Software licensing is complex. Compliance with all of its terms and conditions requires in-depth knowledge. Typically, an organisation will need to assign the responsibility for understanding licensing to specific individuals, and then ensure that they have the necessary training to master the area. Software licenses are rights to use software, with certain terms and conditions attached, and are one of the main issues addressed by Software Asset Management. These right to use software are totally separate from the legal rights to the software itself, which are normally kept by the software manufacturer or another third party. Licenses may be brought or may be free subject to special terms and conditions. Even open source software normally has a license, even though payment may be required.
Licenses are normally required whenever externally sourced software is used which will typically be defined as either being installed on a machine, even if installed elsewhere (e.g a server). They may also be defined in enterprise terms, such as the number of workstations or employees, in which case a license is required for each qualifying unit or individual regardless of actual usage.
Even with commercial software, there are several situations where paid licenses may not be required, depending on specific contractual conditions. Often, these situations are not understood and, as a result, organisations may purchase licenses they do not need. These situations include workstations used for dedicated training purposes, copies used for evaluation purposes. Likewise, there can be runtime versions of some software, which do not require separate paid licenses.]
Backups are problematical legally. Many software contracts only allow for one backup copy for archival purposes, but this is contrary to good IT practice for making backups. However, it is unlikely that a software manufacturer would make an issue of this, or that a court would uphold it if taken that far. The critical issue is that the copies should be purely for backup purposes, with no more copies ever being used than are licensed. The situation for hot backups is different because in these cases the backup software is installed. Reference must be made to specific license terms and conditions in these cases.
Basic types of license
The license can have many different characteristics for description purposes:
Measure of usage
There are many different types of upgrades that have been sold, each typically with detailed conditions as to what is acceptable as a basis for the upgrade. A common problem is that upgrade licenses are purchased, for which there are no qualifying underlying licenses, e.g. competitive upgrades may have been purchased without any competitive product actually being owned, in which case the licenses are invalid for use.
License Management Responsibility
Types of licenses by sales channel
Frequently there are differences in license terms and conditions depending on the sales channel in particular:
Counterfeit software is software that falsely appears to be genuine including its related proof of licensed materials. This is not the same as pirated software, as with hard disk loading, whereby a dealer may load unlicensed copies of legitimate software onto machines it sells. With hard-disk loading, there are typically no materials supplied which purport to come from the software manufacturer.
There is a serious risk of an organisation purchasing the counterfeit software. The risk is greater than any organisation realises because of the sophistication of counterfeiters, and the lack of attention that may be paid by some resellers and end-user organisations to this issue. The risks of using counterfeit software include:
The main factors for increased risk of counterfeit software are:
These risk factors are for awareness only – they are not absolute. There are resellers selling genuine products who are small, at the end of long distribution chains and based in countries with weak intellectual property protection. Nevertheless, the buyer has a particular duty of care to ensure that the product is genuine with the increased risk factor.
It’s not possible to give definitive guidance here about how to identify counterfeits. However, the following guidelines are suggested:
What is proof of license
Proof of license is what a court will accept as proof of a legal entity having a license. However, it should rarely be necessary to resort to court. Each software manufacturer in general states the requirements for their proof of license, so no hard and fast rules can be given here. As a general principle, proof of license requires some form of evidence directly from the software manufacturer. Evidence of payments made to a reseller, or license confirmations produced by a reseller, will not normally constitute acceptable proof of license. The spectrum of types of evidence for having a license includes the following, of which the first three are usually the most important.
Although COAs are important, backup collateral is often required, because under some circumstances a COA may be attached to an illegal/counterfeit copy, e.g. an unlabelled COA for a less expensive product repackaged with a counterfeit more expensive product.
It is important to emphasize that a license confirmation document produced by a reseller is normally not an acceptable proof of license, regardless of how impressive it may seem, sometimes with its own security features. Such documents have been produced by many resellers for a number of reasons, such as the delays in customers getting software manufacturer confirmations. However, they are not proof of license and may create significant legal and financial exposures.
End User License Agreement (EULA) is another term that is often used in licensing, especially for retail products. The EULA should be retained just as contracts are retained. Its main purpose is to document the terms and conditions of a license. It is typically provided in soft copy, or in a printed format without any security features. It generally does not provide proof of license unless it has security features.
The simple rule to follow is to check with the software vendor directly about what they require you to retain. You may well want to renegotiate on this if you feel the administrative tasks would be onerous. Any such special dispensations should be obtained from the vendor writing.
Some types of proof of license are easy to store in traditional filing systems, most notably printed volume licensing confirmations. However, the majority of types of documentation are no more difficult to store.
If you have a large quantity of bulky support collateral for early, such as CDs, it is worth asking the software manufacturer of your latest licenses if they will accept in writing as valid a certificate of destruction from a recognised destruction agent, citing relevant details of the materials destroyed. However, there have been situations where software manufacturers have refused to allow the destruction of CDs even though they were very old.
High risk of loss
There is a high risk of loss of physical licenses, especially in decentralised environments where the importance of physical proof license is not recognised. This is a significant cause of financial loss when organisations cannot prove the licenses that they assume they have purchased and need to repurchase to prove compliance. There is also a heightened risk of loss in centralised environments to a catastrophic event such as a fire. To minimise these risks, a centralized approach is most appropriate, with off-site backup copies of license inventory records kept against the risk of catastrophic events.
Implementation of the physical management system
The physical management system for licenses may be just a filing cabinet in a very small organisation, but for most organisations this will not be sufficient. There would be two separate part of the system, namely a storage system for physical documents and other evidence, and an inventory system to record what is there. Again, in small organisations, the inventory may be kept simple in a spreadsheet, but this will typically be inadequate. What is recommended is a Document Management system that can keep scanned copies of all physical documents. The physical documents can then be filed away securely without any need for formal access, with reliance placed instead on the scanned images.
Some documentation that legally may form part of the proof of license, should already be covered by other document management systems, e.g. invoices and contracts. Depending on the functionality of the relevant systems, there may be no need to do anything further. Alternatively, it may be preferable for practical reasons to include copies of such documentation in the licensing document management system. For example, it is sometimes difficult for organisations to retrieve back copies of invoices when they are needed several years later, after system changes or archiving.
Get a free 7-day trial of our new Pink E-learning Portal
A simple training solution for your entire IT team.
Includes ITIL 4 Foundation and much more.
Click here for a Free Trial