Have
you forgotten what you felt on the 11th? We haven't - and we never will.
We will remember those human beings of all nations who lost their lives and those who lost loved ones in all the chaos that surrounded 9/11 and its aftermath. . .
Look Out Corporate America: The Software Police are in Town!
The BSA Grace Event for February 1- 28, 2003 is closed.
During the period of February 1-28, 2003, the Business Software Alliance staged a "Grace Event" * in the metro areas of:
Chicago, IL; Boston, MA; Dallas, TX; Harrisburg, PA;
Seattle, WA; Albuquerque, NM;
Louisville, KY;
If you represent a business, educational institution, or organization in one of these cities or their surrounding communities - YOU were involved. Your good name and livelihood could be at risk if you ignored this opportunity. However - and this is important - please do not panic - you can still become compliant. A Grace Event letter does NOT mean you are about to be audited - or even that you have appeared on the BSA "radar." (See below for information.)
IAITAM Knowledge Seminars: Proactive BSA Grace Event Audit Techniques
For Information or To Attend: BSA Grace Seminars
A Truce Event is your opportunity to bring your software utilization in line with your actual licenses without penalty. You had around 30 days to perform a process you haven't had the time nor the people to perform since you opened your doors.
CAUTION: The Grace Event is also an opportunity for a host of completely unqualified "service providers" to prey on your sense of urgency. The answer to ONE simple question will sort out the qualified providers from the unqualified ones:
"How many of your software compliance auditors are Certified in software Asset Management?"
If they can't produce a certification, we strongly recommend not allowing them to put your company in jeopardy. For more info on qualifying software compliance auditors see .
Members of the SAMs Team are fully qualified and experienced Certified Software Asset Managers and have written many of the advanced courses in Software and Hardware Asset Management processes, procedures and techniques for the International Association of IT Asset Managers.
How serious is this? During January of 2002 an Irving, Texas telecommunications company settled with the BSA in the amount of $210,000 for non compliant software. This is not a game. You need to immediately look at your software asset management process and bring it up to speed to ensure accuracy.
Flip Side? We have received multiple reports from volume software vendors that software sales surge during a Grace Event. This makes a certain amount of sense, however we have also noted that companies tend to purchase unnecessary software titles - reacting to the Grace, rather than strategically managing it. Don't spend unnecessary revenue on software you don't need - find out precisely where your exposures are and minimize the costs.
Additional Scenario: In June 2002, a Belmont, California manufacturing firm settled with BSA for non compliance in the amount of $68,890.
Am I safe? Remember, the BSA is only one of the two compliance enforcement agencies in the US - it does NOT represent ALL software publishers. Fulfilling the BSA Grace requirements will NOT prevent the other software publishers or the other compliance agency from knocking on your door. Get this situation taken care of - now - while your exposure can be reduced.
Do you think those are large expenditures? Our studies show that the actual cost of one of these audit events ranges between 3 and 6 times the amount of the settlement. In the scenario above, we estimate the actual cost of the compliance agency audit event will have easily exceeded $68,890 ($68,890 x 3 = $206,670). The SAMs compliance experts can help you eliminate the non compliance threat for a minor fraction of any potential settlement amount.
(Precise figures are difficult to quote due to the apparent tendency of these settlements to have a variation of a "gag rule" imposed. Companies who have been hit are VERY reluctant to reveal the TRUE cost of non compliance. Makes one wonder how we can all recognize the true seriousness of the issue when the true seriousness of the issue is clouded in secrecy.)
Please, keep in mind, the BSA has publicly stated that they have no qualms about confronting companies with fewer than 30 computers regarding non compliance issues. After all - technically - even one computer configured with a single non licensed software application is a violation of Federal Copyright Law and could cost you in excess of $30,000 per title infringed - up to $250,000.
Realistically: How are you going to prepare?
Here are the individual projects you must put in place:
- You must create, and have in place, corporate policies and procedures relating to use of software on corporate computers. (SAMs can put these together for you - for many businesses this takes less than a single day.)
- You must identify, very clearly and precisely, what software is configured on every one of your corporate computers. This is the universe of discovery tools - their reason for existence. Don't forget that SAMs uses the same audit tool that BSA uses. This tool can be up, running, and productive in a single day in most environments. It doesn't flood you with information overkill - you get the information you need in a format you can understand. (SAMs is the premier corporation certified in helping you implement and administrate one of the fastest, most accurate, systems inventory tools in the industry.)
- You must locate and document all your license and purchasing records. (SAMs will show you the most effective means of documenting licenses and proofs of purchase.)
- You should appoint, empower, and train an employee who you will designate as your
Software Asset Manager. (SAMs can supply
this service as an outsource or we can show you what is necessary, mentor your people, and
help you come up to speed quickly.)
What Happens If You Do Not Address These Issues?
If you are targeted, here's what you'll have to do:
 | Each non licensed software application is a violation of Federal Copyright Law - Fines can range from $30,000 to $150,000 to $250,000 per title (Jail terms, believe it or not, ARE an option). A recent settlement we followed up on represented an average penalty of around $600 per computer. (PLUS other costs.) |
| Each copyrighted music (MP3) or digital video is also a potential copyright violation - remove them from ALL enterprise systems. |
| You will pay for all audit expenses if BSA audits you. Figure all the transportation and incidental expenses for four "types" of people - at least one each from the major software vendors involved; multiple auditors; all the BSA staff they care to send; and lawyers - LOTS of lawyers. |
| You'll pay all the legal fees. |
| You'll pay for the downtime your company incurs while the audit is performed. |
| You'll pay to remove all software from your systems and for a re-audit to ensure it is gone. |
| You could easily pay as much as double the retail value of every copy of every software product you have shorted. |
| You'll pay in time and personnel for all software to be reconfigured back onto your systems. |
| You will be required by the settlement to set up and maintain an entire corporate infrastructure devoted to remaining compliant in the future. |
| You will pay to implement a discovery tool and a database/repository to track software utilization and license documents. |
| You will appoint, empower, and support an employee who will monitor compliance, provide employee training and maintain your systems. |
| BSA will issue a press release and tell the world that you were caught using software outside your contractual commitments. |
| Your personal/professional world could easily be impacted. How do you phrase the
resume entry "Cost former employer $300,000 and exposure to international negative
publicity as a result of software piracy settlement"?
|
Sound like a nightmare? Contact SAMs!
Please keep in mind: The compliance agencies have every right to perform this
service for their members. Virtually every software license you have "in
house" contains a "permission to audit" statement somewhere in all that
fine print. If you are using any software illegally "It is a
Federal crime" - end of story.
Your options come down to: (Choose one)
1. Get yourself compliant and keep yourself compliant.2. Allow the BSA (or any of the other 7 SWAT Teams) to put you into compliance, fine you, then force you to return to, and follow, option #1 as part of the settlement.
3. Contact Software Services to enable us to help you prevent the entire catastrophe.
Software Services can help.
One other issue: These agencies and publisher SWAT Teams have been known to perform follow up audits on businesses which have already been penalized - to include additional fines if the company has once again strayed into non compliance. The settlements generally give them the right to re-audit with prior notice for up to two years. This is not a short term activity: this is a real world process you definitely need to implement.
: Beware of "quick fix" audits. A properly conducted audit will locate potential compliance, as well as non compliance, issues on every computer. Performing this job correctly means taking the time necessary to make certain your enterprise is safe from potential non compliance issues. In this case "unnecessarily quick" becomes foolish. Please do not abbreviate this issue. An improperly conducted audit will leave you wide open to a very hazardous, and expensive, false sense of security.
: Our apologies, but you HAVE to be made aware. There are dozens (hundreds?) of consulting companies out there that are attempting to provide ITAM and Software Compliance Services with virtually no background in the industry. Many are perfectly capable of doing so. However, and this is important, altogether too many of these consulting groups have absolutely no background or training in the field. Their solutions, such as they are, are not based on industry standards or procedures. In short, they can actually put your company at more risk after they "serve" you than you were in before they entered your doors.
Please... ALWAYS check to ensure that any consulting group or person offering these services has (at very least) been Certified as a Software Asset Manager (CSAM) or has been trained and Certified to conduct Software Compliance Audits through the International Association of IT Asset Managers (www.iaitam.org). Do not put your company at risk working with unqualified ITAM and SAM providers.
Think we're kidding? A company recently contacted IAITAM for help because it had been "audited" by one of these "under qualified" consulting firms. It seems their consultant had deleted a large number of software applications that drove their primary database - because the configuration discovery tool (well below industry standard) used had failed to identify the apps correctly. Recovery costs were incredible. Don't select your compliance or ITAM consultant based on a quick Ouija Board query.
Don't get caught by duplicate audit costs:
Are you conducting an audit for Microsoft's SA licensing? If so, consider whether your team is tracking ALL software and as well as ALL hardware products during this audit. If your auditing tool does not pick up all products, you are using the wrong tool. This will cost you dearly if you are required to "re-audit" by another software publisher or one of the compliance agencies. Do it right the first time - Get it ALL the first time - contact Software Services. truce@samsrv.com
BSA Settlements - http://www.bsa.org/usa/press/press.phtml