C72 b329d6f7e4b46a7467de0151210a1.ashx


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

C72 b329d6f7e4b46a7467de0151210a1.ashx

  1. 1. COVER [u.s.]-3 02 7/18/02 3:27 PM Page 1 Government Guide For Software Management
  2. 2. COVER [u.s.]-3 02 7/18/02 3:27 PM Page 2 C I B E R N E T This Guide was prepared by the Family, Industry, and Community Economics group of Nathan Associates Inc., with assistance from BDO Seidman, LLP. Nathan Associates is an international economic consulting firm. BDO Seidman is the U.S. member firm of BDO International, an international accounting and consulting organization.
  3. 3. US version Booklet 02 7/18/02 4:59 PM Page 1 © ontents C 1 INTRODUCTION 2 3.2 Take Inventory 15 1.1 A Step-by-Step Guide 3 3.2.1 Accomplish Three Tasks 15 1.2 Helping Governments Manage 3.2.2 Conduct the Inventory in Accordance Their Software Assets 3 With Four General Standards 16 1.3 How to Use this Manual 4 3.2.3 Rely on the Element of Surprise, Yet Include All Computers 16 2 2.1 2.2 2.2.1 WHY MANAGE SOFTWARE ASSETS Ensure Compliance with the Law Control Costs Control Costs of Acquisition 6 7 7 7 © 3.2.4 3.2.5 3.3 3.3.1 Specialized Inventory and Metering Applications Can Make the Job Easier Other Options Take Action Take Corrective Action When Necessary 17 17 18 18 2.2.2 Avoid Costs of Unnecessary Hardware 8 3.3.2 Always Take Preventive Action 19 2.2.3 Control Software Support Costs 8 2.2.4 Avoid Legal Challenges, Penalties, GLOSSARY 20 and Fines 8 © 2.3 Improve Performance 8 APPENDIX 2.3.1 Ensure Software Quality and Reliability 8 A. Model Government Decree 22 2.3.2 Maximize IT Resource Compatibility 9 B. Sample Software Policy Statement 23 2.3.3 Anticipate and Take Advantage C. Sample Form for List of Supported Software 26 of Change 9 D. Sample Inventory Form 29 2.3.4 3 3.1 Increase Employee Productivity HOW TO MANAGE SOFTWARE ASSETS Create an Environment for Success 9 10 11 © E. Software Inventory and Metering Applications F. DOS® Commands to Inventory Software G. Windows® Commands to Inventory Software H. Macintosh® Commands to Inventory Software 30 31 36 38 3.1.1 Articulate and Communicate a Clear Statement of Software Policy 11 3.1.2 Obtain Employee Acceptance 11 3.1.3 Identify, Distribute, and Regularly Update a List of Supported Software 14 3.1.4 Establish a Secure Repository 14 3.1.5 Develop and Implement Software Procurement Procedures 14
  4. 4. US version Booklet 02 7/18/02 4:59 PM Page 2 Introduction
  5. 5. US version Booklet 02 7/18/02 5:00 PM Page 3 © I n today’s digital era, installed software base of govern- 1.2 software is indispensable. It drives mental organizations. For senior HELPING GOVERNMENTS MANAGE our computers and allows us to government officials, it explains THEIR SOFTWARE ASSETS collect, organize, access, analyze, why software asset management Software management is critical and share information on a scale is important. For managers, it pre- to maximizing the benefit of gov- and with efficiency not imagined sents a complete management ernment investment in informa- 20 years ago. plan, including how to create an tion technology (IT) resources. environment in which manage- Today desktop computers prolif- Software, like other valuable ment will succeed, information erate and software is significantly assets, must be managed through- requirements of the plan, a upgraded on a regular basis. out its lifecycle to achieve its process for collecting informa- A single government organization potential benefit. An effective tion, and how to interpret and act might be using hundreds of com- management plan must address on the information collected. puters deployed at dozens of asset acquisition, use, and dispos- locations running numerous types al. In addition, the process must Although asset management is and versions of operating system occur in an environment recep- more than asset tracking, in the and application software. tive to management actions and case of software, which is a committed to success. portable and decentralized asset, The proliferation of desktop com- tracking is a key component of puters and the portability of soft- Governments, as information the management process.This ware have created an additional organizations, are especially manual provides very specific reason to manage software: to dependent on software. Since instructions for tracking software. ensure its legitimacy.Without an governments make and imple- It explains the importance of tak- organization’s knowledge, its ment laws on behalf of those they ing inventory and how to do so. It employees might be using illegal- govern, they have a clear respon- explains how to identify illegal ly copied software. For example, sibility to demonstrate, through copies of software and describes employees might have installed their policies and practices, the the steps necessary to verify that more copies of a software pro- importance of adhering to laws your organization’s use of soft- gram than the organization’s governing the use of software. ware is in compliance with licens- license permits (commonly Legitimate software use by gov- ing agreements. In addition, help- referred to as software “overuse”). ernments will encourage the pri- ful tools for inventorying software Or, the organization might have vate sector to follow suit, thereby are identified. Using inventory unknowingly acquired illegal soft- leading to growth of the domestic tools is encouraged, but if you do ware from a disreputable reseller. software industry which creates not have access to inventory jobs and generates revenue. application software, you will find This manual was written to make here detailed instructions for software asset management sim- 1.1 identifying the software that ple, yet effective, and to help gov- A STEP-BY-STEP GUIDE resides on your computers. ernments avoid the cost of legal This manual provides step-by-step challenges to the legitimacy of guidance for managing the their software assets. It presents 3
  6. 6. US version Booklet 02 7/18/02 5:00 PM Page 4 clear justification for manag- compliance with the law, on the requirements and ing software and encourages controlling costs associated restrictions of the usage pol- organizations not currently with software assets, and icy. Employees responsible managing their software to improving the performance for software procurement do so by showing them of the assets, the organiza- require specialized training how. tion, and its employees. If in licensing requirements already convinced of the and proper procurement 1.3 benefits, skip to Chapter 3, procedures. HOW TO USE THIS MANUAL which explains how to man- The organization and pro- age your software assets. 2. Conduct a software inven- duction of this manual were The process consists of tory. Next, take inventory of intended to facilitate its use. three major steps. the software residing on If you are not yet convinced your computers.The soft- of the benefits of software 1. Establish an environment ware you find and the ways asset management, read for success. Begin by articu- in which it is being used Chapter 2, which identifies lating a software policy must conform to the govern- the benefits and explains statement that addresses the ment’s software policy. how the management acquisition, use, and disposal process will help you of the software used by all 3. Commit to an ongoing achieve them. Key reasons government agencies. process. Finally, an effective include ensuring Employees software management plan should be requires continuing actions. instructed It is important to follow sound procurement procedures, to maintain a com- plete and up-to- date record- keeping system, and to take cor- rective and pre- ventive actions. Perhaps most impor- tant, communicate with employees to encour- age participation in the process and adherence to policy. 4
  7. 7. US version Booklet 02 7/18/02 5:00 PM Page 5 To assist you in getting started, this manual includes information and examples of documents that will be used in or generated by the management process. Exhibit A contains a model government decree on the illegal use of com- puter software. Exhibit B contains a sample software policy state- ment that can be adapted for use by your agency or organization. Exhibit C contains an example of the type of form you could use to record and disseminate informa- tion regarding the software supported by your organization. Exhibit D contains a sample software inventory worksheet to guide your data collection efforts. Exhibit E presents an analysis of a few randomly selected software products that can help you inven- tory software and meter its use. Finally, Exhibits F, G, and H con- tain specific sets of commands for identifying the software that resides on your computers if you are unable to use inventory application software.The commands are listed for three different environments: DOS® on stand-alone computers, Microsoft Windows® on stand-alone or net- worked computers, and Apple® Macintosh® on stand-alone com- puters. 5
  8. 8. US version Booklet 02 7/18/02 5:00 PM Page 6 Why Manage Software Assets
  9. 9. US version Booklet 02 7/18/02 5:00 PM Page 7 © I n today s dynamic In addition to licensing agreements, 2.2 environment of dispersed desktop copyright law protects software CONTROL COSTS computers and other IT assets, publishers from the unauthorized The second major reason for managing your software assets is copying, distribution, and sale of managing your software assets is to necessary to: software. In today s digital era, control all costs associated with the s Ensure your software is legal and copyright law also prohibits users assets. An effective management being used in compliance with from uploading, downloading, or process will: licensing terms; transmitting unauthorized copies of s Control software acquisition s Control costs associated with the software via the Internet or other costs; asset; and electronic media. Violations of these s Avoid unnecessary hardware s Improve asset and organization restrictions are civil and criminal costs; performance. offenses, exposing the infringer to s Control software support costs; significant civil damages, as well as and 2.1 criminal fines and imprisonment. s Avoid the costs of legal chal- ENSURE COMPLIANCE WITH THE LAW lenges and fines or penalties for Computer software is protected under Governmental organizations have a use of illegal software and unau- copyright law and cannot be used, key role to play in supporting the thorized use of legal software. reproduced or distributed without the protection of intellectual property manufacturer s express authorization. by ensuring all software and its use 2.2.1 Copies of computer software are typi- are in compliance with licensing Control Costs of Acquisition cally licensed, not sold, to the user. agreements and copyright law. An effective management process Accordingly, your right to use, repro- Copying, distributing, and using minimizes software acquisition costs duce, and distribute a software program software illegally deprive by identifying and communicating is subject to the terms of the software economies of legitimate and taxable the current and future software needs license agreement, which constitutes a economic activity. Perhaps more of your organization, budgeting for valid legal contract between the important, use of illegal software software acquisition, and purchasing licensee and the software publisher. reduces the reward for innovation only what is necessary while doing The software license gives the software and, by doing so, slows economic so in conformance to clearly defined publisher a claim for damages in the growth and development. A govern- procurement procedures. event you fail to comply with its terms. ment decree in support of ensuring all software and its use are in com- Budgeting is key. You must identify A licensed copy of software can be pliance with licensing agreements planned software expenditures in a installed and used on only one com- and copyright law sets the stage for separate line item of your IT budget puter, unless the license agreement an effective software management and track your actual versus planned expressly permits use of a second plan. Appendix A contains a sample expenditures. By doing so, you can copy, for example, at home or on a government decree. more accurately evaluate your needs, portable computer. However, a license ensure that software acquired is legit- agreement typically allows imate, and plan for future acquisition. you to maintain a back up copy of Large organizations often devote 25 software for archival purposes. percent of their IT budgets to software. 7
  10. 10. US version Booklet 02 7/18/02 5:00 PM Page 8 2.2.2 2.2.3 2.3 Avoid Costs of Unnecessary Hardware Control Software Support Costs IMPROVE PERFORMANCE A software management process By identifying your organization s In addition to more effective control allows an organization to identify and current and future software needs and of costs, which improves the communicate with its employees the specifying when software will cease performance of all organizations, a software it currently supports, as well to be supported, you can control the software asset management plan will: as expected upgrades, substitutions, cost of supporting software and avoid s Ensure software quality and disposals, and data and program the cost of renewing licenses unnec- reliability; retention policies. By collecting and essarily or in overly expansive terms. s Maximize IT resource compatibility; sharing this information, software, Control can be effected by a manage- s Anticipate and take advantage of data, and program files can be man- ment process that regularly reviews change; and aged on a systematic basis with a the organization s software needs, s Increase employee productivity. minimum of disruption. In addition, updates the list of supported software the non-disruptive removal of soft- periodically, and clearly communi- 2.3.1 ware no longer supported frees space cates in advance when various appli- Ensure Software Quality and Reliability on existing hardware, thereby helping cations and versions will no longer be An effective software management organizations avoid the costs of supported and, hence, removed from process will ensure the quality and unnecessarily upgrading or replacing the organization s computers. reliability of the software. Illegally hardware. copied software - which can be 2.2.4 defective or infected with a virus, Avoid Legal Challenges, Penalties, and Fines obsolete, or recently released but not Your agency or organization can adequately tested - can be identified, avoid the costs of legal challenges, avoided, and, when found on the fines, and penalties by implementing organization s computers, removed. the software asset management Licensed software, on the other hand, process described here. The process offers the assurance of product will generate a record of documenta- authenticity and quality, the warranty tion necessary to avoid these costs. of the software publisher, documenta- The record will include: tion, instruction manuals, tutorials, s A written statement of your orga- product support (including upgrade nization s software policy; information and trouble-shooting ser- s Evidence of employee acknowl- vices), and training. edgement and understanding of the policy, the management process, and his or her responsibilities; s A complete and current inventory of your software assets; and s Documentation of all actions taken in support of the management process. 8
  11. 11. US version Booklet 02 7/18/02 5:00 PM Page 9 2.3.2 ing anticipated technology sooner Maximize IT Resource Compatibility rather than later. The process will With the numerous types and help you avoid the acquisition of versions of software available in software on the verge of becoming today s market, issues of compati- obsolete as well as new still unreli- bility often arise. If employees in able software. one part of your organization require documents created by a 2.3.4 specific application, but employees Increase Employee Productivity in other parts of the organization Computer software has dramatically use only an incompatible applica- transformed today s business and tion, you must weigh the decision of organizational environments. whether to authorize the use of, Because of software, today s workers support, and training in both are more efficient and businesses computer programs. By managing are more productive. Software has the lifecycle of your software assets, reinvented old notions of bringing you generate the information products and services to customers necessary to address compatibility and established real-time communi- issues and weigh tradeoffs on the cation as a cornerstone of organiza- basis of all costs and benefits. tion effectiveness. 2.3.3 Software asset management ensures Anticipate and Take Advantage of Change that workers have the tools they An effective software management need to accomplish their tasks process will make it easier to efficiently, and the education and anticipate and take advantage of training they need to use the tools change - both technological and effectively. organizational - while minimizing its potentially adverse consequences. In the course of the management process, you will be identifying and communicating the current and future software needs of your organization. Reactions within the organization will lead to a clearer understanding of future needs and additional insight into the advan- tages and disadvantages of deploy- 9
  12. 12. US version Booklet 02 7/18/02 5:00 PM Page 10 How to Manage Software Assets
  13. 13. US version Booklet 02 7/18/02 5:00 PM Page 11 © A n effective software Taking inventory of your software is sections for articulating your organi- management process consists of a critical component of the manage- zation s commitment to three goals: three major tasks. First, you need to ment process. You must identify all s Enforcing all applicable copy- create the right organizational envi- software residing on your organiza- rights; ronment, one in which all employ- tion s computers, and collect and s Managing software assets to ees are committed to the success of store in a secure repository the obtain maximum benefit; and the process. Next, you need to take licenses and documentation for the s Acquiring properly licensed soft- inventory of your assets. You need software your organization supports. ware through an approved pro- to know what you have before you curement process that minimizes can manage it. And finally, you must Finally, be prepared to take action. the risk of acquiring illegal soft- be prepared to take action - correc- Corrective action might be neces- ware. tive and preventive - and you must sary to align inventory with policies keep policy, procedures, and infor- and procedures, as well as licensing Appendix B contains a sample poli- mation current. agreements. Stay current by regular- cy statement for your organization ly updating the list of software sup- to consider. The policy statement The right organizational environ- ported by your organization and you develop should be included in ment is one in which employees are updating, as necessary, the terms of your organization s employee hand- receptive to the goals, decisions, and your licensing agreements. And take book. It should also be posted on actions of the management process. preventive action to minimize the your organization s employee bul- This environment can be created if need for future corrective action. letin board and made available on you: your Intranet. s Articulate and communicate a 3.1 clear statement of software policy; CREATE AN ENVIRONMENT FOR SUCCESS 3.1.2 s Obtain employee understanding You must build out the organization- Obtain Employee Acceptance and acknowledgement of the al environment in five dimensions. To succeed, employees must under- policy; Remember, no management process stand and accept the management s Identify, distribute, and regularly will succeed if its goals are not process. You can enlist their support update a list of supported soft- clearly defined and achievable, if by doing three things: ware and authorized use; responsibilities are unclear, or if s Clearly describe, communicate, s Establish a repository for master there are no consequences to actions and require acknowledgment of the disks of purchased software, all taken or not taken in the process. organization s policy, management software licenses, software docu- process, procurement procedures, mentation, purchase invoices if 3.1.1 and employee responsibilities. available, and information gener- Articulate and Communicate a s Educate and train employees to ated by the management process; Clear Software Policy understand what is expected of and An effective management plan them, how they can contribute s Develop, implement, and regularly begins with a clear statement of pol- to the success of the management monitor adherence to software icy. It should include separate process by knowing how to procurement procedures. identify illegal software and by 11
  14. 14. US version Booklet 02 7/18/02 5:00 PM Page 12 understanding and complying s How to know if software or its s Acquiring academic or other with the terms of software licens- use is illegal; and restricted or non-retail software, es, and how to use the software s How to take advantage of the the license for which does not provided and supported by the software assets supported by the permit sale to, or use by, the organization. organization. organization; or s Pay special attention to transi- s Swapping disks in or outside the tional events such as an employ- In addition to explaining the policy workplace. ee s hiring or departure. to new employees during their ori- entation, helping employees under- 2. Client-server overuse is a com- Specify, Communicate, and stand the policy and their responsi- mon form of end user piracy. A Require Acknowledgment bilities can be accomplished by reg- client-server configuration links Initially, generate support by clearly ularly reviewing with all employees multiple computers and permits specifying and communicating a the results of the management users to access software stored on a software policy, a chain of com- process and procurement proce- local area network. Client-server mand, and responsibilities of each dures. An ideal time for review is overuse often occurs because the employee. Include the information after completion of a software audit organization or its employees fail to in the employee handbook. or inventory. understand license restrictions in a Distribute the information at new- network environment. Server soft- employee orientation. Avoid confu- Training employees to recognize ware licenses generally limit the sion by requiring each employee to when software or its use is illegal number of users on the server, or sign a copy of the statement. The begins with an understanding of the may require individual access signed statement is evidence that many variations of software theft. licenses for users. Certain applica- each employee has been made The five most common types of tion licenses will authorize use of aware of, understands, and agrees to theft, and how to help employees one installed copy by multiple comply with the organization s soft- avoid committing these illegal acts, users, but only within the limits of ware policy and management are summarized below. the license provisions. Exceeding process. the permitted number or types of 1. End user piracy occurs when an users constitutes unauthorized use. Educate and Train individual or organization (the end License overuse can be controlled Training is an important element of user ) reproduces copies of software by carefully checking software obtaining employee acceptance. You without authorization. End user licensing agreements at the time should develop a training program piracy can take the following forms: of purchase and installation and providing instruction in three general s Using one licensed copy to install educating employees on proper areas: a program on multiple computers; software use. s Understanding the organization s s Copying disks for installation and statement of policy, including the distribution; 3. Counterfeiting is the illegal management process, procure- s Taking advantage of upgrade duplication and sale of copyrighted ment procedures, and employee offers without having a legal material with the intent of directly responsibilities; copy of the version to be upgraded; imitating the copyrighted product. 12
  15. 15. US version Booklet 02 7/18/02 5:00 PM Page 13 In the case of packaged software, it s The packaging or materials that as if they had made an authorized is common to find counterfeit accompany the software have copy from a disk. Although some copies of the CDs or diskettes been copied or are of inferior manufacturers expressly permit incorporating the software program, print quality; their software programs to be down- as well as related packaging, manu- s The CD has a gold, blue or blue- loaded without payment of a licens- als, license agreements, labels, green appearance, as opposed to ing fee, these programs are still sub- registration cards, and security the silver appearance that charac- ject to a licensing agreement. Pay features. You can guard against the terizes legitimate product; careful attention to educate all unwitting purchase of counterfeit s The CD contains software from employees to the fact that software product by: more than one manufacturer or should not be downloaded from the s Carefully checking the authentic- programs that are not typically Internet without express authoriza- ity of any product you acquire; sold as a suite ; or tion by the official, department or s Purchasing from resellers with a s The software is distributed via group in charge of software reputation for integrity and hon- mail order or online by resellers procurement. est business practices; and who fail to provide appropriate s Ensuring that all user materials guarantees of legitimate product. The final element of your training and a licensing agreement are program is conventional training. included with software at the 4. Hard-disk loading occurs when a One of your more challenging tasks time of its acquisition. computer hardware reseller loads will be to obtain acceptance of the unauthorized copies of software list of software supported by your Any department or groups autho- onto the machines they sell to make organization. Everyone will have a rized to acquire software should be purchase of the machine more software preference and someone is aware of the following warning attractive. You can avoid purchasing likely to want an application your signs that often signify counterfeit such software by ensuring that all organization has chosen not to sup- software: hardware and software purchases port. To minimize the likelihood of s The price of the software is are centrally coordinated through such outcomes and their deeply discounted or otherwise your organization and all purchases potentially disruptive impact, it is appears too good to be true ; are made through reputable suppliers. critical to offer regular training in s The software is distributed in a Most important, require receipt of the software supported by your CD jewel case without the pack- all original software licenses, disks, organization. aging and materials that typically and documentation with every hard- accompany a legitimate product; ware purchase. Pay Special Attention to s The software lacks the manufac- Employee Transitions turer s standard security features; 5. Online software theft has become Employee transitions are critical s The software lacks an original more prevalent with the rise in times in the software management license or other materials that Internet popularity. Employees who process. Exiting employees need to typically accompany legitimate download unauthorized copies of be debriefed. Their computers products (e.g., original registra- software via an Internet site are in should be checked for installed soft- tion card or manual); violation of the copyright law, just ware. They should be asked whether 13
  16. 16. US version Booklet 02 7/18/02 5:00 PM Page 14 they have illegally copied onto a 1. Begin by determining all classes your software needs at least three diskette or other portable storage and subclasses of software your years into the future. It is important medium any software licensed or organization deems necessary to to look ahead to anticipate software controlled by the organization. If accomplish its mission. Different upgrades, additions, and disposals. they had installed copies of the classes include operating systems, The future schedule of such events, organization s software on their communications, utilities, word though preliminary and subject to home computers, they should be processors, graphic, database, change, should be included in the reminded of their responsibility to spreadsheet, network, and others. list of supported software. delete the programs. The computer Subclasses are, for example, a disk previously assigned to the exiting operating system and network oper- 3.1.4 employee must be reconfigured ating system, data compression util- Establish a Secure Repository with the software required of the ities, presentation graphics, etc. All licenses and documentation for employee(s) to whom the computer the organization s authorized and will be reassigned. 2. Within each class and subclass, supported software, as well as the decide which product and version original diskettes or CDs, should be 3.1.3 will be supported and the employees collected and stored in a secure cen- Identify, Distribute, and Regularly Update who will be using it. tral location. By providing secure a List of Supported Software storage for the original diskettes or You must identify with specificity 3. Once the number of employees CDs, you will minimize the risk of the software supported by your requiring use of the software is iden- software theft and unauthorized organization. The list, a sample tified, determine the number of duplication of software programs. form of which is contained in copies to be authorized and supported Leaving original disks or CDs lying Appendix C, must contain informa- by the organization. Of course this around often leads employees to tion in three broad categories: will depend on the licensing terms mistakenly believe they are spare s Software currently supported, available for the software. Specify copies that can be loaded onto their terms of the license, and autho- the terms of the license chosen. computers. rized number of users; s Location of the software; and 4. Finally, decide how to distribute 3.1.5 s Future plans to add, upgrade, and the software. Specify the serial num- Develop and Implement Software dispose of software. ber(s) of the computer(s) on which Procurement Procedures the software is installed, and, when Your organization should develop By following the four steps applicable, the organizational unit or and implement an official software described below, the list you devel- department and the employee(s) to procurement process. Any depart- op will include the information nec- whom the computer is assigned. ment or group authorized to pur- essary to fully specify the current chase software should be trained in state of your organization s autho- In addition to developing the list of general licensing requirements and rized and supported software assets. currently supported software and proper procurement procedures. authorized use, you must project The process begins with a formal- ized request for authorization to 14
  17. 17. US version Booklet 02 7/18/02 5:00 PM Page 15 purchase software, an evaluation and statement. To ensure compliance s Identification of illegal and justification of need, and identifica- with the process, periodically review unsupported software residing on tion of the channels through which records of software purchases. your organization s computers; the software must be purchased. and Additional procedures that should 3.2 s Identification of software use that be part of the process are listed TAKE INVENTORY is not in compliance with the below. The second major task of an effec- organization s policies and proce- s Require that all purchases of tive software asset management dures, copyright law, or licensing software be made through a process is inventorying all software agreements. purchasing department or group residing on all the organization s designated with such responsibil- computers, the original licenses for Identify Software Residing on the ity for the organization; all software supported and autho- Organization’s Computers s Require that all requests be sub- rized for use by your organization, The inventory begins with identifi- mitted in writing and approved and all software documentation cation of all software found on the by the department manager with (including purchase invoices if organization s computers. The budgetary signing authority; available). You must know what process consists of the following s Disallow reimbursement of any you have before you can manage it. tasks: employee expense charged to an By comparing the results of this s Record the serial number of the employee expense account that initial baseline inventory to the computer, workstation, or server was expended for software acqui- organization s software policy and being analyzed. sition; list of supported software, you will s Record the organizational depart- s Require that all software purchases be able to identify and delete illegal ment to which the computer is be made through reputable, software and software you no assigned. authorized resellers; longer officially support, and identi- s Record the name of the employ- s Require that all software purchas- fy and stop use in violation of your ee(s) to whom the computer is es be accompanied by related software licensing agreements. assigned. user materials (e.g., manuals, reg- Your organization s progress in this s Inspect the contents of the com- istration cards, etc.) and all prop- effort should then be monitored puter or workstation s hard disk er licenses and receipts evidenc- through subsequent periodic audits and, if networked, the server and ing legal acquisition and use; and or inventories. other locations where software s Disallow purchase of software might be found. not included in the organization s 3.2.1 s Identify any hidden files and list of supported software. Accomplish Three Tasks directories and record the details The software inventory must gener- of any such occurrences for sub- ate information that allows you to sequent investigation. Part 3 of the sample software policy accomplish three tasks: s For software with single user statement in Appendix B contains a s Identification of all software licenses, record the serial suggested procurement process residing on your organization s number of each. For networked computers; 15
  18. 18. US version Booklet 02 7/18/02 5:00 PM Page 16 computers, record the licensing appear to be a software program not the following qualifications: information for the software supported while, in fact, they are s Knowledge of and experience found on the workstation and components of supported software or with the methods and techniques server. otherwise legitimate instruction sets. applicable to inventorying s Ask the manager and staff if any software; software is maintained on floppy Identify Unauthorized Use s Knowledge of the programs, diskettes, and, if so, inspect the The identification of unauthorized activities, and functions of your diskettes. use is accomplished by comparing organization; and s Inspect the computer and user the terms of the licensing agree- s Good communication skills. areas for evidence of any photo- ments you have for your supported copied material such as user software with the number of com- The person or team should be free guides. puters on which the software was from personal and external impair- s Ask the manager and staff if any found and the number of users hav- ments to independence. In addition, unauthorized software is used in ing access to the computers. an independent attitude and appear- the department. Software metering applications, ance must be maintained. It is s Review the findings and compare which are discussed later along with important that the opinions, conclu- them with the list of supported other inventory application soft- sions, judgments, and recommenda- software, and the licenses and ware, can help to ensure that soft- tions of the person or team be documentation stored in the ware use is in compliance with the impartial and viewed as impartial repository. software license. by knowledgeable third parties. Appendix D contains a sample form 3.2.2 Due professional care must be used for recording the information that Conduct the Inventory in Accordance with to conduct the inventory and prepare must be collected in the software Four General Standards inventory reports. The person or inventory. Specialized inventory You should conduct the software team should use sound judgment in application software, which is dis- inventory in accordance with stan- establishing the scope and timing of cussed later, can be used to make dards regarding the qualifications of the inventory, selecting the method- the inventory job relatively easy. people who will take the inventory, ology and specific procedures, and the independence of these people evaluating and reporting the results. Identify Illegal and Unsupported Software and their organization, their exercise The identification of illegal and of professional care in conducting 3.2.3 unsupported software is accom- the inventory and preparing inven- Rely on the Element of Surprise, Yet plished by comparing the results of tory reports, and the presence of Include All Computers your inventory to the list of soft- quality controls. Once the organization s entire soft- ware supported by your organiza- ware base has been examined in tion. Although the task is straight- A person or team that collectively the initial baseline inventory, forward, it can involve additional possesses adequate professional the organization should conduct analysis. Some executable files proficiency for the tasks required periodic inventories to monitor found on the computers might should take the inventory. Look for compliance. For these subsequent 16
  19. 19. US version Booklet 02 7/18/02 5:00 PM Page 17 inventories, it might not be practical s What is the cost of the The key to identifying software on to include all computers in a single application? DOS and Windows systems is to procedure. In such circumstances, a find all files suffixed with .EXE, sample of computers should be Appendix E contains a matrix sum- which is short for executable. inspected, but over the course of a marizing five randomly chosen All software must have at least one year, every computer should be re- inventory applications and two ran- executable file. The challenge is to inspected and its installed software domly chosen metering applica- weed through numerous executable included in the inventory. tions. Please do not interpret the files that might be small subsets of inclusion of these specific products instructions embedded in legitimate 3.2.4 as indication of support for them software to find the executable file Specialized Inventory and Metering over the dozens of others that are on of an illegal program. Applications Can Make the Job Easier the market today or about to be Specialized application software can brought to the market. Using DOS on Stand-Alone Computers inventory and meter the use of your It is best to use specialized invento- organization s software. When possi- 3.2.5 ry application software. An inven- ble, these tools should be used. They Other Options tory can be performed without such will make the inventory process You can conduct the software software, but you must commit a more efficient and help you more inventory without the use of spe- significant amount of time to the accurately manage software use. cialized application software. The inventory process. You must inspect Evaluate specific products available process will take additional time the contents of each computer s in your market by answering the and, with respect to monitoring hard drive using only DOS-based following questions: software use, the information gener- command instructions. There are s Is the application effective for an ated is likely to be less precise. three alternative ways to undertake organization this size; Nevertheless, the process will gen- the effort, and the commands to fol- s Does the application work in a erate the information you need to low in each approach are contained networked or stand-alone envi- guard against the possibility of ille- in Appendix F. ronment; gal software and illegal use of soft- s Exhaustive inspection; s How does the application recog- ware in your organization. s User-level instructions with man- nize software and, if by compar- Appendixes F, G, and H contain ual inspection; and ing to known products included command sets for inventorying your s User-level instructions with auto- in a database, how often is the software without the benefit of a mated inspection. database updated; specialized application within the s How is the application deployed; following three environments: In an exhaustive inspection approach, s What is the application s user s Stand-alone computers running disk partition information is inspect- interface; DOS; ed and hidden files and subdirectories s What are its reporting capabilities, s Stand-alone or networked com- are located and examined. Only com- s What support is available; puters running Windows; and petent technicians or systems engi- and s Stand-alone Macintosh computers. neers should attempt this method of inventorying software. 17
  20. 20. US version Booklet 02 7/18/02 5:00 PM Page 18 User-level instruction with manual if you are using a Windows-based asked to cease such behavior, and inspection can be used when the system. warned that if future breaches hard disk is not partitioned. It can occur, they could be grounds for also be used to examine the con- Using the Macintosh Operating System dismissal. A written record of all tents of a computer s hard drive on Stand-Alone Computers such instances should be included in without invoking disk partition soft- Like using Windows, the Macintosh the employee s personnel file. ware that could cause catastrophic operating system can generate an Employee notification is important, data loss if used improperly. inventory of software, but it and these corrective measures requires more time than specialized should be taken only once an An automated inspection method inventory application software. The employee has been properly advised assumes all software information commands required are contained in of the software policy and has sub- will be gathered by end users and Appendix H. sequently been found in violation. forwarded to a centralized location for inspection. A single hard drive 3.3 Correct Breaches in Licensing partition is assumed. Drives with TAKE ACTION Agreements and Copyright Law multiple partitions should be The final major component of the When the infraction is a breach of inspected manually. management process is action. You copyright law or the terms of a soft- must be prepared to take corrective ware license, the incident has poten- Using Windows on Stand-alone action when necessary and preven- tially serious consequences for the or Networked Computers tive action to minimize the need for employee and the organization. Using Windows to inventory soft- future corrective action. ware is easier but still time consum- If the inventory were to reveal ille- ing. Again, the person taking the 3.3.1 gal copies of software residing on inventory must find all .EXE files Take Corrective Action When Necessary the organization s computers, the on the computer and invoke the There are two breaches requiring copies must be deleted immediately. software to examine licensing infor- corrective action. Whenever either If the infraction is severe and found mation. Opening all folders to is found to have occurred, all to be widespread throughout the determine whether they contain employees must be informed and organization, senior managers software can be time consuming, reminded of their responsibilities to should be informed. You might also and, although use of the PRINT the organization s software policy want to inform the copyright holder SCRN key to print the information and management process. if the discovery revealed informa- and images on the desktop is an tion (such as the location of an ille- excellent way of generating a print- Correct Breaches in Software Policy gal software copying and distribu- ed record of the inventory, it too When an employee is found not to tion operation) that would be of requires time. However, the job be in compliance with the organiza- benefit to the copyright holder. All does not require sophisticated tech- tion s software policy, he or she efforts should be made to identify nical knowledge and experience. must be informed of the breach, the employee or employees respon- Appendix G contains the instruc- reminded of his or her acknowledg- sible for the violation. The incident tions for inventorying your software ment of responsibility to the policy, and its final outcome should be 18
  21. 21. US version Booklet 02 7/18/02 5:00 PM Page 19 recorded and maintained with Regularly Review List of results. Employees must see that all other documentation in the Supported Software and Use their actions have consequences. secure repository. All violations Demonstrate the organization s attributed to a specific employee interest in ensuring that its employ- Conduct Random Spot Inventories should be recorded in the ees have the software they need by Regrettably, human nature is such employee s personnel file. regularly reviewing the list of sup- that often the element of surprise is ported software and authorized use. necessary to obtain a clear picture If the inventory were to reveal soft- Seek out the opinions of those who of behavior. It is important to peri- ware use not in compliance with are more reliant on software. And odically take inventory. Select the licensing terms, all users of the par- strive to understand why some computers to be inspected. Targets ticular product must be informed of employees appear to have little need could include computers previously the infraction, and, if necessary, a for software. When necessary, mod- found to be in breach of policy or new licensing agreement must be ify the list, announce the changes, law. Announce the results of all struck to include use by those and distribute the new list through- such random spot checks. whose use had previously not been out the organization. covered by the license. Periodically Review Software When Necessary, Modify the License Procurement Records 3.3.2 or Number of Copies Periodically review the record of Always Take Preventive Action When software use changes, modify software procurement to determine To minimize the number and severi- the number of copies you support or whether those responsible for pro- ty of breaches, you should take pre- the type of license to reflect the new curement are adhering to the organi- ventive action in three arenas: the situation. In times of increasing zation s procurement policy. environment for success, taking demand for a particular product, too Whenever a legal breach is discov- inventory, and procurement. few copies or a license that is too ered through the process of invento- restrictive places the organization in rying software, every attempt Maintain the Environment for Success greater jeopardy of its employees should be made to determine To maintain a workplace environ- violating licensing agreements. And whether the breach was due at least ment in which the management when demand is declining, you do in part to a failure to follow the process will succeed you should not want the organization support- official procurement procedures. strive to stay current by regularly ing copies or renewing licenses that updating your list of supported soft- are not necessary. ware and authorized use, modifying the availability of products to reflect Keep Communication Open changing patterns and intensity of Seek opportunities to communicate use, and communicating with with employees about their software employees. needs, experiences with specific products, policy and process responsibilities, and management 19
  22. 22. US version Booklet 02 7/18/02 5:00 PM Page 20 © lossary G Application Software Download Intellectual Property Rights General term for software programs To move a file from a computer at The legal rights persons have to that perform specific tasks such as another site to your computer over a prevent others from using without accounting, word processing and communications line. The term is permission certain kinds of intangible database management. often used to describe the process of property. The objective of laws pro- copying a file from the Internet or a tecting intellectual property rights is CD-ROM Bulletin Board System (BBS) to a to promote innovation and creativity. A type of optical disk capable of computer. Downloading can also These laws take a number of different storing large amounts of data - up to refer to copying a file from a net- forms, including laws protecting 1GB (gigabyte), although the most work file server to a computer on patents, which govern rights in common size is 650MB the network. inventions; copyright, which governs (megabytes). CD-ROMs are read- rights in software, books, movies, only storage media best suited for End User and music; trademarks , which pro- holding reference information The final or ultimate user of a com- tect the reputation of the entity which which does not change on a daily puter system and/or product. owns a mark; and trade secrets, basis and is not subject to being which safeguard valuable business updated by those who use it. Fixes information. Corrections to vendor supplied soft- Copyright ware. The vendor does not necessar- LAN The legal rights of an author ily supply these fixes. Local Area Network. A computer under federal law to control the network that spans a relatively reproduction,distribution, adapta- Hard Disk small area. A LAN lets you share tion, and performance of his/her A magnetic disk on which you can files as well as devices such as work, including software. The store computer data (also called a printers or CD-ROM drives. A copying of a copyrighted work hard drive). Unlike floppy disks, LAN can be connected to other without the permission of its hard disks cannot be easily removed LANs over any distance via tele- author may subject the copier to from the computer and, hence, are phone lines and radio waves; a sys- both civil and criminal penalties. not portable. Hard disks hold more tem of LANs connected in this way data and are faster than floppy is called a wide-area network (WAN). Diskette disks. A hard disk, for example, can A flat piece of flexible plastic cov- store anywhere from 10 megabytes License ered with a magnetic coating which to several gigabytes, whereas most A legally binding agreement in is used to store data (also called a floppy disks have a maximum stor- which one party grants certain floppy disk). The existing standard age capacity of 1.4 megabytes. rights and privileges to another. In for diskette size is 3 1/2 inches. the computer field, a software pub- Unlike hard disks, floppy disks can Hardware lisher will typically grant a non- be removed from a disk drive and, The physical components of a com- exclusive right (license) to a user to thus, are portable. puter system. use one copy of its software and prohibit further copying and 20
  23. 23. US version Booklet 02 7/18/02 5:00 PM Page 21 distribution of that software to occurs when an individual or organi- Software another user. zation reproduces and/or uses unli- Computer instructions or data. censed copies of software for its oper- Anything that can be stored elec- Modem ations. Client-server overuse occurs tronically is software. A piece of A device or program that enables a when the number of users connected software is also known as a program. computer to transmit data over tele- to or accessing one server exceeds the phone lines. total number defined in the license System software products agreement. Server piracy occurs when Software program packages, other Network Operating illegal copies of software are loaded than application program packages, An operating system that includes onto one or more servers. that manage systems resources (e.g., special functions for connecting Counterfeiting is the illegal duplica- operating systems, database man- System computers and devices into tion of software with the intent of agement systems, etc.). a local-area network (LAN). A net- directly imitating the copyrighted work operating system coordinates product. Hard-disk loading occurs Upgrade a network s primary functions such when a computer hardware reseller A new version of a software or as file transfer and print queuing. loads unauthorized copies of software hardware product designed to onto the machines it sells. Online replace an older version of the same Operating System software theft occurs when individu- product. Typically, software com- The master control program that als download or upload unauthorized panies sell upgrades at a discount. translates the user s commands and copies of software from the Internet In most cases, you must prove you allows application programs to or a Bulletin Board System (BBS). own an older version of the product interact with the computer s hard- License misuse occurs when software to qualify for the upgrade price. ware. Every general-purpose com- is distributed in channels outside puter must have an operating sys- those allowed by the license, or used Upload tem to run other programs. in ways restricted by the license. To move a file from your computer Operating systems perform basic to another computer; the opposite of tasks, such as recognizing input Server download. from the keyboard, sending output A computer or device on a network to the display screen, keeping track that manages network resources. WAN of files and directories on the disk, For example, a file server is a com- Wide-Area Network. A computer and controlling peripheral devices puter and storage device dedicated network that spans a relatively large such as disk drives and printers. to storing files. Any user on the geographical area. Typically, a Common operating systems include network can store files on the serv- WAN consists of two or more local- DOS, Windows, and Mac OS. er. A print server is a computer that area networks (LANs). Computers manages one or more printers, and a connected to a wide-area network Piracy network server is a computer that are often connected through public The illegal use and/or distribution of manages network traffic. A data- networks, such as the telephone sys- property protected under intellectual base server is a computer system tem. They can also be connected property laws. Software piracy can that processes database queries. through leased lines or satellites. take many forms. End user piracy 21
  24. 24. US version Booklet 02 7/18/02 5:00 PM Page 22 Appendix
  25. 25. US version Booklet 02 7/18/02 5:00 PM Page 23 EXHIBIT A MODEL GOVERNMENT DECREE ON LEGAL SOFTWARE USE WHEREAS the use of proprietary computer software has become essential to the mission and operation of the executive agencies of the Government, and the Government is a major user of information technology; WHEREAS proper software management is critical to ensuring that the Government receive the full benefits of its software use and operate in compliance with its own and all relevant copyright laws; WHEREAS the unlicensed copying and sale of computer software are illegal and seriously undermine employment opportunities and tax revenues generated by the computer software industry; WHEREAS the Government must set an example for other public and private entities regarding proper soft- ware management by ensuring that it is not a party to computer software piracy. It shall be the policy of the Government that: 1. Each executive agency shall work diligently to prevent and combat computer software piracy in order to give effect to intellectual property rights associated with computer software by observing the relevant provi- sions of international agreements, including the Word Trade Organization Agreement on Trade-Related Aspects of Intellectual Property and the Berne Convention for the Protection of Literary and Artistic Works, as well as the relevant provisions of national law. 2. Each executive agency shall ensure that budget proposals relating to computer software and data process- ing needs include adequate resources for the purchase of sufficient computer software to meet those needs. These resources should be delineated as a separate line-item in the agency’s budget. 3. Each executive agency shall establish systems and controls to ensure that the agency has present on its computers and uses only computer software in compliance with applicable copyrights. These systems and controls shall include: a) appointment of a responsible Chief Information Officer (CIO) for each executive agency, who shall certify that agency’s compliance with software management policies annually to the appropriate central office; b) completion of an initial inventory of the software present of the agency’s computers and the number of copies of each program for which the agency has valid licenses; c) following completion of the initial inventory, deletion of any software programs in numbers exceeding the valid licenses held; 23
  26. 26. US version Booklet 02 7/18/02 5:00 PM Page 24 d) development and maintenance of adequate record-keeping systems to record the results of the initial inventory and thereafter track the acquisition of additional software licenses and the installation or use of additional copies of software permitted under such additional licenses, ensuring that such records at all times indicate licenses sufficient to cover all software in use and maintain all license documentation in a single place; e) channeling all software purchase requests through a single point monitored by the CIO; f) institution of periodic inventories of each executive agency’s computers to determine the continued accuracy of the agency’s software record-keeping systems; and g) implementation of an agency-wide information and training program for employees regarding the necessity of legal computer software use, including signature of a written compliance notice and establishment of disciplinary offenses and penalties for non-compliance. 4. In connection with the acquisition and use of computer software, the head of each executive agency shall: a) establish and maintain a comprehensive software management policy and an effective program to ensure proper acquisition, distribution, management, use, and disposition of all computer software products; b) ensure that the policies, procedures, and practices of the agency related to intellectual property rights protecting computer software are adequate and fully implement the policies set forth in this order; c) ensure agency compliance with the intellectual property rights protecting computer software and the provisions of this order by establishing agency-wide management structures and processes to ensure that only legal computer software is acquired for and used on the agency’s computers; d) establish performance measures to assess the agency’s compliance with intellectual property rights associated with computer software acquired, distributed, or used by the agency and with the provisions of this order; e) direct and support appropriate training of agency personnel regarding intellectual property rights asso- ciated with computer software and the policies and procedures adopted by the agency to honor them. 5. In connection with all third-party contractors and applicants for funds administered by the agency, each executive agency shall: 24
  27. 27. US version Booklet 02 7/18/02 5:00 PM Page 25 a) require the applicants to certify, as a condition of approval of any funding application, that they have appropriate systems and controls in place to ensure that agency funds are not used to acquire, operate or maintain computer software without proper authorization, including: (1) the institution of reason- able inventory procedures to ascertain that the computer software present on the computers acquired or operated with agency funds is legal and (2) the provision of the inventory results to the agency; b) withhold agency funds, as it deems appropriate, from any applicant found to be using illegal comput- er software with respect to any program supported by the funds, until such time as it has been estab- lished to the satisfaction of the agency’s auditors that reasonable steps have been taken to ensure that illegal software is no longer present on that applicant’s computers used with respect to any such pro- gram; 6. Each agency shall cooperate fully in implementing this order and shall share information as appropriate that may be useful in combating the use of computer software without proper authorization. 25
  28. 28. US version Booklet 02 7/18/02 5:00 PM Page 26 EXHIBIT B SAMPLE STATEMENT OF ORGANIZATION’S SOFTWARE MANAGEMENT POLICY Part 1. General Responsibilities The Policy of [organization] is to manage its software assets to derive maximum benefit to [organization] and its employees and, especially, to ensure that [organization] and its employees: s Acquire, reproduce, distribute, transmit, and use computer software in compliance with international treaty obligations and [insert country name] laws, including the [insert specific key laws]; and s Maintain only legal software on [organization’s] computers and computer networks. All software is protected under [country specific] copyright laws from the time of its creation. [Organization] has licensed copies of computer software from a variety of publishers to help fulfill its mis- sion. Unless otherwise provided in the software license, duplication of copyrighted software, except for backup and archival purposes, is a violation of the [applicable law] and this Policy. You may not knowingly use software for which [organization] lacks the appropriate license. If you become aware of the use or distribution of unauthorized software in this organization, notify your supervisor or the Office of the Chief information Officer (CIO). You may not loan or give to anyone any software licensed to this organization. The licenses for some of this organization’s software permit employees of the organization to make a copy of the software for home use.The CIO may approve such use by employees that can demonstrate a need to conduct the organization’s business from their homes. Under no circumstances, however, may an employee use the organization’s software for purposes other than the business of this organization. No employee may use or distribute personally-owned software on the organization’s computers or networks. Such software threatens the integrity and security of the organization’s computers and networks. A variety of software is available on the Internet. Some of this software, called “freeware” or “shareware,” is available free of charge for limited use and may be downloaded to your computer with the prior written approval of your supervisor. Other software available on the Internet and from other electronic sources, however, requires the user to obtain a license for its use, sometimes for a fee. No employee shall download such software to his or her computer without the prior written approval of the CIO. Part 2. The Software Asset Management Process [Organization] is committed to managing its software assets for maximum benefit to the organization and its employees.The process consists of three areas of focus: (1) Creating an environment in which the process will succeed, (2) Reviewing the software assets residing on the organization’s computers, and (3) Acting to 26
  29. 29. US version Booklet 02 7/18/02 5:00 PM Page 27 correct breaches in policy and the law, keep the Policy and its procedures current, and prevent future breaches. [Organization] will strive to create an environment for success by communicating this policy; educating employees about their responsibilities; training employees in the software supported by this organization; identifying and modifying as necessary the software employees need to fulfill their job responsibilities; estab- lishing a secure repository for original storage media, software licenses, and software documentation; and requiring that all software be procured through official and clearly defined procedures. As part of this organization’s software management process, the CIO shall conduct periodic, random reviews of all organization computers and networks to determine the software resident on such systems and whether the organization has the appropriate licenses for all such software.The CIO also shall conduct peri- odic, planned reviews, in which the CIO may ask you to complete a Software User Survey.This Survey will be used to determine your existing and future use and need of particular software programs.Your coopera- tion with all reviews and Software User Surveys is greatly appreciated.The CIO will endeavor to conduct its work with the least possible disruption of your workday. You may be held responsible for the existence of any software on your computer for which the organization lacks the appropriate licenses. Consequences for such unauthorized use of software range from a reprimand for minor offenses to termination of employment for repeated, willful offenses. Part 3. Software Procurement and Installation Procedures All requests for software and software upgrades shall be submitted to the Office of the Chief Information Officer (CIO), where possible. Any software and software upgrades not acquired by the CIO shall be documented and identified to the CIO, who will verify that the Agency has an appropriate license for the use of such software. All acquisitions of hardware that include bundled software shall be documented and identified to the CIO, who will verify that the Agency has an appropriate license for the use of such bundled software. The CIO shall store in a secure, central location all original software licenses, disks, CD-Roms, and documen- tation upon receipt of all new software, including copies of completed registration cards. The CIO shall designate those employees authorized to install software on the organization’s computers. No employee shall install or distribute software for which this organization lacks the appropriate license. No employee shall install any software upgrade on a computer that does not already have resident on it the 27
  30. 30. US version Booklet 02 7/18/02 5:00 PM Page 28 original version of the software.The CIO or designated employee shall destroy the original version’s backup copy of the upgraded software in its place. The CIO or designated employees shall destroy all copies of software that is obsolete or for which the orga- nization lacks the appropriate license.Alternatively, the CIO may obtain the license(s) necessary to maintain unauthorized software on organization computers. The organization’s department with procurement responsibility must establish and maintain a recordkeep- ing system for software licenses, hardware, original CD-ROMs and diskettes, user information, and review information. Maintain this information in a secure, central location. Consider the use of software manage- ment computer programs to automate such recordkeeping. ************* The organization is commited to communicating this Policy with its employees. The organization will: s Include the Policy Statement in the employee handbook. Distribute the updated handbook to all employees. s Train new employees during their initial orientation on how to comply with the Policy. s Hold seminars on the Software Policy for existing employees to inform them of the types of software licenses, how to detect and prevent piracy, how to implement the Software Policy, and consequences of violating the Policy and relevant law. s Require new and existing employees whose responsibilities include the installation, maintenance, or over- sight of information technology systems to acknowledge and sign the Software Policy Statement. s Circulate reminders of the Policy on a regular basis (at least annually) or remind employees of the Policy in other ways (at least annually), for example, through notices in agency newsletters. s Inform employees where they can get additional information on the Policy and software theft prevention. If you have any questions concerning this Policy or your obligations under it, you may direst them to either you supervisor or the CIO (provide phone numbers, office locations, and e-mail addresses). EMPLOYEE ACKNOWLEDGMENT OF UNDERSTANDING AND RESPONSIBILITY: __________________________________________ Printed Employee Name __________________________________________ __________________________________________ Employee Signature Date 28
  31. 31. 29
  32. 32. 30
  33. 33. 31