Software Asset Management - How to maintain a once-established order?

    Good afternoon, Habr!


    As an introduction, I want to say thanks to the Habr administration, thanks to their support, we got our own thematic blog - habrahabr.ru/blogs/sam
    Thank you!

    We all know that the main risk group for responsibility for unlicensed software in organizations is managers (they are somehow responsible, in principle, for everything that happens in the organization) and the IT department (to which it is easiest for managers to push the problem under the slogan “I did not know about unlicensing, I thought everything was legal, here is a specialist - he said everything was fine ”).

    If you build on the very first topic of the series - habrahabr.ru/blogs/sam/97343
    then this will be the fourth step called “development of procedures”, which spoke about the need to develop internal documents that govern the entire software life cycle in the organization.

    What are they needed for?
    IT does not stand still, and if we once made an inventory and completely got rid of risky software, this does not mean that such an order will be maintained constantly. The next day, somewhere there will be a new solitaire downloaded from the network, then a plug-in for Photoshop, then a new version of the office brought from home, etc.

    This also directly interferes with the issue of reducing the responsibility of officials (management, IT department) for possible violations of laws related to software produced by users.

    In order to maintain order in the software, it is necessary to monitor two global things:
    1) The safety of all documentation accompanying licenses, so that existing software does not suddenly turn into pirated one due to the loss of one piece of paper.
    2) Inadmissibility of the appearance of new unlicensed software on computers.

    To do this, the following actions are recommended.

    1) Development and adoption in the organization of documents approving the procedure for the emergence of new software.

    I don’t see the point of giving templates for these documents - they strongly depend on the structure of the company. The main thing is to paint everything as detailed as possible, indicating all the possible steps and those responsible for each stage.

    As a hint for the development of these documents, you can use this simplest scheme:
    1. The user has a need for new software (more precisely, he has a need for functionality), he draws up an application in form.
    2. Application considered
    3. If the application is confirmed, certain software is selected for the necessary tasks.
    4. After selecting a program, if it is paid, we look in the license registry whether there is a free license for this software or not.
    5. If there is a license - install the user and adjust the lists
    6. If there is no license, we proceed to the procedure for obtaining a license
    7. For paid software - we determine the availability of a budget, for free software - we get it for a minimum price.
    8. If there is no budget, we make an application for the budget and wait.
    9. If there is or after budget allocation, we determine the supplier.
    10. We conclude a contract with the supplier, we are waiting for the delivery.
    11. We receive software, we correct the list of licenses
    12. We install the user, adjust the lists of licenses.

    2) Development of a document regulating the use of software.

    We enter into it everything that the employee can do in this regard and that it is impossible, among other things, I highly recommend adding an item on the safety of stickers on the PC cases.

    3) Making amendments to the employment contract.

    On liability for violation of documents governing the use of software and related assets at the enterprise.

    4) Compiling lists of installed software on computers.

    At steps 2-3.5 of the general action plan, we take an inventory of the installed software on computers and get rid of unnecessary / unnecessary.
    After that, we need to make lists of installed software on each computer (for this it is recommended that these sets be standardized, about this in a separate topic).
    An example of such a document (a separate document is compiled for each PC).

    ***************************************************** *************

    List of software.

    Computer - here_write_ his_unique_name Computer
    location - location_pc_pc
    Employee - here_for_key_fixed_this_pc

    The following software list is installed on this computer.

    numberfriendly nametitleversioneditionadditional info
    1operating systemMicrosoft Windows7professionalPC case sticker
    2Office packageOpen office3.2
    3AntivirusKaspersky6
    4Graphics packageAdobe Creative SuiteCS5Design premium
    5ICQ clientQIP8095
    6Layout switchPunto switcher3.1.1

    With his signature, the user confirms the presence at his workplace of this list of programs and the absence of other programs at the time of compiling the list. Adding, removing or changing any programs is carried out only in accordance with the organization’s software use policies. Independent actions are prohibited.

    User Signature ___________________ Signature of Software Accountant _______________________

    ***************************************** **********************
    The ABSOLUTELY ALL stand-alone software is included in the list, which is available on the user's computer in installed or portable forms, regardless of the type of license and distribution method.
    Each piece of paper in duplicate, for signature and stored one copy in a shared folder.

    How will such a document help? It will allow you to transfer responsibility for the actions of the user to himself.

    Classic example:
    Verification comes, finds a non-license, goes to the manual with the results of the verification. The management makes round eyes and says that it does not understand anything at all - there is a responsible person (system administrator) and all questions to him. The check goes to the person responsible for IT and says that they found an unlicensed license. The admin takes out a large stack of pieces of paper and asks - on which computer and what did they find? On this computer, according to the list of this software, there was no employee’s initiative for which he signed up on this sheet, as well as on a bunch of rules for using software in the organization. The check takes the sheet and goes to with questions to the employee.

    I can’t say that this example will completely remove responsibility from everyone except the user - for this I know too little of this practice, but the fact that they will help reduce it is obvious.

    Total

    In total, the implementation of this set of documentation will allow us to maintain once established order in the software and not be afraid of the arrival of verification at any particular time. And all who will violate the order are waiting for internal corrective measures.

    Also popular now: