SlideShare a Scribd company logo

In2SAM Audit Defence_ITAM Review Amsterdam April 2016

Martin Thompson
Martin Thompson

The document discusses preparing for and defending against a software audit. It recommends appointing an Audit Monitor to lead the organization's response and ensure the auditors follow the organization's protocol. The Audit Monitor's goals are to protect the organization's rights and interests while making use of its resources. Multiple levels of employees may need to assist but all communication should go through the Audit Monitor. Having clear goals, communicating the protocol to auditors, and ensuring legal and data protection will help organizations effectively respond to an audit.

Technology
1 of 23
Download to read offline
Nico Blokland & Sean van Koutrik In2SAM ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
Who are we? Nico Blokland Sean van Koutrik •  IT&SAM:-Evangelist, -expert, -coach, -mentor, -trainer, -consultant,… •  Dutch representative at the WG21 for ISO 19770-x •  Husband and father •  Co-owner at In2SAM ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 •  IT&SAM: -Evangelist, -expert, -mentor, -trainer, -consultant,… •  Agile coach and practitioner •  Husband and pilot •  Co-owner at In2SAM
What’s In2SAM ? Our name says it all: We Are In2SAM Ø  Based in the Netherlands – acting globally Ø  Distinction: §  Independent from vendors §  Includes Legal and Agile approaches §  ISO 19770-x Ø  We bring solid and future ready solutions to our customers. More than a century of IT&SAM experience. •  Four pillars: •  Processes •  Standards •  Contracts •  Agility •  Best in Class Tooling partners SERVICE PORTFOLIO •  Audit support •  Contract analysis service •  Pre audit assessment •  SAM maturity assessment •  SAM transition projects •  SAM or LM service •  IT&SAM Consultancy •  In2SAM Academy ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 Get your voucher for the Audit Monitor certification course at In2SAM
What’s up? ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 •  How to prepare for an audit •  Who to prepare •  Your goals •  The vendors audit goals
Who is acting? An Audit Protocol should be in place to guard your organizations procedures and rights ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 Level 1 Level 2 Level 3   Audit Monitor   Legal   IT   System managers, Network managers   Application owners, Database administrators   Architects   Procurement   Contract manager, Buyer   Administrator The different levels that (should) act during an audit Appointed by senior management Appointed by Audit Monitor Appointed by Team managers
Level 1 •  Audit Monitor –  Appointed by Senior management –  Sufficient mandate – derived from Audit Protocol •  Audit Monitor’s goal: –  Protect the organizations rights –  Monitor audit process –  Protect the organizations interest –  Use organizations potential. Attention for: Data and Privacy, Security, Commercial, Data protection ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 •  Legal –  Mandate derived from role •  Legal’s goal: –  Protect the organizations rights –  Monitor legislation –  Protect the organizations interest –  make use of the organizations potential. Software Auditor’s goal: Disrupt your audit protocol, ‘ignore’ laws and regulation, protect software creators interest Solution: Ensure the Audit Monitor is in charge (planning and communication)
Level 2 •  Who: IT management, team leaders, application owners, contract/vendor- managers and architects •  Goal: Deliver resources for providing required data and information •  Monitors’ goal: –  Not all data is ad hoc available –  not all data can be made available to the auditor due to legal restrictions. –  Check legality, accuracy and availability •  Software Auditor’s goal: get in direct contact with this group, push on planning & delivery, ‘legal or not’ Solution: All requests via a single point of contact (Audit Monitor). Never ever, ever ever, ever ever ever allow direct communication with the auditor (unless supervised by the audit Monitor) Attention for: data and Privacy, Security, Commercial, data protection ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
Level 3 •  Who: system/network managers/operators, purchasers/buyers, administrators, database administrators (DBA’s) •  Goal: Actual delivery of required data from systems using discovery, scripts, descriptions, drawings. •  Audit Monitor’s goal: Prevent producing data without a legal basis, gather only effective, checked and accurate data. Put it on a secure network excluded environment •  Software Auditor’s goal: Get as much data and extra information to get the best license proposition towards you – from their perspective and interest !! Solution: Communicate the protocol, ensure all communication and any data is delivered via the SPoC – Audit Monitor Attention for: data and Privacy, Security, Commercial, data protection
The Audit Monitor •  Single point of Contact between Auditor and organization; •  Can be delegated in large organisations; •  Controls, informs and manages and all internal involved employees; •  Informs and discusses organizations’ attitude towards the auditor with management and legal department; •  Final check on delivering requested data; •  Supervision on all software auditor meetings (preferably in a dedicated ‘green room’); •  Checks with Legal department on legality of the data requests; •  Checks auditors scripts with security officer and system manager(s); •  Checks the auditors references/credibility; •  Arranges, meetings, admittance, technique (availability). The Audit Monitor cannot be responsible for the actual outcome of the audit Make sure the protocol is followed
Recap   Get all internal actors in line with the company goals;   Clearly communicate the audit protocol to the auditor and the software creator/publisher/vendor;   Don’t be pressured in time by the auditor, your organizations schedule sets the speed;   Keep distance, be formal (no first name basis);   Communicate that your local laws apply in all cases; Analyse your (software)contracts (effectiveness/harmfulness);   When in Europe: look at the second hand market to “pré-repair” breaches. Most important: Prevent audits by having a solid License administration / SAM process (internal or external)
Questions? ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
What’s done? ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 •  Are you prepared for an audit •  Who to prepare •  Your goals clear? •  The vendors audit goals gone?
ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 P.S. for your helicopter pilot license, contact:
ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
how to effectively react to an audit announcement Workshop Audit Defense: ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
Workshop Audit monitor •  Introduction •  Starting point •  Case: audit anouncement/warning –  Work out: (15 minutes) •  Meeh’s Response to auditor DuL / software creator Microsoft (in bullets) •  Internal organization •  Desired outcome –  Gathering data: How and when is it accurate (15-20 minutes) (Belarc) •  Software •  Entitlement –  Discuss some outcomes (10-15 minutes) Remember: Laws & legislation, data issues, communication, organization ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
Tips •  Check and follow your internal audit protocol •  Install an audit monitor •  Communicate your audit protocol and SPOC to the Software Creator or Auditor •  Check: –  Data protection –  Privacy Laws –  Security –  Commercial data •  NDA with auditor •  Check and install SAM process. ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
Tips •  Check and follow your internal audit protocol •  Install an audit monitor •  Communicate your audit protocol and SPOC to the Software Creator or Auditor •  Check: –  Data protection –  Privacy Laws –  Security –  Commercial data •  NDA with auditor •  Check and install SAM process. ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
Audit Protocol Example Content of an audit protocol: 1.  Authority mapping of the organization (sr management, legal, etc.) 2.  NDA, certification levels of auditor(s) 3.  Security rules 4.  Admittance rules to high security environments 5.  Applicable laws 6.  Commercial protection 7.  Data protection 8.  Data/processflow of anouncement untill closure of an audit ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016

Recommended

blay Oracle Audit Defence_ ITAM Review Audit Defence Workshop Amsterdam April...
blay Oracle Audit Defence_ ITAM Review Audit Defence Workshop Amsterdam April...blay Oracle Audit Defence_ ITAM Review Audit Defence Workshop Amsterdam April...
blay Oracle Audit Defence_ ITAM Review Audit Defence Workshop Amsterdam April...
Martin Thompson
 
IBM Audit Defence Strategies: Eric Chiu - Fisher IT Asset Consulting (ITAM Re...
IBM Audit Defence Strategies: Eric Chiu - Fisher IT Asset Consulting (ITAM Re...IBM Audit Defence Strategies: Eric Chiu - Fisher IT Asset Consulting (ITAM Re...
IBM Audit Defence Strategies: Eric Chiu - Fisher IT Asset Consulting (ITAM Re...
Martin Thompson
 
Where to look at and where to start?: Richard Spithoven b.lay ITAM Review UK ...
Where to look at and where to start?: Richard Spithoven b.lay ITAM Review UK ...Where to look at and where to start?: Richard Spithoven b.lay ITAM Review UK ...
Where to look at and where to start?: Richard Spithoven b.lay ITAM Review UK ...
Martin Thompson
 
ITAM Tools Day, November 2015 - ITAM Review
ITAM Tools Day, November 2015 - ITAM ReviewITAM Tools Day, November 2015 - ITAM Review
ITAM Tools Day, November 2015 - ITAM Review
Martin Thompson
 
Are you the next sitting duck that will be moved to the Oracle Cloud as a res...
Are you the next sitting duck that will be moved to the Oracle Cloud as a res...Are you the next sitting duck that will be moved to the Oracle Cloud as a res...
Are you the next sitting duck that will be moved to the Oracle Cloud as a res...
Martin Thompson
 
Taking back control of your Microsoft Negotiation: Mike Austin, Method 180 (I...
Taking back control of your Microsoft Negotiation: Mike Austin, Method 180 (I...Taking back control of your Microsoft Negotiation: Mike Austin, Method 180 (I...
Taking back control of your Microsoft Negotiation: Mike Austin, Method 180 (I...
Martin Thompson
 
How to work with a vendor during an audit & what not to do – is there such a ...
How to work with a vendor during an audit & what not to do – is there such a ...How to work with a vendor during an audit & what not to do – is there such a ...
How to work with a vendor during an audit & what not to do – is there such a ...
Martin Thompson
 
ITAM vs. ITSM Workshop ITAM Review US Annual Conference 2016
ITAM vs. ITSM Workshop ITAM Review US Annual Conference 2016ITAM vs. ITSM Workshop ITAM Review US Annual Conference 2016
ITAM vs. ITSM Workshop ITAM Review US Annual Conference 2016
Martin Thompson
 

Recommended

blay Oracle Audit Defence_ ITAM Review Audit Defence Workshop Amsterdam April...
blay Oracle Audit Defence_ ITAM Review Audit Defence Workshop Amsterdam April...blay Oracle Audit Defence_ ITAM Review Audit Defence Workshop Amsterdam April...
blay Oracle Audit Defence_ ITAM Review Audit Defence Workshop Amsterdam April...
Martin Thompson
 
IBM Audit Defence Strategies: Eric Chiu - Fisher IT Asset Consulting (ITAM Re...
IBM Audit Defence Strategies: Eric Chiu - Fisher IT Asset Consulting (ITAM Re...IBM Audit Defence Strategies: Eric Chiu - Fisher IT Asset Consulting (ITAM Re...
IBM Audit Defence Strategies: Eric Chiu - Fisher IT Asset Consulting (ITAM Re...
Martin Thompson
 
Where to look at and where to start?: Richard Spithoven b.lay ITAM Review UK ...
Where to look at and where to start?: Richard Spithoven b.lay ITAM Review UK ...Where to look at and where to start?: Richard Spithoven b.lay ITAM Review UK ...
Where to look at and where to start?: Richard Spithoven b.lay ITAM Review UK ...
Martin Thompson
 
ITAM Tools Day, November 2015 - ITAM Review
ITAM Tools Day, November 2015 - ITAM ReviewITAM Tools Day, November 2015 - ITAM Review
ITAM Tools Day, November 2015 - ITAM Review
Martin Thompson
 
Are you the next sitting duck that will be moved to the Oracle Cloud as a res...
Are you the next sitting duck that will be moved to the Oracle Cloud as a res...Are you the next sitting duck that will be moved to the Oracle Cloud as a res...
Are you the next sitting duck that will be moved to the Oracle Cloud as a res...
Martin Thompson
 
Taking back control of your Microsoft Negotiation: Mike Austin, Method 180 (I...
Taking back control of your Microsoft Negotiation: Mike Austin, Method 180 (I...Taking back control of your Microsoft Negotiation: Mike Austin, Method 180 (I...
Taking back control of your Microsoft Negotiation: Mike Austin, Method 180 (I...
Martin Thompson
 
How to work with a vendor during an audit & what not to do – is there such a ...
How to work with a vendor during an audit & what not to do – is there such a ...How to work with a vendor during an audit & what not to do – is there such a ...
How to work with a vendor during an audit & what not to do – is there such a ...
Martin Thompson
 
ITAM vs. ITSM Workshop ITAM Review US Annual Conference 2016
ITAM vs. ITSM Workshop ITAM Review US Annual Conference 2016ITAM vs. ITSM Workshop ITAM Review US Annual Conference 2016
ITAM vs. ITSM Workshop ITAM Review US Annual Conference 2016
Martin Thompson
 
Microsoft audit defence gotchas check list
Microsoft audit defence gotchas check listMicrosoft audit defence gotchas check list
Microsoft audit defence gotchas check list
Martin Thompson
 
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015
Martin Thompson
 
brainwaregroup ITAM Review Tools Day Presentation 2015
brainwaregroup ITAM Review Tools Day Presentation 2015brainwaregroup ITAM Review Tools Day Presentation 2015
brainwaregroup ITAM Review Tools Day Presentation 2015
Martin Thompson
 
Audit Defence from a Legal Perspective: Robert Scott – Scott & Scott LLP (ITA...
Audit Defence from a Legal Perspective: Robert Scott – Scott & Scott LLP (ITA...Audit Defence from a Legal Perspective: Robert Scott – Scott & Scott LLP (ITA...
Audit Defence from a Legal Perspective: Robert Scott – Scott & Scott LLP (ITA...
Martin Thompson
 
Microsoft audit defence entitlement check list
Microsoft audit defence entitlement check listMicrosoft audit defence entitlement check list
Microsoft audit defence entitlement check list
Martin Thompson
 
AUS Conference 2018_All change - aligning sam with your data centre change pr...
AUS Conference 2018_All change - aligning sam with your data centre change pr...AUS Conference 2018_All change - aligning sam with your data centre change pr...
AUS Conference 2018_All change - aligning sam with your data centre change pr...
Martin Thompson
 
Communication & making your ITAM strategy stick Workshop: Barbara Scott, Pres...
Communication & making your ITAM strategy stick Workshop: Barbara Scott, Pres...Communication & making your ITAM strategy stick Workshop: Barbara Scott, Pres...
Communication & making your ITAM strategy stick Workshop: Barbara Scott, Pres...
Martin Thompson
 
ITAM Best Practices - Knowledge14
ITAM Best Practices - Knowledge14ITAM Best Practices - Knowledge14
ITAM Best Practices - Knowledge14
Martin Thompson
 
Australia Conference 2018_Boost up your oracle audit defence
Australia Conference 2018_Boost up your oracle audit defenceAustralia Conference 2018_Boost up your oracle audit defence
Australia Conference 2018_Boost up your oracle audit defence
Martin Thompson
 
Snow Software ITAM Review Tools Day
Snow Software ITAM Review Tools Day Snow Software ITAM Review Tools Day
Snow Software ITAM Review Tools Day
Martin Thompson
 
Microsoft Audit Defense: Kylie Fowler ITAM Intelligence ITAM Review UK Confe...
Microsoft Audit Defense: Kylie Fowler ITAM Intelligence ITAM Review UK Confe...Microsoft Audit Defense: Kylie Fowler ITAM Intelligence ITAM Review UK Confe...
Microsoft Audit Defense: Kylie Fowler ITAM Intelligence ITAM Review UK Confe...
Martin Thompson
 
Flexera Software Tools Day 2015
Flexera Software Tools Day 2015Flexera Software Tools Day 2015
Flexera Software Tools Day 2015
Martin Thompson
 
UK Conference 2018_Data Centre Governance_Chris Morgan
UK Conference 2018_Data Centre Governance_Chris MorganUK Conference 2018_Data Centre Governance_Chris Morgan
UK Conference 2018_Data Centre Governance_Chris Morgan
Martin Thompson
 
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Martin Thompson
 
UK Conference 2018_Boost up your Oracle audit defence_Richard Spithoven & Cat...
UK Conference 2018_Boost up your Oracle audit defence_Richard Spithoven & Cat...UK Conference 2018_Boost up your Oracle audit defence_Richard Spithoven & Cat...
UK Conference 2018_Boost up your Oracle audit defence_Richard Spithoven & Cat...
Martin Thompson
 
IT Asset Management During a Merger: Preparing for the Incoming Big Wave: Su...
IT Asset Management During a Merger: Preparing for the Incoming Big Wave: Su...IT Asset Management During a Merger: Preparing for the Incoming Big Wave: Su...
IT Asset Management During a Merger: Preparing for the Incoming Big Wave: Su...
Martin Thompson
 
Australia Conference 2018_The $250BN annual software support and maintenance ...
Australia Conference 2018_The $250BN annual software support and maintenance ...Australia Conference 2018_The $250BN annual software support and maintenance ...
Australia Conference 2018_The $250BN annual software support and maintenance ...
Martin Thompson
 
Microsoft Negotiation in the cloud era: Kylie Fowler ITAM Intelligence ITAM ...
Microsoft Negotiation in the cloud era: Kylie Fowler ITAM Intelligence ITAM ...Microsoft Negotiation in the cloud era: Kylie Fowler ITAM Intelligence ITAM ...
Microsoft Negotiation in the cloud era: Kylie Fowler ITAM Intelligence ITAM ...
Martin Thompson
 
ITAM UK 2017 Proven strategies to master SAM in the cloud_George Arezina & Ge...
ITAM UK 2017 Proven strategies to master SAM in the cloud_George Arezina & Ge...ITAM UK 2017 Proven strategies to master SAM in the cloud_George Arezina & Ge...
ITAM UK 2017 Proven strategies to master SAM in the cloud_George Arezina & Ge...
Martin Thompson
 
Australia Conference 2018_Cloud won't manage itself - a strategic opportunity...
Australia Conference 2018_Cloud won't manage itself - a strategic opportunity...Australia Conference 2018_Cloud won't manage itself - a strategic opportunity...
Australia Conference 2018_Cloud won't manage itself - a strategic opportunity...
Martin Thompson
 
Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...
Synopsys Software Integrity Group
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What?
Synopsys Software Integrity Group
 

More Related Content

What's hot

What's hot (20)

Microsoft audit defence gotchas check list
Microsoft audit defence gotchas check listMicrosoft audit defence gotchas check list
Microsoft audit defence gotchas check list
 
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015
 
brainwaregroup ITAM Review Tools Day Presentation 2015
brainwaregroup ITAM Review Tools Day Presentation 2015brainwaregroup ITAM Review Tools Day Presentation 2015
brainwaregroup ITAM Review Tools Day Presentation 2015
 
Audit Defence from a Legal Perspective: Robert Scott – Scott & Scott LLP (ITA...
Audit Defence from a Legal Perspective: Robert Scott – Scott & Scott LLP (ITA...Audit Defence from a Legal Perspective: Robert Scott – Scott & Scott LLP (ITA...
Audit Defence from a Legal Perspective: Robert Scott – Scott & Scott LLP (ITA...
 
Microsoft audit defence entitlement check list
Microsoft audit defence entitlement check listMicrosoft audit defence entitlement check list
Microsoft audit defence entitlement check list
 
AUS Conference 2018_All change - aligning sam with your data centre change pr...
AUS Conference 2018_All change - aligning sam with your data centre change pr...AUS Conference 2018_All change - aligning sam with your data centre change pr...
AUS Conference 2018_All change - aligning sam with your data centre change pr...
 
Communication & making your ITAM strategy stick Workshop: Barbara Scott, Pres...
Communication & making your ITAM strategy stick Workshop: Barbara Scott, Pres...Communication & making your ITAM strategy stick Workshop: Barbara Scott, Pres...
Communication & making your ITAM strategy stick Workshop: Barbara Scott, Pres...
 
ITAM Best Practices - Knowledge14
ITAM Best Practices - Knowledge14ITAM Best Practices - Knowledge14
ITAM Best Practices - Knowledge14
 
Australia Conference 2018_Boost up your oracle audit defence
Australia Conference 2018_Boost up your oracle audit defenceAustralia Conference 2018_Boost up your oracle audit defence
Australia Conference 2018_Boost up your oracle audit defence
 
Snow Software ITAM Review Tools Day
Snow Software ITAM Review Tools Day Snow Software ITAM Review Tools Day
Snow Software ITAM Review Tools Day
 
Microsoft Audit Defense: Kylie Fowler ITAM Intelligence ITAM Review UK Confe...
Microsoft Audit Defense: Kylie Fowler ITAM Intelligence ITAM Review UK Confe...Microsoft Audit Defense: Kylie Fowler ITAM Intelligence ITAM Review UK Confe...
Microsoft Audit Defense: Kylie Fowler ITAM Intelligence ITAM Review UK Confe...
 
Flexera Software Tools Day 2015
Flexera Software Tools Day 2015Flexera Software Tools Day 2015
Flexera Software Tools Day 2015
 
UK Conference 2018_Data Centre Governance_Chris Morgan
UK Conference 2018_Data Centre Governance_Chris MorganUK Conference 2018_Data Centre Governance_Chris Morgan
UK Conference 2018_Data Centre Governance_Chris Morgan
 
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
 
UK Conference 2018_Boost up your Oracle audit defence_Richard Spithoven & Cat...
UK Conference 2018_Boost up your Oracle audit defence_Richard Spithoven & Cat...UK Conference 2018_Boost up your Oracle audit defence_Richard Spithoven & Cat...
UK Conference 2018_Boost up your Oracle audit defence_Richard Spithoven & Cat...
 
IT Asset Management During a Merger: Preparing for the Incoming Big Wave: Su...
IT Asset Management During a Merger: Preparing for the Incoming Big Wave: Su...IT Asset Management During a Merger: Preparing for the Incoming Big Wave: Su...
IT Asset Management During a Merger: Preparing for the Incoming Big Wave: Su...
 
Australia Conference 2018_The $250BN annual software support and maintenance ...
Australia Conference 2018_The $250BN annual software support and maintenance ...Australia Conference 2018_The $250BN annual software support and maintenance ...
Australia Conference 2018_The $250BN annual software support and maintenance ...
 
Microsoft Negotiation in the cloud era: Kylie Fowler ITAM Intelligence ITAM ...
Microsoft Negotiation in the cloud era: Kylie Fowler ITAM Intelligence ITAM ...Microsoft Negotiation in the cloud era: Kylie Fowler ITAM Intelligence ITAM ...
Microsoft Negotiation in the cloud era: Kylie Fowler ITAM Intelligence ITAM ...
 
ITAM UK 2017 Proven strategies to master SAM in the cloud_George Arezina & Ge...
ITAM UK 2017 Proven strategies to master SAM in the cloud_George Arezina & Ge...ITAM UK 2017 Proven strategies to master SAM in the cloud_George Arezina & Ge...
ITAM UK 2017 Proven strategies to master SAM in the cloud_George Arezina & Ge...
 
Australia Conference 2018_Cloud won't manage itself - a strategic opportunity...
Australia Conference 2018_Cloud won't manage itself - a strategic opportunity...Australia Conference 2018_Cloud won't manage itself - a strategic opportunity...
Australia Conference 2018_Cloud won't manage itself - a strategic opportunity...
 

Similar to In2SAM Audit Defence_ITAM Review Amsterdam April 2016

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealFLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
Black Duck by Synopsys
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
Brenda Majewski
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposal
Dale White
 
Brandon Consulting Overview
Brandon Consulting OverviewBrandon Consulting Overview
Brandon Consulting Overview
Ronan Martin
 
WhitePaper-BuyersGuidePatentSearchAnalysisSoftware-AdvancedAnalysis-Corporate...
WhitePaper-BuyersGuidePatentSearchAnalysisSoftware-AdvancedAnalysis-Corporate...WhitePaper-BuyersGuidePatentSearchAnalysisSoftware-AdvancedAnalysis-Corporate...
WhitePaper-BuyersGuidePatentSearchAnalysisSoftware-AdvancedAnalysis-Corporate...
Chris Takacs
 

Similar to In2SAM Audit Defence_ITAM Review Amsterdam April 2016 (20)

Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What?
 
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
 
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealFLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
 
Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit? Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit?
 
Privacy for tech startups
Privacy for tech startups Privacy for tech startups
Privacy for tech startups
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposal
 
Safety audit
Safety audit Safety audit
Safety audit
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
 
Complinity compliance software
Complinity compliance softwareComplinity compliance software
Complinity compliance software
 
Using Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASFUsing Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASF
 
T CompliIT Compliance: Shifting from Cost Center to Profit Center
T CompliIT Compliance: Shifting from Cost Center to Profit CenterT CompliIT Compliance: Shifting from Cost Center to Profit Center
T CompliIT Compliance: Shifting from Cost Center to Profit Center
 
Alpes strategie v5
Alpes strategie v5Alpes strategie v5
Alpes strategie v5
 
Brandon Consulting Overview
Brandon Consulting OverviewBrandon Consulting Overview
Brandon Consulting Overview
 
SharePoint and GDPR Compliance
SharePoint and GDPR Compliance SharePoint and GDPR Compliance
SharePoint and GDPR Compliance
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough?
 
WhitePaper-BuyersGuidePatentSearchAnalysisSoftware-AdvancedAnalysis-Corporate...
WhitePaper-BuyersGuidePatentSearchAnalysisSoftware-AdvancedAnalysis-Corporate...WhitePaper-BuyersGuidePatentSearchAnalysisSoftware-AdvancedAnalysis-Corporate...
WhitePaper-BuyersGuidePatentSearchAnalysisSoftware-AdvancedAnalysis-Corporate...
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 

More from Martin Thompson

More from Martin Thompson (20)

Wisdom UK 2019: Building the ultimate HAM sandwich - David Foxen
Wisdom UK 2019: Building the ultimate HAM sandwich - David FoxenWisdom UK 2019: Building the ultimate HAM sandwich - David Foxen
Wisdom UK 2019: Building the ultimate HAM sandwich - David Foxen
 
2019 Salary and Skills Survey by The ITAM Review
2019 Salary and Skills Survey by The ITAM Review 2019 Salary and Skills Survey by The ITAM Review
2019 Salary and Skills Survey by The ITAM Review
 
2017 ITAM Review Salary Survey
2017 ITAM Review Salary Survey2017 ITAM Review Salary Survey
2017 ITAM Review Salary Survey
 
Australia Conference 2018_News that shook the itam world in 2018 with resources
Australia Conference 2018_News that shook the itam world in 2018 with resourcesAustralia Conference 2018_News that shook the itam world in 2018 with resources
Australia Conference 2018_News that shook the itam world in 2018 with resources
 
Australia Conference 2018_What you need to think about when implementing micr...
Australia Conference 2018_What you need to think about when implementing micr...Australia Conference 2018_What you need to think about when implementing micr...
Australia Conference 2018_What you need to think about when implementing micr...
 
Australia Conference 2018_Taming the multi-cloud hydra – innovate with confid...
Australia Conference 2018_Taming the multi-cloud hydra – innovate with confid...Australia Conference 2018_Taming the multi-cloud hydra – innovate with confid...
Australia Conference 2018_Taming the multi-cloud hydra – innovate with confid...
 
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
 
Australia Conference 2018_Process Meh
Australia Conference 2018_Process MehAustralia Conference 2018_Process Meh
Australia Conference 2018_Process Meh
 
Australia Conference 2018_Making ITAM Stick – a blue print for organizational...
Australia Conference 2018_Making ITAM Stick – a blue print for organizational...Australia Conference 2018_Making ITAM Stick – a blue print for organizational...
Australia Conference 2018_Making ITAM Stick – a blue print for organizational...
 
Australia Conference 2018_ITAM in 2023 - where is your role heading
Australia Conference 2018_ITAM in 2023 - where is your role heading Australia Conference 2018_ITAM in 2023 - where is your role heading
Australia Conference 2018_ITAM in 2023 - where is your role heading
 
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
 
Australia Conference 2018_How to engage your it security team and fund your s...
Australia Conference 2018_How to engage your it security team and fund your s...Australia Conference 2018_How to engage your it security team and fund your s...
Australia Conference 2018_How to engage your it security team and fund your s...
 
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
 
Australia Conference 2018_Can itam be agile?
Australia Conference 2018_Can itam be agile?Australia Conference 2018_Can itam be agile?
Australia Conference 2018_Can itam be agile?
 
Australia Conference 2018_Building trust, reputation & budget within itam acc...
Australia Conference 2018_Building trust, reputation & budget within itam acc...Australia Conference 2018_Building trust, reputation & budget within itam acc...
Australia Conference 2018_Building trust, reputation & budget within itam acc...
 
UK Conference 2018_7 pillars of a HAM practice_Martin Thompson
UK Conference 2018_7 pillars of a HAM practice_Martin ThompsonUK Conference 2018_7 pillars of a HAM practice_Martin Thompson
UK Conference 2018_7 pillars of a HAM practice_Martin Thompson
 
UK Conference 2018_Software support and maintenance survey_Martin Thompson
UK Conference 2018_Software support and maintenance survey_Martin ThompsonUK Conference 2018_Software support and maintenance survey_Martin Thompson
UK Conference 2018_Software support and maintenance survey_Martin Thompson
 
UK Conference 2018_ SaaS Management - How to save your share of $30bn_AJ Witt
UK Conference 2018_ SaaS Management - How to save your share of $30bn_AJ WittUK Conference 2018_ SaaS Management - How to save your share of $30bn_AJ Witt
UK Conference 2018_ SaaS Management - How to save your share of $30bn_AJ Witt
 
UK Conference 2018. People. Processes. Tools. Three's a Cloud_Rich Gibbons
UK Conference 2018. People. Processes. Tools. Three's a Cloud_Rich GibbonsUK Conference 2018. People. Processes. Tools. Three's a Cloud_Rich Gibbons
UK Conference 2018. People. Processes. Tools. Three's a Cloud_Rich Gibbons
 
UK Conference 2018_SaaS Management - How to save your share of $30bn_AJ Witt
UK Conference 2018_SaaS Management - How to save your share of $30bn_AJ WittUK Conference 2018_SaaS Management - How to save your share of $30bn_AJ Witt
UK Conference 2018_SaaS Management - How to save your share of $30bn_AJ Witt
 

Recently uploaded

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 

Recently uploaded (20)

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 

In2SAM Audit Defence_ITAM Review Amsterdam April 2016

  • 1. Nico Blokland & Sean van Koutrik In2SAM ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 2. Who are we? Nico Blokland Sean van Koutrik •  IT&SAM:-Evangelist, -expert, -coach, -mentor, -trainer, -consultant,… •  Dutch representative at the WG21 for ISO 19770-x •  Husband and father •  Co-owner at In2SAM ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 •  IT&SAM: -Evangelist, -expert, -mentor, -trainer, -consultant,… •  Agile coach and practitioner •  Husband and pilot •  Co-owner at In2SAM
  • 3. What’s In2SAM ? Our name says it all: We Are In2SAM Ø  Based in the Netherlands – acting globally Ø  Distinction: §  Independent from vendors §  Includes Legal and Agile approaches §  ISO 19770-x Ø  We bring solid and future ready solutions to our customers. More than a century of IT&SAM experience. •  Four pillars: •  Processes •  Standards •  Contracts •  Agility •  Best in Class Tooling partners SERVICE PORTFOLIO •  Audit support •  Contract analysis service •  Pre audit assessment •  SAM maturity assessment •  SAM transition projects •  SAM or LM service •  IT&SAM Consultancy •  In2SAM Academy ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 Get your voucher for the Audit Monitor certification course at In2SAM
  • 4. What’s up? ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 •  How to prepare for an audit •  Who to prepare •  Your goals •  The vendors audit goals
  • 5. Who is acting? An Audit Protocol should be in place to guard your organizations procedures and rights ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 Level 1 Level 2 Level 3   Audit Monitor   Legal   IT   System managers, Network managers   Application owners, Database administrators   Architects   Procurement   Contract manager, Buyer   Administrator The different levels that (should) act during an audit Appointed by senior management Appointed by Audit Monitor Appointed by Team managers
  • 6. Level 1 •  Audit Monitor –  Appointed by Senior management –  Sufficient mandate – derived from Audit Protocol •  Audit Monitor’s goal: –  Protect the organizations rights –  Monitor audit process –  Protect the organizations interest –  Use organizations potential. Attention for: Data and Privacy, Security, Commercial, Data protection ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 •  Legal –  Mandate derived from role •  Legal’s goal: –  Protect the organizations rights –  Monitor legislation –  Protect the organizations interest –  make use of the organizations potential. Software Auditor’s goal: Disrupt your audit protocol, ‘ignore’ laws and regulation, protect software creators interest Solution: Ensure the Audit Monitor is in charge (planning and communication)
  • 7. Level 2 •  Who: IT management, team leaders, application owners, contract/vendor- managers and architects •  Goal: Deliver resources for providing required data and information •  Monitors’ goal: –  Not all data is ad hoc available –  not all data can be made available to the auditor due to legal restrictions. –  Check legality, accuracy and availability •  Software Auditor’s goal: get in direct contact with this group, push on planning & delivery, ‘legal or not’ Solution: All requests via a single point of contact (Audit Monitor). Never ever, ever ever, ever ever ever allow direct communication with the auditor (unless supervised by the audit Monitor) Attention for: data and Privacy, Security, Commercial, data protection ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 8. Level 3 •  Who: system/network managers/operators, purchasers/buyers, administrators, database administrators (DBA’s) •  Goal: Actual delivery of required data from systems using discovery, scripts, descriptions, drawings. •  Audit Monitor’s goal: Prevent producing data without a legal basis, gather only effective, checked and accurate data. Put it on a secure network excluded environment •  Software Auditor’s goal: Get as much data and extra information to get the best license proposition towards you – from their perspective and interest !! Solution: Communicate the protocol, ensure all communication and any data is delivered via the SPoC – Audit Monitor Attention for: data and Privacy, Security, Commercial, data protection
  • 9. The Audit Monitor •  Single point of Contact between Auditor and organization; •  Can be delegated in large organisations; •  Controls, informs and manages and all internal involved employees; •  Informs and discusses organizations’ attitude towards the auditor with management and legal department; •  Final check on delivering requested data; •  Supervision on all software auditor meetings (preferably in a dedicated ‘green room’); •  Checks with Legal department on legality of the data requests; •  Checks auditors scripts with security officer and system manager(s); •  Checks the auditors references/credibility; •  Arranges, meetings, admittance, technique (availability). The Audit Monitor cannot be responsible for the actual outcome of the audit Make sure the protocol is followed
  • 10. Recap   Get all internal actors in line with the company goals;   Clearly communicate the audit protocol to the auditor and the software creator/publisher/vendor;   Don’t be pressured in time by the auditor, your organizations schedule sets the speed;   Keep distance, be formal (no first name basis);   Communicate that your local laws apply in all cases; Analyse your (software)contracts (effectiveness/harmfulness);   When in Europe: look at the second hand market to “pré-repair” breaches. Most important: Prevent audits by having a solid License administration / SAM process (internal or external)
  • 11. Questions? ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 12. What’s done? ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 •  Are you prepared for an audit •  Who to prepare •  Your goals clear? •  The vendors audit goals gone?
  • 13. ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016 P.S. for your helicopter pilot license, contact:
  • 14. ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 15. how to effectively react to an audit announcement Workshop Audit Defense: ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 16. Workshop Audit monitor •  Introduction •  Starting point •  Case: audit anouncement/warning –  Work out: (15 minutes) •  Meeh’s Response to auditor DuL / software creator Microsoft (in bullets) •  Internal organization •  Desired outcome –  Gathering data: How and when is it accurate (15-20 minutes) (Belarc) •  Software •  Entitlement –  Discuss some outcomes (10-15 minutes) Remember: Laws & legislation, data issues, communication, organization ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 17. ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 18. ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 19. Tips •  Check and follow your internal audit protocol •  Install an audit monitor •  Communicate your audit protocol and SPOC to the Software Creator or Auditor •  Check: –  Data protection –  Privacy Laws –  Security –  Commercial data •  NDA with auditor •  Check and install SAM process. ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 20. Tips •  Check and follow your internal audit protocol •  Install an audit monitor •  Communicate your audit protocol and SPOC to the Software Creator or Auditor •  Check: –  Data protection –  Privacy Laws –  Security –  Commercial data •  NDA with auditor •  Check and install SAM process. ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 21. ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 22. ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016
  • 23. Audit Protocol Example Content of an audit protocol: 1.  Authority mapping of the organization (sr management, legal, etc.) 2.  NDA, certification levels of auditor(s) 3.  Security rules 4.  Admittance rules to high security environments 5.  Applicable laws 6.  Commercial protection 7.  Data protection 8.  Data/processflow of anouncement untill closure of an audit ITAM Review Audit Defence Workshop, Amsterdam, April 12th, 2016