SAM - what do we need to do?

FASTforward July 2009

Dave Thompson, FAST Consultant, gives advice on the key elements of an effective SAM programme - roles and responsibilities, tools, policies and procedures and processes

Software Asset Management can be defined as:
 
"Software Asset Management (SAM) is all of the infrastructure and processes necessary for the effective management, control and protection of the software assets within an organisation throughout all stages of their lifecycle" (Source: ITIL Best Practice for SAM)
 
Effective SAM programmes will control and protect your organisation's software assets throughout the software lifecycle process. Working through the FAST Compliance Programme will help in controlling software assets, lowering costs and protecting your organisation from the legal risks of non-compliance.
 
Below are a few helpful pointers that need to be implemented in order to start an effective SAM programme.

Approved Applications

Defining a list of approved applications is an important step. How can an organisation implement effective SAM when it does not know which software applications it should be using, managing and therefore licensed for? Once a set of approved applications is agreed, you can start to work your way through the list and reconcile each application against the licences held. The order in which you tackle this list should be based on risk and business priority. Regularly managing this approved list and checking your compliance position will provide peace of mind while dramatically reducing the risks associated with non-compliance.
 
SAM is about roles & responsibilities, controls by way of policies and procedures, tools and processes. Tools are very important and are used to police policies and procedures and to assist with the SAM processes that you build around them. Below I have given some pointers to each of these important components of SAM:

Tools

There are numerous tools that can assist you in implementing an effective SAM programme. The functionality of these tools vary from vendor to vendor. To implement an effective SAM programme, you need your toolsets to do the following as a minimum:

1. Software Discovery Tool
There are numerous software discovery tools.  The primary goal of a discovery tool is to provide software install count & usage information for all the devices across your organisation's estate.  Here are some things to consider when looking at discovery tools: 

They can help in creating the approved application list as discovery tools provide a list of  all software applications installed in your estate. However, you need to be aware that the accuracy of the recognition varies and some are better than others at providing the information in a meaningful format.

Discovery tools often get things wrong when it comes to recognising applications especially individual components of suites against the actual suites themselves. This can be exacerbated by the recognition method used by the tool.

For example, if your tool uses the 'add and remove programs' list for recognising installed applications it could miss applications that do not write to the Microsoft system registry. If you have installed MS Access 2003 from an Office Professional CD, a tool using a deeper executable scan may reveal MS Access 2003 but the tool using the registry scan may show Office Professional 2003. This can cause confusing and be the catalyst for incorrect decisions being made around licensing.
 
2. Licence Entitlement Management
There are a few specialist licence management tools available but the market is not as populated as the discovery tool market.  The primary goal of a licence management tool is to provide information on all software licences you have purchased and allow you to manage other related software assets. Some organisations use Microsoft Excel to track how many licences they have purchased. However, effective licence management can be difficult when using Microsoft Excel because it can not act dynamically to show changes in your compliance position or manage upgrades and downgrade rights effectively. Based on feedback from FAST customers, we have developed our own licence management tool, FAST Compliance Manager (FCM). This tool is free to all FAST customers and can import the software usage reports and reconcile it against your licence entitlement to produce compliance reports.

Roles & Responsibilities

No matter how small or large your organisation, you need SAM. An effective SAM programme requires defined roles  and responsibilities dedicated to the programme. In smaller organisations, one person may have multiple roles, where as larger organisations should have dedicated roles for the programme.  Below are some examples of SAM roles:
 
Primary roles
Management sponsor:  Provides sponsorship and commitment to SAM in the organisation.
Director with legal responsibilities: Normally part of the board of directors, acts as the driving force for SAM.
SAM process owner:  Responsible for the effectiveness and efficiency of the SAM processes.
Software Asset Manager: Responsible for the management of all software assets.
Tools Manager: Responsible for the management of the tools providing the data for the SAM programme.
 
There may be people in other roles (such as Config Manager, Security Manager, Change Manager) who contribute significantly to SAM in your organisation. The importance of these roles will need to be defined prior to embarking on your SAM programme.

Policies and Procedures & SAM processes

In general, all organisations have policies and procedures. They should be thought of as a guide to how things should, and sometimes should not, be done in your organisation. Policies and procedures should be designed around general IT governance and should be able to accommodate the intrinsic SAM processes.

The following should be included in your policies and procedures around SAM and the asset lifecycle:

• How a user requests software procurement
• How the IT department deals with a software procurement request
• How a user triggers software disposal/how a PC refresh program works
• How IT manages software disposals and re-harvests licences back into the organisation's estate (optimising licences)
• How users and IT departments deal with adds/changes/deletions/leavers from a software/technical point of view

Organisations should aim to create 2 sets of policies and procedures, one for users/managers and the other for the IT department. The policies and procedures for users/managers should contain general IT guidelines and the IT department's polices and procedures should act as a guide book, providing a step by step guide of how to handle requests from users.

Process

Process documents should be created to provide detailed descriptions of software procurement, deployment, retirement and disposal. You can also add process documents around how to conduct an audit, create a visual workflow of how to manage add/moves/changes/leavers as well as draw complex procedures that IT need to follow when doing certain technical procedures (change of password, setup phone system, how to recover data from backups, disaster recovery site manual etc).

 

How FAST can help

Organisations working on the FAST Compliance Programme have access to many resources to help them establish effective SAM. However, if a lack of resources or in-house skills are preventing you from executing your SAM plans, we can help.

The FAST Consultancy and Professional Services team has designed and implemented customised SAM solutions for many organisations. If you're not confident about your current software licence position or need help with any aspect of the FAST programme or your SAM project, look no further.