the different types of software: acquired, free, OEM, upgrade, etc. Software policy management  Economic and financial management Complete change and software asset life-cycle management

 

 

 

 

 

• Interface with on-demand software distribution
• Interface with the Help Desk and the CMDB
• High-level reporting capable of reconciling four key pieces if information: The list of installed software; The list of licenses purchased drawn up with the diskettes, CD-ROMs or any other digital data storage medium, the original manuals and documents accompanying the software, the license contracts and the invoices and purchase documents; The list of software used; And, finally, the theoretical situation which expresses the organisation’s software policy.

 

In this way, the organisation can determine what software is illegal or redundant and cases where the internal software policy has not been complied with. 

Get to know more about EasyVista

Come and attend one of our EasyVista presentation