7 essential data layers to master your software audit

7 essential data layers to master your software audit

Every company faces a software audit at some point. It may start with a letter from Microsoft, IBM, VMware, or another vendor requesting license purchasing and software usage data. They will then inspect this data to see if you’re complying with contract terms. These audits usually involve a lot of work, as analyzing the data is time-consuming and requires full-time resources. Thus, audit processes can last for months. In addition, the provider often discovers under-licensing or non-compliance, leading to negotiations and potentially big bills.

This article provides tips and best practices on how to prepare and respond to an software audit using essential SAM data. 


Determining your compliance

From the vendor's perspective, the goal of an audit is to uncover non-compliance to collect licensing fees. Audits are a lucrative revenue source, so vendors pursue them rigorously. The audit process starts with gathering software usage data, analyzing it, accurately reporting usage and installations, and reconciling that data against your entitlements and contracts. A Software Asset Management (SAM) tool can automate this, creating a single source of truth.

Pulling data from inventory sources into a SAM tool provides accurate reports on deployment, configuration, licensing, and usage. This data is your secret weapon at the negotiating table when your vendor presents its compliance data. To defend against the vendor’s data, you need accurate data from your own estate. But it’s more than just gathering information and hoping something sticks. You need relevant data that will stand up to the audit.


7 Layers of essential data to beat the audit

Your audit-ready data comes in seven layers, revealing the secrets of your software licenses and giving you an edge in your audit response.


1. Commercial data

This is about the licenses your company purchased: when, how many, and which business unit owns what. Procurement tools can gather this, but just counting licenses isn’t enough. You need to read the contracts, note licenses and metrics, and record Product Use Rights, maintenance terms and dates, and license transfers. Getting commercial data is just the start.


2. Effective licenses

To understand compliance, find your effective license position, which is the licenses needed based on actual usage. Answer these questions about a license:

  • Is it a base license, update license, or pure maintenance license?
  • Does the base or update license entitle you to maintenance?
  • What do the Product Use Rights allow?
  • What is the license metric?


3. Licensable software inventory data

Discovery is not the same as inventory. Discovery is when your SAM tool finds installed and running software from all devices. Inventory uses discovery information to count software and hardware on devices. Don’t submit raw discovery data—it’s more information than necessary and may lead to discrepancies in the vendor’s report. Submit inventory reports instead, organized and sorted by a SAM tool to ensure you give only what’s needed.


4. IT architecture data

This data is about where your software runs, which can get murky from a compliance perspective. You should ask:

  • Who owns the machines running the software?
  • How is the hardware configured?
  • How is the IT architecture designed?
  • Is the software on a hard-partitioned virtual server or in a cluster?
  • On which platform is the software running?
  • How is the software used?
  • Which applications are running on top of what server software?

In "Serverland," licensing can get complicated and costly. But this information is relevant for Product Use Rights and certain metric calculations. Use your SAM tool to be thorough.


5. Metrics & effective demand data

Know the actual contents of the licenses because they define the metric and the vendor’s calculation. Use the metric to calculate licenses needed for your software usage: That’s your Effective Demand. Serverland software license metrics are complex, involving hardware details, configuration, platform, virtualization, and more. There might be alternative metrics, with some favoring the vendor.

For example, Oracle’s metrics require data like database instance name, server status, installed software, processor model, and more. Manual calculations are time-consuming and error prone. A SAM tool simplifies this.


6. Applying license data

Assign update and maintenance licenses to base licenses and apply Product Use Rights. This ensures your license position is accurate and your license demand isn’t exaggerated. Auditors may consider "holes" in the update or maintenance chain as non-compliance. Use a SAM tool to plug these "holes" and save on license costs.


7. Compliance balance

The core layer is applying the Effective License Position (Layer 2) to the Effective Demand (Layer 5)—what you truly have versus what you need. This comparison results in your company’s compliance balance. These data requirements can be fulfilled with a SAM tool, which gathers and processes high-quality data for your audit advantage.


Conclusion

SAM makes your next audit less of a slog. It’s crucial to prepare and respond to an audit using your essential SAM data. Collect all needed license data beforehand with the right people, processes, and tools, such as USU Software Asset Management. Use this data effectively in an audit to reclaim budget and maximize savings. Effective SAM ensures you’re buying the right number of licenses while remaining compliant. Whether on-premises or in the cloud, using top-notch data smartly means you can handle your next audit with ease.


Mastering Audit Defense with a SAM Tool


To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics