12 questions to determine software compliance readiness

There are many potential business issues that could trigger the start of a software asset management (SAM) program.  One of the most common can be summed up in one word: compliance. Whether an organization is facing a license audit from one of their top vendors, is cracking down on security, or is establishing policies on software requests and data center changes, a formalized SAM strategy can help mitigate many of the risks involved.

Software compliance issues often occur due to a lack of visibility into what software is licensed, what’s actively being deployed, and how much is being spent. Shadow IT and cloud environments can be huge contributing factors for non-compliance as employees can easily deploy software without having to go through the proper channels. In this blog post, we identify potential compliance risks and 12 questions to ask yourself to determine software compliance readiness.

License and entitlement compliance

Organizations face many difficulties ensuring they are in compliance with vendor contracts and are only using licensed rights. These difficulties can be attributed to a lack of visibility into software usage and spend. If a software license entitlement is for 100 users, the SAM program should specify the machines and users assigned to those 100 available rights. Without it, once you have the 101st license deployed, it will be difficult to understand who is consuming rights without entitlement. This will allow you to shore up your software request and allocation process going forward.  Regaining control over compliance at an aggregated level without detailed rights allocations can be troublesome.

Maintaining license and entitlement compliance becomes increasingly problematic for asset managers who are manually updating spreadsheets with scattered data from multiple sources. It can be challenging to stay up-to-date with complex vendor licensing and pricing models that are ever-changing. Effective license and entitlement management not only helps control which users are operating within the scope of their assigned license but also provides the corrective action needed.  Full license visibility can shine a light on whether licenses are underused or overused, unveiling potential compliance risks. Here are some questions to consider if you are unsure if your license and entitlement management efforts are helping maintain compliance:

• Do you know what software you are contractually entitled to use?
• Does your software data reflect the most up-to-date publisher licensing and pricing models?
• Does spend data provide a complete and accurate picture of all software across your organization?
• Are you able to justify your software spend and rationalize applications you are or aren’t using?
• Are you using the software in cloud environments that the contract allows?
• If a software audit were to happen tomorrow, would you be prepared?
• Does your discovery tool leave gaps in your software inventory, leading to blind spots in the event of an audit?

Compliance with policies and procedures

Even with the best policies and procedures in place, organizations are bound to experience employees who bypass protocol when purchasing and using software. This could be due to the immediacy of their software needs (and trying to avoid lengthy processes), the accessibility of software to the end-user, or lack of awareness of the risks associated with unapproved software for services. Sometimes, employees are simply unsure of what steps to take when they have a software need. Below are several questions you can use to gain insight on whether or not policies and procedures are contributing to any non-compliance issues:

• Do you have a clear set of policies and procedures in place to streamline how employees gain access to the software they need?
• Do you have a catalog of approved software that is visible and accessible to your employees?
• Are your employees following the correct procedures when requesting/purchasing software?
• Are your employees aware of—and are educated on—the correct software request and purchasing procedures?
• Does your data center team consider the software license and costs associated with IT changes to clusters, clouds, and infrastructure?

What a formalized SAM strategy (on a single platform) can do for you

Mature SAM practices help alleviate compliance risks by providing full visibility of software cost, usage. ServiceNow Software Asset Management operates on a single-architecture platform (2) and the data you import into one application is shared with other applications operating within the same system. This means you have actionable software information that can be utilized cross-functionally throughout the company. Teams responsible for IT change, application portfolio management, IT operations and software purchasing are connected with intuitive, automated workflows. A single system of action brings business-critical data together in one location, rather than trying to piece together data from multiple sources or systems.

Actively monitoring and managing software is essential to maintaining a healthy software compliance position. Mature SAM practices prevent the over-usage and under-utilization of licenses, help avoid or respond to security threats, and provide insight into whether the appropriate policies and procedures are in place. When SAM sits on the same data architecture as IT change, you can actually proactively prevent compliance issues in the first place. Perpetually clean, action-driven data being used and shared across the organization within a single platform makes it much easier for asset managers to identify areas where their organization are out of compliance and then take the necessary steps to remediate issues quickly.

Related content: Simplify software governance on a single platform

1. https://qz.com/1480809/the-biggest-data-breaches-of-all-time-ranked/
2. https://community.servicenow.com/community?id=community_blog&sys_id=a63cf278dbf0ffc4200f0b55ca961982