Best Practices for Documenting Software Licensing Compliance Presented By Mike Ludwig and Peggy Fish.

Slides:

Advertisements

Similar presentations

INTERNAL CONTROLS.

Advertisements

Module N° 4 – ICAO SSP framework

Cash Collection and Deposit Training Financial Services.

Database Planning, Design, and Administration

Presentation for the Management Study of the Code Enforcement Process City of Little Rock, Arkansas August 3, 2006.

Logistics Customer Satisfaction Survey Results FY 2007 Logistics FY 2007 Customer Satisfaction.

Receiving a Performance Audit Steven P. McKerney, CPA Director of Internal Audit Washington State Department of Transportation Association of Government.

Contractor Assurance System AC Overview October 13, 2009.

1 Software Design Introduction  The chapter will address the following questions:  How do you factor a program into manageable program modules that can.

Executive Summary [Date] Background Initiate Review licensing report Introductory meeting Request for deployment information Research Discuss.

Chapter 43 An Act Relative to Improving Accountability and Oversight of Education Collaboratives Presentation to Board of Elementary and Secondary Education.

What is Software Design?  Introduction  Software design consists of two components, modular design and packaging.  Modular design is the decomposition.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

Software Asset Management (SAM) ITS Offsite Workshop 2002 November 8, 2002.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

An Introduction to the Hennepin County Hennepin County GIS Technical Advisory Group (eGTAG) 10/20/2009.

Lecture Nine Database Planning, Design, and Administration

High-Level Assessment Month Year

ISO 9000 Certification ISO 9001 and ISO

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

IT Service Delivery And Support Week Five IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA CISA CISSP) 1.

1 IT Governance 2006 Strategy/Business Case Presentation Department of Human Services.

Time Matters ® A Practice Management, Client Relationship Management, and Document Management System Presented by Alana Seibert.

APPRAISAL OF THE HEADTEACHER GOVERNORS’ BRIEFING

POD PLANNING GUIDE. INTRODUCTION This guide is intended to be a simplified step-by- step guide through the process of planning a Point of Dispensing (POD)

Database System Development Lifecycle © Pearson Education Limited 1995, 2005.

Technology Leadership

Presented by- Kelley F. Davis Lamar University Educational Technology.

1 Conservation Transaction Plug-In (CTP) Tool Overview March 23 & 25, 2010 Tim Pilkowski State Conservation Agronomist Annapolis, MD USDA is an equal opportunity.

Section 9 External and internal resources AQA ICT A2 Level © Nelson Thornes Section 9: External and internal resources Management of Internal Resources.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Business Computing 550 Lesson 1. Fundamentals of Information Systems, Fifth Edition An Introduction to Information Systems in Organizations.

Erica Cummings Grant Coordinator 1.  The New Mexico Department of Homeland Security and Emergency Management (DHSEM) is responsible for:  Monitoring.

Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.

Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.

Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.

Event Management & ITIL V3

SBIR Budgeting Leanne Robey Chief, Special Reviews Branch, NIH.

Software Project Management

Session-8 Data Management for Decision Support

Georgia Institute of Technology CS 4320 Fall 2003.

Lubbock Independent School District Technology Plan By Stacey Price.

Draft TIP for E-rate. What is E-rate? The E-rate provides discounts to assist schools and libraries in the United States to obtain affordable telecommunications.

Toward Generic Systems Shifra Haar - Central Bureau of Statistics-Israel.

SMS Planning.  Safety management addresses all of the operational activities of the entire organization.  The four (4) components of an SMS are: 1)

Chapter 5 Technology in the Business Office Copyright © 2011, 2006 Mosby, Inc., an affiliate of Elsevier. All rights reserved.

IT Auditing & Assurance, 2e, Hall & Singleton Chapter 8: IT Auditing & Assurance, 2e, Hall & Singleton CAATTs for Data Extraction and Analysis.

The Peer Review Process Presented by: Alan Ash, City Auditor Gainesville, FL Region Coordinator for N.A.L.G.A. Peer Reviews Florida West Coast Chapter.

STATE AND LOCAL IMPLEMENTATION GRANT PROGRAM 1 December 6, 2012.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.

Database Administration

Cc Developed through a partnership of the Maryland State Department of Education Division of Special Education and Early Intervention Services and the.

1 The Role of the Accountable Officer Top Tips for Accountability.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

Shared Services and Third Party Assurance: Panel May 19, 2016.

Planning Planning is considered the most important element of the administrative process. The higher the level of administration, the more the involvement.

AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.

Describe the use of technology in the financial-information management function.

EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.

1 Determining a client’s peripheral requirements  Determine current business practices  Determine peripheral requirements  Analyse and document existing.

Computers in the Ambulatory Care Setting

Mirjana Boshnjak Skopje, 20 to 22 September 2017

Business System Development

Internal and Governmental Financial Auditing and Operational Auditing

Developing Information Systems

Cash Collection and Deposit Training

Managing Perkins Funds

Why Implement a Software Asset Management Plan?

Presentation transcript:

Best Practices for Documenting Software Licensing Compliance Presented By Mike Ludwig and Peggy Fish

Software Licensing Compliance Assigning and Defining Responsibility Collecting and Maintaining Documentation Surveying Departmental PC’s Reconciling Survey Results to Authorized Use Records GASP Software

Assigning and Defining Responsibility

Assigning Responsibility The Department or Unit Head is responsible for assuring the proper use and documentation of all software within their respective area. He or she may choose to accomplish this by appointing a Compliance Coordinator.

Defining the Responsibility: Communicate Communicate to all staff: The importance of authorized use of software. The procedures for collecting current documentation and reporting their future software acquisitions.

Defining the Responsibility: Document Collect and maintain documentation supporting the authorized use of software to the appropriate person(s) or network.

Defining the Responsibility: Survey Survey all PC’s at least annually and reconcile the results to the documentation supporting authorized use of software.

Collecting and Maintaining Documentation

Collect and Maintain Documentation Collecting and maintaining data supporting the authorized use of software is the most difficult, yet most important aspect of software compliance.

Establish Procedures Each department or unit needs to establish procedures for gathering and maintaining software documentation. Procedures may vary for downloaded software.

Tracking Software The Department/Unit Head and the Compliance Coordinator should decide whether software will be tracked by individual PC or in total across the department. We are recommending that you track the data elements listed on the document entitled, “Software Compliance Information Tracking.”

Tracking Software on a LAN In areas where most of the department PC’s are connected through a LAN, we suggest that the tracking of software be done on a departmental basis.

Tracking Software on a LAN Tracking software across the entire department makes the maintenance of the documentation easier because one need not be concerned with the software location.

Tracking Software In areas where most of the department PC’s are not connected through a LAN, it will be necessary to track the software by individual PC’s.

Tracking Software Tracking software by individual PC requires more data to be collected such as the location and inventory number of each PC. However, it does make the reconciliation process easier, especially if the majority of the PC’s within the department are not connected to the LAN.

Purchase of Software Any transaction involving the purchase of software (including software bundled on hardware) should be reported to the Compliance Coordinator. Internal processes will need to be established to facilitate this information exchange.

Software Acquired from Other Sources Internal processes would need to be established regarding the communication of software acquired through the Internet, personal funds, site licenses, etc. If individuals are maintaining a file, it is not necessary to collect the same data in a central location within the department.

Surveying Departmental PC’s

A survey of all PC’s within the department should be completed at least annually. The Department/Unit Head and the Compliance Coordinator should decide on the timing of the survey.

Reconciling Survey Results to Authorized Use Records The process for reconciling will depend on whether the department chooses to track software by individual PC or across the department. Documentation of the reconciliation should be maintained for six years.

Departmental Compliance Reconcile the total number of each software package identified to the total number of authorized uses in the database.

Individual PC Compliance Reconcile the software identified on each individual PC to the software records for each PC.

GASP Software The University has entered into a license agreement for the use of a product called GASP. This product is both a surveying and a tracking tool.

Using GASP as a Tool The GASP software has the capability to survey workstations over a LAN or independently. GASP recognizes over 9,000 software applications.

Using GASP to Collect and Maintain Documentation The GASP software includes a database function for collecting and maintaining data about software usage. By utilizing user-defined fields, all of the data elements identified in the document entitled “Software Compliance Information Tracking” can be recorded.

Using GASP to Survey The GASP software includes a tool for surveying PC’s. It is especially effective for surveying PC’s through a LAN so that individual workstations are not disturbed. This tool surveys and identifies software but cannot access file content.

Using GASP to Reconcile GASP can do the reconciliation if you are using it to keep the records and perform the survey. However, GASP does not identify 100% of software through the surveying process. Since most of what GASP does not identify would present little risk to the department, it is at the department’s discretion how much effort to expend to try and reconcile the “unknown software.”

Use of GASP While it is the responsibility of each school, department or division to ensure that all PC software is adequately documented for legal use, the use of GASP to achieve this objective is optional.

Questions!