A recent court decision shows that software vendors can face legal challenges when undertaking software audits. Challenges may form part of a customer's strategy for handling a request to audit or undertake some other software asset management exercise.
Vendors such as Microsoft, SAP and Oracle frequently undertake software audits that are problematic for CIOs. Wigley + Company
Although vendors have a legitimate interest in checking that customers are not using more licences than they have paid for, many CIOs feel that they are the victim of unduly complicated licensing models and audits that don't take into account a more holistic approach to the customer's licensing position. They feel that the vendor's audit operation is just another profit centre.
The situation is compounded by the fact that large vendors are often experts at playing the audit game, taking a careful and tactical approach. Customers can end up feeling like they have few options but to comply with each and every request or demand surrounding an audit.
This need not be the case. A strong understanding of the licensing position and audit requirements, against the specifics of how the software is actually deployed, can help protect a customer from a vendor that overreaches. It also equips the customer to robustly check and challenge the results of an audit.
There are strong legal, commercial and technical components in responding to an audit. The lawyers and IT team need to work closely to assess the situation and respond appropriately and strategically at each stage. After all, organisations often end up having to line up complicated license agreements and models against complicated environments and deployment scenarios.
The case below illustrates how there can be options for challenging the vendor's audit clause. This sort of approach could be an option to consider as part of the overall audit response strategy.
The English judgment, 118 Data Resource v IDS Data Services, shows that vendors can face real problems when relying on the audit clauses in their contracts. Essentially, these clauses tend to be quite short form, and leave gaps to be filled. In the English case, the court refused to fill those gaps. The court went further and said that, even if the gaps were filled, it wouldn't force the customer to enable access to allow the audit to be done. The net result was that the customer stopped the audit proceeding.
The case involved 118 Data licensing a database to IDS. The principles are the same for software licences. Under the licence agreement, the licensee could retain only one copy of the database and could sub-licence the database so long as particular terms were met, such as that there was to be no sub-licence to a competitor of 118 Data, the licensor. However, in breach of the licence, the licensee did sub-licence the database to a competitor of the licensor. The licensor suspected wider breaches as well.
Sign up for CIO Asia eNewsletters.