Three Top Tips for Compliance Documentation After BSA and SIIA Settlements
In a previous post, I introduced the concept of post-settlement compliance following the settlement of audits initiated by the Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA). As noted before, the first step to completing the compliance review process is setting a baseline to determine what software is installed compared to what licenses are owned by the business.
After that baseline is determined (preferably well before settlement in order to avoid running up against compliance deadlines identified in the settlement agreement), the business has a decision to make: Buy or uninstall? For any software determined to be unneeded for any business purpose, the best course of action in most cases is simply to remove it. Where installations are needed, though, the company should be prepared to buy the licenses it requires in order to support the use of that software. Here are three tips to keep in mind when contemplating a compliance purchase in the context of a software audit:
- Wait Especially when a business wisely decides to use the audit scan as the baseline for its compliance initiative, there may be a temptation to pursue a compliance purchase before reaching a settlement with the auditing entity. In most cases, this is a mistake. The release from liability obtained at settlement in BSA and SIIA audits typically allows for a period of time following settlement – usually 30 or 60 days – for the company to make any necessary license purchases. That is the best time to move forward with those transactions, because doing so at an earlier stage may result in a number of licenses that differs from the number of deployments following settlement. In addition, information regarding volume licensing transactions or purchases from publishers rather than from resellers can be reported back to the BSA or SIIA,which could complicate the negotiations process.
- Avoid Spending Money on Paperwork The BSA and SIIA impose relatively strict requirements for the documentation they will accept as proof of license ownership. However, a business’ inability to meet those requirements during the audit phase does not necessarily mean that the business does not own the licenses it needs for a particular product. Where management is confident the company previously purchased licensing that, for whatever reason, it now is unable to document, the company should hesitate before purchasing licenses merely for the purpose of acquiring one or more license invoices. While it is important for businesses to maintain accurate and reliable records of all software licenses they own, the priority at the compliance stage should be acquiring licenses that are known to be needed to support prospective software installations and access.
- Scrutinize Your Vendors One of the most costly mistakes that can be made during post-settlement compliance is purchasing licenses from unauthorized vendors. If the documentation attached to a certificate of compliance includes invoices from transactions through eBay or the Amazon Marketplace, the BSA or SIIA may challenge the documentation and may allege that the company has failed to satisfy its obligations under the settlement agreement. In that event, the business may have no other choice but to re-purchase the licenses through a more reputable vendor, such as Dell or CDW. Before proceeding with any license purchase – in any context – it is important to first confirm that the seller is authorized to sell the licenses that they are offering.