Alert January 31, 2007

10 Simple Steps to Ensure Software Licensing Compliance

One area where companies can easily get into trouble is having unlicensed software on company computers. Computer software is protected under the U.S. Copyright Act. The Copyright Act provides for strict liability for possessing or using unlicensed software, meaning that your company may be liable for having unlicensed software, even if management does not know about the software or intend to use it. Additional penalties for intentional infringement also exist. The Copyright Act allows for the recovery of damages between $750 and $30,000 per copy of unlicensed software (with damages that may be reduced below that range for innocent infringement and enhanced above that range in the case of willful infringement). Liability for copies of unlicensed software could add up quickly to a large amount if your company were sued when it was not in full compliance. A typical office computer will have a substantial number of computer software programs, including for example, operating system, e-mail, word processor, spreadsheet, document management, virus protection, graphics, etc. If even one program per computer is unlicensed the liability can be tremendous. Here are 10 simple steps to ensure that your software licensing is compliant and up to date:

1.  Direct all software purchases through a central purchasing or information technology department.

Directing all software purchasing through a central purchasing department, or through your company’s information technology department, will simplify the tasks of controlling software purchases and installation, maintaining records of licensing and installation, and ensuring that unused or outdated software is deleted. Central purchasing has the added advantage of maintaining all of the licenses for the software at a single location and making sure that software is purchased only through proper channels.

2.  Implement a streamlined method whereby business units or departments may rapidly get requests for necessary software approved and filled by a central purchasing department.

In order to get all business units or departments to channel their software purchasing through a central department, it is helpful to implement a simple method whereby different departments may request software purchases and installation and have those requests answered quickly. By providing a mechanism for a prompt response to a software request, it is less likely that an employee will simply go out and “acquire” software outside.

3.  Buy software from an authorized software reseller.

Using a software reseller which is authorized by the company that produced the software ensures that the software is genuine and that the producer will recognize the license provided by the reseller. Most software companies provide lists of authorized resellers on their websites.

4.  Keep detailed records of all purchases and license agreements in your central purchasing or information technology department.

If your company is sued for copyright infringement or presented with a demand for a software audit by a software producer, or one of the two main software industry associations that represent software producers, the Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA), having detailed records will be key to your response. These organizations, when conducting a software audit on behalf of their members, often require a detailed listing of both the number of software installations and proof of the number of licenses. It is therefore important to keep detailed records concerning all software purchases, installations and deletions, as well as the licenses for any software purchased.

5.  Run self-audit software regularly on all of your computers, including laptops that may only be connected to the network periodically.

There are a number of software self-audit tools available that your company can use to create a report on all copies of software presently installed on company computers. This software will allow routine checking to ensure compliance and avoid even innocent infringement. Descriptions of the tools and links to the websites of the providers of self-audit tools are available on the BSA and SIIA websites, http://www.bsa.org and http://www.siia.net.

6.  Include a policy statement in your employment manual concerning software piracy, and discuss that policy with all new employees.

It is good practice to include in your employee manual a policy statement on software that: (i) states that it is the company’s policy to use only licensed software and to observe all the terms and conditions of those licenses; (ii) states that downloading or using unlicensed software may lead to civil or criminal liability and/or disciplinary action by the company; and (iii) sets forth the proper procedure for requesting the installation of any software on a company computer.

7.  Delete all older versions of software when a new version is installed.

When software is upgraded, older versions may inadvertently be left on computers. As any copy of software, even of an older version, is considered an installation requiring another license, any older version of an application should be deleted at the time the new version is installed.

8.  Delete all beta software after the authorized time period for testing expires.

All software that is used by the company during a beta testing period or other time-limited period should be destroyed after the expiration of that period.

9.  Consider locking down all computers to require administrative permission to install software.

The most secure way to ensure that no employee other than a member of the information technology department can install software on a company computer is to require an administrator password to install any software.

10.  Send a member of your information technology department to attend a training course on software license management.

The SIIA sponsors a course for software managers aimed at teaching the skills necessary to manage software licensing issues, which it calls the Certified Software Manager course. Information is available at http://www.siia.net.