Staying Out of Jail: IBM Licence Auditing Process – Part 1
Our customers recently informed us of a visit from IBM’s software auditors. After guiding them through this process, I was inspired to summarise how these things work and how to prepare yourselves in the case of an IBM Licence audit.
Why Do You Need to Worry?
UK company directors beware!
The Copyright, etc and Trademarks (Offences and Enforcement) Act 2002 extended the maximum penalty for software piracy and the use of unlicensed products from 2 to 10 years in prison and an unlimited fine. It also enhanced police powers to search businesses and seize computer equipment.
Why Would IBM Audit & When?
Software vendors are usually justified in doing audits since they protect intellectual property and collect money to which they are entitled. Apparently, 90% of software vendors admit that their compliance program is a source of revenue and in many cases audit specialists are paid sales commissions
Prevention & Preparation
Many of the causes listed above are unavoidable but there are several steps you can take to reduce the chance of an IBM licence audit or to be prepared for it.
IBM’s main target is companies who are deliberately or carelessly under-licenced. Going through an audit will be easier if you can show some form of diligence. Ideally, you would prepare a licence position statement prior to an audit. This should match the purchased software assets with your software deployment and hardware usage.
This usually involves implementing a Software Asset Management (SAM) tool and producing a report. Start by looking at the free IBM Licence Metric Tool (ILMT).This is especially useful and is sometimes required if you are relying on IBM Sub-Capacity Licensing which lets you licence for less than the total machine processing capacity. The ILMT reports for the last eight quarters should be made available.
Your inventory containing an entitlement history (initial licences/maintenance/reinstatement, etc.) should be up-to-date with Proof of Entitlements for the last 10 years, including any amendments.
You should also have an overview of IBM software installations and know who within the company is responsible for each application. Licence Key Files should be reviewed for correctness. Test, Evaluation and Beta installations should be in conformance and the Domino Directory should be clean. If you are undergoing a merger, acquisition or divestiture activity then be especially careful with the due diligence.
If you start to review your licensing and usage with a consultant or business partner then document those discussions to prove to IBM that you are investigating thoroughly.
Read my next blog post that highlights the steps undertaken by IBM during their auditing process.