Best Practice Guide for Third Party Software Licence Management

V2.01.00

October 2007

PREFACE
Purpose and use of guidelines The Queensland Government is expected to be an example of good practice in adhering to the requirements of the law, including copyright and contract. As with other valuable assets, computer software needs to be managed to mitigate risks and control costs, including: legal and financial exposure:

CEOs and individuals may be personally sued for breach of copyright; o costs of external audit borne by the Queensland Government if an independent review reveals unlicenced use of products; and o purchase unlicenced products at a higher rate; damaged reputation; unexpected financial and resource impact; and interrupted and unsupported operations. o

The purpose of this Guide is to provide practical assistance to Queensland Government agencies in implementing and maintaining a framework for the management of software licensing. This Guide has been developed to support Queensland Government Information Standard 45 Software Licence Management (IS45). The Queensland Government Chief Information Office has developed a software licence management best practice framework. This framework includes a Capability Baseline Study, work plans to guide agency activities, certification of software licence management policies and a variety of templates and tools to support agencies in implementing frameworks and processes across their organisation. An effective framework will provide assurance to agencies and the Queensland Government that: the risks associated with the use of illegal software are being effectively managed; compliance with software licence conditions is being adequately monitored; there are the appropriate number of licences for each item of software in use; the agency is not paying for licences they do not need; and effective controls are in place for the physical security of software media.

How to use this document Agencies should consider the information provided in this Guide as reference material and interpret it in the context of their own agencys software licence management requirements. For specific information on in-house developed software refer to the Queensland Government Intellectual Property Principles. Accreditation and training of employees To increase the level of capability across Government, certified software asset management training was sponsored by the Queensland Government Chief Information Office. Further training is currently planned and employees working in ICT procurement/policy or service delivery are encouraged to attend. Further details may be obtained by emailing: ICTfunding@publicworks.qld.gov.au

TABLE OF CONTENTS

1. Background .............................................................................................................4 2. Implementation of a Software Licence Management Framework.............................6 3. Developing Policies and Procedures........................................................................9 4. Auditing and Metering of Deployed Software.........................................................11 5. Development of a Software Asset Register............................................................11 6. Determine Licence Types.......................................................................................12 7. Catalogue Media....................................................................................................13 8. Gap Analysis..........................................................................................................13 9. Determine Software Requirements........................................................................13 10. Purchase, Pool or Uninstall Licences...................................................................13 11. Review Licensing Agreements.............................................................................14 12. Ongoing Review...................................................................................................14 A self-assessment maturity tool has been provided in Software Licence Management Implementation Toolbox. to assist agencies to implement SLM continuous improvement into their planning processes.............................................................................................15 13. Glossary...............................................................................................................16

1.
1.1.

Background
Introduction

Software is an intangible asset protected by copyright and contract law. A legal right to use software is granted in accordance with the terms and conditions of the licence(s) purchased. Irrespective of the price paid for software, or whether the purchase was made with operational or capital funding, software must be recorded and managed to ensure compliance with the legal and contractual licence terms and conditions. If a software product is deployed to a device, then a licence is required for that software, irrespective of whether the software is used or not; if it is deployed, it requires a licence.

1.2.

The Software Licence Management Framework

The implementation of an effective software licence framework will provide agencies with a structured approach to controlling and managing risks while maintaining this business critical asset. It is important to realise that this is a continuing process and not a one off event. For a framework to be effective, it requires an equal contribution of people, software and processes. If the framework is lacking in one of these elements, then it will fail to realise any real benefit to the agency.

People

Processes

Software

Figure 1: Key Components and Interdependencies

People - are the resources required to complete the necessary tasks to implement a framework and to update and maintain it on an ongoing basis. It also requires the commitment of employees within an agency to follow the procedures that have been developed as part of the agency framework. Software - is an integral part of the framework. It provides a mechanism to deploy software automatically and acts as a repository for licensing information, audits and protects the agencys environment and provides functionality to users.

Processes define the instructions employees are to follow within the framework. If there are no formal processes in place, or if the people or software dont support the procedures, then the framework will soon fail.

2.
2.1.

Implementation of a Software Licence Management Framework

Preparation and Planning

There are a number of key issues which will guide the initial planning and implementation of a framework. The key issues that should be addressed before developing an implementation plan include, but are not limited to:

2.2.

an assessment of the risks involved in implementing or not implementing a framework; the development of a business plan to gain support for the framework; what functions will be centralised; resourcing and funding of the framework; and how the framework will be funded and managed in the long term. Assessing Risks and Developing a Business Plan

Senior management support is crucial to the effective implementation of an efficient framework, as it will require an investment of resources, time and money. The agency should first gain the commitment and support of senior management. A suggested activity to do this would be to develop a business case to identify and quantify the risks of not implementing and the benefits of implementing a framework for the management of software licensing. An example of a business case for software licence management is included in the Software Licence Management Implementation Toolbox..

Risks of Not Managing Software

The risks involved in not implementing a framework should be highlighted in the business case. The risks will vary across agencies and be largely dependant on the size and complexity of the agency software environment. The following issues are examples of the types of risks the agency may be vulnerable to: Over Licensing An agency may become over licenced, for example full packaged product (FPP) is purchased by a employee and deployed onto their desktop, the licence is then stored in their filing cabinet and forgotten. When the agency conducts an audit and identifies that they are under-licenced for the product deployed, the ICT department purchases another licence for the application due to the perceived shortfall in licences. This results in additional unnecessary expenditure.

Under Licensing
If an agency does not have a framework and adequate procedures in place, they are at greater risk of being under licenced, as products may have been deployed without following the correct protocol. Agencies and their CEOs are at legal and financial risk of incurring costly legal fines, penalties and damage to the Queensland Governments reputation if found to be underlicensed during an external audit.

Increased Expenditure
Software licencing expenditure may increase unnecessarily because accurate software licensing information is not available to support agencies to make the appropriate commercial decision. For example, if the option is available, upgrading software licences may be cheaper than purchasing new licences. An agency that does not keep track of their licence records will typically purchase new licences rather than upgrading as they will be unaware that they are entitled to do so. Issues to be aware of include: purchasing under a volume licensing agreement rather than one off licences (FPP) on an as needs basis which may be more expensive; deployment method of the product designates which licence type need to be purchased. Several different licences may be available for one product and an incorrect licence may easily be purchased where employees responsible for purchasing software have limited or no licensing knowledge; and

recording all maintenance expiry dates for software. After the expiry date, new licences will need to be purchased, which can be significantly more expensive than upgrade licences that could have been purchased under the maintenance arrangement.

Security Breaches and Viruses An inadequate framework may place the agencys ICT environment at risk to security breaches such as viruses, or updates and/or patches are not being automatically or proactively installed. No technical support or product upgrades Keeping software maintenance up-to-date will reduce the risk that vendor technical support and/or product upgrades not being available when required and ensuring the ICT area know what versions of products are installed so they can support the product deployed. Unlicensed deployments of non-standard software on networks will not be supported by ICT staff or vendors. Software compatibility issues Employees should not be able to load software that is not authorised or has not been tested, as software compatibility issues may occur. This may expose the agency to significant unexpected financial risk and operational impact, especially if compatibility issues arise with a mission critical application, then the repercussions can be immense. Therefore it is recommended that agencies establish Approved Software Lists to guide software procurement. Lost Time Time can easily be wasted looking for licences or software media, supporting software which is untested or conducting audits with inaccurate data because of poor support procedures for the agencys Definitive Software Library (DSL). A risk calculator has been developed to assist in quantifying the financial cost of not managing software licences appropriately. (Software Licence Management Implementation Toolbox.)

Benefits of implementing a Software Licence Management Framework

There are significant benefits to all agencies in implementing a framework, in particular those agencies that have a complex software environment. When developing an implementation plan and/or a business case to gain senior support for the framework, the risks and benefits should also be highlighted. Example benefits of implementing a framework include: Savings may be achieved when: the correct licence is purchased; licences are only purchased when needed; licences are purchased under volume licencing agreements; maintenance is purchased within time; licences may be upgraded, rather than purchasing new licences; and unutilised licences can be tracked, pooled and transferred to other assets as required. Employees will work more efficiently as time will not be wasted: looking for media; supporting untested software; and searching for licences. Assist in the compilation of an accurate budget, as: all maintenance renewal dates will have been captured; upgrades can be accurately calculated; user base licence growth can be accurately calculated; and details of licence ownership numbers is accurate. Improves the agencys ability to manage their software to determine what: software is deployed; software is in use; and hardware not in use.

2.3.

Developing an Implementation Plan

Agencies are required under IS45 to develop an Implementation Plan which outlines the agency strategy for how it will implement a framework and procedures within the agency. To assist agencies in the planning and implementation of a framework it is suggested that the following processes are followed:
Step 2 Develop / Review policies & procedures Training & awareness programs

Step 1 Implementation Plan Assign Roles & responsibilities

Step 3 Conduct an audit of software

Step 4 Develop, populate and maintain, Software Register/Software License System

Step 5 Determine and record license types & numbers

Step 6 Determine and record media types

Step 7 Conduct gap analysis on licenses

Step 8 Audit of software requirements

Step 9 Purchase, pool or uninstall software

Step 10 Review License Agreements

Ongoing review and compliance audit of software, licenses, media and processes

2.4.

Assigning Roles and Responsibilities

Agencies are required under IS45, to identify roles and assign appropriate resources; and for the development and ongoing maintenance of software licensing within the agency. As highlighted previously, commitment from senior management in both ICT and the business areas of the agency are key to the success of software licence management. However, for a framework to work effectively, employees from all areas of the agency should have various roles and responsibilities in its implementation and ongoing management. The types of roles and levels of contribution will be dependant on the complexity of the agency software environment, these roles outlined below can be used as a guide to key roles and responsibilities.

Legal responsible for reviewing and managing legal aspects of contracts and licence
agreements.

Software and ICT Asset Managers - responsible for establishing and maintaining the software
licence database.

Helpdesk/Support Managers - plays a role in ensuring that all unapproved or unauthorised

instances of software are reported.

Security Managers - ensure that all software security exposures are controlled. Auditors review and audit of the framework and processes. Procurement Managers work with ICT Managers to ensure software procurement decisions
are managed.

Central Software Administrator - records licensing details within the Software Asset Register
(SAR).

Sponsor/Champion - has a good understanding of the whole software licence framework that
can not only promote the use of the framework but can review policies and procedures.

 Definitive Software Library Manager - manages and tracks all media within the agency. Manager/Process Owner responsible for overall management, review, reporting and
monitoring of the effectiveness of the SLM framework. Further information on Roles and Responsibilities is provided in the Software Licence Management Implementation Toolbox.

3.
3.1.

Developing Policies and Procedures

Policies

Under the provisions of IS45 agencies are required to develop an overarching policy for the agencies approach to software licence management. A template policy document is located in the Software Licence Management Implementation Toolbox. 3.2. Procedures

The Lifecycle diagram below outlines all of the key procedures that should be established to support and maintain a successful framework.
Software Request

Select/Test/ Evaluate

Software De-installation

Software Purchase

Software Support

Software Receipt

Software Installation Software Register

Compliance

Security

To begin the process of compiling procedures, the agency should document how a framework should ideally work within the agency and then document how it actually works recording and detailing gaps and current procedures. Procedures that should be developed include:

Software Request Procedure - This procedure should outline the process to be followed
when employees request software to be deployed on a device. Select / Test / Evaluate Procedure - This procedure should detail the process for software to be selected/tested/evaluated by the agency.

Software Purchase Procedure - This procedure should detail the process to be followed for
software to be purchased within an agency.

Software Receipt Procedure - This procedure should detail the process to be followed when
software is received by an agency and receipted against their accounting systems.

Software Register/Inventory Procedure - This procedure should detail the information

required and the process to be followed when recording software licences in the SAR.

Software Installation Procedure - This procedure should detail the process to be followed
when installing software.

Software De-Installation Procedure - This procedure should detail the circumstances and the
process to be followed when software is to be uninstalled from a device.

Suggested procedure templates Implementation Toolbox. 3.3. Security

are

provided

in

the

Software

Licence

Management

The agency will already have a number of security procedures in place under the requirements of Information Standard 18 for Security (IS18). A number of these will have direct links to software licence management. Suggested templates for security procedures are provided in the Security Implementation Toolbox.

3.4.

Compliance and Audit It is imperative that requirements for an audit and gap analysis form part of the compliance procedures to ensure the effectiveness of the framework. These procedures should detail the process to be followed to ensure the agency is complaint and that the policies and procedures listed above have been implemented and are working. Sections of the ICT environment may be audited at different times to determine that software policies and procedures are being adhered to. If the policies and procedures are operating effectively, then very few anomalies should be detected under each audit. Employees with the appropriate training and knowledge should be allocated to this task. Employees conducting the audit need to understand the agencys auditing package(s), especially defining queries, in order for an accurate report to be compiled. The employee conducting the gap analysis will require a high level of licensing knowledge to ensure the correct licences are applied against those audited, resulting in an accurate report. Where there is non-compliances are identified during an audit, it will be necessary to review the agencys software policies and procedures to ensure that these do not occur again. Further information and resources for auditing and compliance are provided in the Software Licence Management Implementation Toolbox. 3.5. Technologies

The technologies and tools selected to implement and manage a framework should integrate easily with the existing agency platforms and architecture. The type and complexity of technologies and tools used will vary with the complexity of the agencys software environment. When selecting technologies to support software management agencies should consider the following:

Discovery Tools for finding and collecting details of hardware and software installed in the
agency environment.

Inventory Tools - for management of installed hardware and software licences and inventories
of software licences.

Metering and Demand Tools - for the measurement of software licence usage. Deployment and Security Tools - to ensure all software deployment is authorised and
coordinated and that updates and patches are monitored.

Licence and Contract Management Tools - key to the tracking of licences and maintenance
requirements including the movement of licences within the agency, linking of licence upgrades and unused licences.

Vendor Licence Management - often used by software vendors to directly control the
conditions of use of software through the use of licence keys, hardware dongles, technical certificates, metering and wrapper technologies.

3.6.

Training and Awareness

Communication is a key factor in the successful implementation of a framework. Under the requirements of IS45 agencies are required to implement programs to promote the importance of software licence compliance across the agency. The following are examples of how the framework may be communicated to employees:

framework overview presentation to key stakeholders

Intranet Noticeboard Procedures added to Quality Assurance system Email Re-educate with reminders Positive reinforcement when anomalies are reported A Communications Toolkit, including fact sheets, plans and tools, is provided within the Software Licence Management Implementation Toolbox.

4.

Auditing and Metering of Deployed Software

Auditing and metering processes are integral to an effective software management system. It is through the auditing and metering processes that an organisation is able to ascertain what software is installed on its computer networks and devices, whether the software is appropriately licenced and whether or not the use of the software that is installed is being optimised. Auditing tools are used most effectively at the implementation of a software licensing management system to gain a baseline of what applications an organisation has installed on its computer networks, and then periodically as part of its verification processes to ensure continued compliance. The initial audit should provide an accurate report of the quantities of software products deployed within the agency. This report should include, at a minimum, the following key information: Product name; Product edition; Product version; Number of deployments; and Equipment asset number.

The audit processes should not be a once off event, but should be conducted on an ongoing basis. Once collected the key information should then be collated into a SAR to assist in matching software in use, with agency licence details. Metering tools are intended to measure active usage of a software application, so that usage of available licences can be optimised. Metering software use allows an agency to analyse and determine the levels of use of software applications and future software needs of users.

5.

Development of a Software Asset Register

A central SAR is one the most important components within the agency framework, as it is the definitive repository of the agencys software licensing details. This step takes the information collected from the software audit and expands upon it to include detailed licence information, including: Software Vendor; Product name; Product edition; Product version; Product release date;

 Quantity of licences;
Type of licence; Licence purchase date; Maintenance purchased; Maintenance expiry date; Retired licence (when a licence is used to crossgrade to another licence then it needs to be retired as it can no longer be used. The original licence must be kept for the cross grade to be valid); and Licence deployed or available. The register/inventory should also detail all volume licensing agreement information which includes: Software Vendor Volume Licensing Agreement Agreement / Contract Number Product release date Expiry Date Reseller End User Licence Agreement Licence Confirmations For a SAR to be effective, it must be updated on an ongoing basis. Detailed procedures and work instructions should be developed to support updating and maintaining the data within the register/inventory. Licences such as CALs which have no deployment record also need to be tracked within the SAR. Further information on CAL requirements is available in the Software Licence Management Implementation Toolbox. A SAR will also assist managing and recording machinery-of-Government changes. Fields within the SAR will also need to show which agency a licence was received from, or transferred to. Additional fields may be required within the SAR to differentiate between Shared Services Initiative licences collectively and on behalf of agencies within a cluster. The software licence register can also be used to record the deployment of in-house developed software applications. Reference sheets on machinery of Government changes and associated licence transfer processes have been included in the Software Licence Management Implementation Toolbox.

6.

Determine Licence Types

Types of licences

The SAR also needs to be populated with the agencys licensing details. include:

Full licence; Upgrade licence; Cross grade licence; Concurrent licence; Named User licences; Perpetual licences; Subscription licences; and Site licence.

Licence information may be ascertained from the EULA for each product. It is important to read the terms and conditions of the EULA to understand what constitutes the licence for each particular product. For example, some products may just require the EULA whilst others may require the media as well. If an agency is unable to produce the necessary items that constitute a proof of licence, then alternative methods may be used, and include: Software vendor consumption reports;

 Internal purchase records; Software vendor licensing web sites; and Reseller purchase records.
Agencies should liaise with the software vendor they purchased the software through to ensure this data can be utilised as proof of a licence and add this information to the SAR. It is important that both the agency and vendor parties agree on the number of licences owned. When collating your licensing information, an agency will need to understand the licencing rules of the licences owned. This information may be obtained from: EULAs; Volume Licensing Agreements; Product Use Rights Document; Licensing Briefs; Product Home Pages; and Software Vendors and their authorised Resellers.

7.

Catalogue Media

Cataloguing media is often not feasible due to the large amounts of CDs / DVDs purchased/received. However, if an agency is able to allocate the time and resources to catalogue media and more importantly, keep it up to date on an ongoing basis, this will be extremely useful in managing software licences. It is vital that media is centrally stored by the ICT department in a lockable cabinet with limited employee access, as media can be a single point of failure for controlling software deployment.

8.

Gap Analysis

A gap analysis is performed after an audit has been undertaken comparing licences owned to software deployed. The aim of a gap analysis is to identify licensing deficiencies and or excess licences. The deployment of software minus the total number of licences, will give an agency the Licence Excess / Deficiency.

9.

Determine Software Requirements

An auditing package with software metering capabilities will assist an agency in locating software deployed but is not currently being used. The metering software will audit the agencys environment and ascertain how often an application is being used. Maximum benefit can be achieved by agencies metering those applications that are identified as Tier Two, ie. those deployed to a large number of desktops on an as required basis. Software identified as not being used should be removed and then these licences should then be pooled within the SAR so that they may be reassigned as required. This activity provides a benefit to agencies through ensuring that software deployed is meeting business needs. Tracking software procurement and pooling then provides agencies with information to guide future software procurements and assists with decisions on consolidation and retirement. If questionnaires have been used in the initial audit of software, these could also be used to determine the future software needs of users. Agencies should also ensure that the agency ICT strategies and plans are considered when determining the agencys future software requirements.

10. Purchase, Pool or Uninstall Licences

As a result of conducting the gap analysis and determining what software is needed the agency should now compile a report which includes: The number of licences to be purchased; The number of excess licences to be pooled or re-distributed within the agency; and

Software to be uninstalled.

This report will enable the agency to promptly carry out the necessary actions to be compliant and will provide greater accuracy in the procurement of licensing. A best practice software procurement supplement has been provided in the Software Licence Management Implementation Toolbox to ensure that agency procurement takes into account the specific issues that relate to software licences.

11. Review Licensing Agreements

Having determined the number of licences the agency requires the next step is to determine the types of licensing agreements required. The same licence may be purchased under multiple programs. Therefore it is important to review any volume licensing agreements to ensure purchases provide the best return on investment. For example, in some situations a site licence may provide the best return on investment, as it ensures compliancy for the designated site while providing economies of scale with minimal administrative intervention. To ascertain the best volume licensing agreement/s an agency should consider the following:

the terms and conditions of each volume licensing program, to determine if the agency
qualifies;

the agencys purchasing history and environment i.e. how many licences of each product did
the agency purchase last financial year? Is it possible to consolidate purchases;

a cost analysis of the different programs to see which offers the best value; and assistance provided by the vendor to address software licence management issues.
The licence cost should not be the sole consideration. For example, the vendor may offer value add services such as training, licence support or maintenance services. It is also important to note that a volume licence agreement may have licensing instructions that take precedence over the EULA. For example, under the OPEN Government Microsoft licensing program, agencies are able to purchase on a transactional basis at Select level D pricing. The full range of products and versions are available and software assurance is optional. It is important that an agencys volume licensing agreement information is recorded by their Software Administrator. As most agreements differ, the information to be recorded will differ. The following is an example of data to be recorded: Purchase date Expiry date of agreement Technical support Maintenance Products covered Purchased from

12.

Ongoing Review

It is important to realise that software licence management is a continuing process and not a one off event. To ensure that the agency continues to manage its software licences in an accountable and efficient manner, the agency should develop review processes which will not only audit compliance, but continually review its framework and environment. The processes that should be reviewed on an ongoing basis include:

Policies and procedures

Ongoing training and awareness programs Regular audit of software deployments including a gap analysis on types and numbers of licences required Maintenance of SAR system

 Audit of software requirements including current numbers of licences in use and projected
future needs based on the agency ICT plans and strategies

Regular review of licence agreement including types and status

A self-assessment maturity tool has been provided in Software Licence Management Implementation Toolbox. to assist agencies to implement SLM continuous improvement into their planning processes.

13.

Glossary Software Licence Management Acronyms/Definitions

AS ASL

Application Software Approved Software List Baseline Boxed Product Campus Agreement

COA CAL CLR

Certificate of Authenticity Client Access Licence Central Licence Register Concurrent Licensing Configuration management database

CMDB

Software that runs within the operating system environment and performs a specific function. Agency listing of software which is approved for use on its computer fleet. Generally linked to the Standard Operating Environment and approved via a change control process. A snapshot of an original state to be later compared against the current position. Term used to describe software purchased in a shrink wrapped box, generally through a retail outlet. A Microsoft licensing program for higher-education institutions. For more information go to: http://www.microsoft.com/Education/CA3Overview.mspx Proof that an item is genuine. COAs typically have fields such as name and date. A licence that gives the holder the right to access the services of a server. For more information go to: http://www.microsoft.com/resources/sam/lic_cal.mspx A Software Asset Register available to all Budget Funded Agencies to manage their software licences. The register is automatically updated for all Microsoft purchases and is being extended to enable agencies to manage their non-Microsoft licences. A licence that allows a specific number of users to use a piece of software at a given time. ITIL defines a CMDB as a database which holds a record of all configuration items associated with IT infrastructure. A CMDB tracks the current configuration of an information system. The CMDB endeavours to provide an organisation with an understanding of the relationships between the different components of the information system. A copyright is a set of exclusive rights granted by government for a limited time to protect the particular form, way or manner in which an idea or information is expressed. Copyright may subsist in a wide range of creative or artistic forms or "works", software. Copyright is a type of intellectual property. An ability to migrate from one manufacturers software title to a different software title of the same manufacturer. The physical library/repository in which master copies of software is stored. A downgrade is the right with licence purchase to use an earlier version of software. Downgrade rights are available under Microsoft Volume Licensing programs. Digital certificates that establish an entitys credentials.

Copyright

Crossgrade DSL Definitive Software Library Downgrade E Certificates

EULA EA FVA

GOLP

MOG

MOE

The certificate contains information such as; name, expiration date, and public keys. End-User An agreement between the software owner and the Licence software user as to the terms and conditions of the Agreement softwares use. Enterprise A licensing agreement for large organisations that helps Agreement to standardise the IT assets, achieve volume discounts and simplify licence management. Fleet Variation An estimate of the likely variations of computing Estimate hardware within an agency upon which future needs for software and associated budgets can be calculated. Forecast An estimation of the number of software licences that an organisation will need to procure within a set period of time in order to satisfy the user demand. Freeware Licenced software that is free of charge. Government A Microsoft transactional licensing program for Open Licence government under the Q1500 Agreement. Program Keycode A code required to be entered to use software. Licence A contract between the software publisher and the user Agreement that instructs and limits how the software is to be used. Machinery of The terms machinery of government changes (MOG Government changes) and administrative re-arrangements are interchangeable and are used to describe a variety of organisational or functional changes affecting the government. Maintenance Terms and conditions offered as an option, or built into, (Software many software agreements. Allows the customer to Assurance) access upgrades, fixes and new versions for a defined period of time. Managed The collective set of both human and technology based Operating policies and processes, which together describe the Environment management framework with which the organisation procures, provisions, maintains and disposes of assets that make up the desktop environment. A Managed Operating Environment seeks to optimise business benefit and value for money through a wholeof-life approach to managing desktop-related ICT infrastructure. Software whose computer code is available to be inspected. OSS generally has licensing restrictions. An example of OSS is Redhat Linux. The master set of software that controls the overall operation of the computer and facilitates the running of application software. A producer that provides a product to its customers, who proceed to modify or bundle it before distributing it to their customers. An agreement whereby the client has the ability to use the most recent version of the software once the term of a contract expires. A licensing arrangement whereby there is a licence for each processor in the server (for an unlimited number of

OSS OS OEM

Open Source Software Operating System Original Equipment Manufacturer Perpetual Licensing Per-processor Licensing

Per-Seat/PerUser/PerDevice Licensing Per-Server Licensing Piracy

users) A licensing arrangement whereby a licence is tied to a specific user or device A licensing arrangement whereby a specific number of CALs are authorised to access a server simultaneously. The contravention of a software licence agreement. Examples of piracy are; copying programs, hard-disk loading, downloading illegal copies of software from the internet and counterfeiting. For more information go to: http://www.bsaa.com.au A list created by an agency which details software owned by the agency that is not in current usage. An uncommon term and condition that permits usage of a software item for a nominated period of time only. Similar in nature to a lease agreement. Volume licence agreement that allows limited or unlimited use of a software product at a nominated site. The definition of a site may vary and could include a specific building, floor in a building, a set of buildings or wider area. All the infrastructure and processes necessary for the effective management control and protection of software licences and associated media within an organisation throughout all stages of their lifecycle. See SLM. A software asset management database to assist agencies to track and manage their software licences. Designed to collate data on software purchases, licences and other information pertinent to ownership of a licence. Microsoft Software Assurance a maintenance program that gives the ability to spread payment for software over multiple years while offering free upgrades to newer versions of the software within that time period. All the infrastructure and processes necessary for the effective management control and protection of software licences and associated media within an organisation throughout all stages of their lifecycle. Within the Queensland Financial Management Act, software is not recognised as an asset. Therefore within the Queensland Government the acronym SLM is used instead of SAM. A standard set of software that is loaded onto a workstation at a point in time.

PSL

Pooled Software List Renewal Site Licence

SAM

Software Asset Management Software Asset Register Software Assurance Software Licence Management

SAR

SA

SLM

SOE

Standard Operating Environment