In the IT world, we have a tendency to envision end users as an occupational hazard—a risky yet inevitable part of our profession. After all, it appears employees will install just about any application they can get their hands on without regard for the potential licensing implications, compatibility issues, security holes, or bandwidth consumption. But can they be blamed? They’re trying to do their jobs just like us, but without the advantage (or curse) of understanding the budding implications of their actions.
What we rarely acknowledge is that the responsibility is on IT leaders to make sure human resources have the information they require—and are held liable—to make good decisions. It all begins with an evidently articulated and efficiently communicated software usage policy that educates end users about the significance of complying with a set of basic standards.
Such a policy shouldn’t be long and infused with technical jargons. In fact, the shorter and simpler the guidelines, the greater likelihood it will be read, understood, and, most importantly, adhered to.
Not only can a suitably developed software usage policy serve to control risky behavior, but it will also breed goodwill among software publishers when and if they decide to audit you. If a vendor sees your organization making a painstaking effort to prevent the use of unlicensed software, they’re more likely to treat you as a partner rather than a criminal throughout the software audit process.
The nature of your software usage policy should depend on the size, geographic dispersion of your organization and diversity of your software ownership, as well as the sophistication of your end users and their technology requirements.
As you craft your software usage policy, here are some points to consider:
ü Rationalize
the need for software usage policy
Elucidate why a software usage policy is imperative from legal, security, and IT management standpoint.
ü Software purchasing guiding principle
If all purchasing must be done through IT or finance, clearly communicate the procedure for requesting software. If staffs are permitted to purchase software for business use, be sure to cover the following, if appropriate:
Ø Are there circumstances in which purchases necessitate approval, for:
§ Certain types of applications?
§ Purchases over and above a certain cost?
Ø Is there a list of approved vendors?
Ø Is there a “black list” of applications, like:
§ Software that’s incompatible with other applications or systems?
§ Non-work related software?
Ø How should purchases be standardized?
ü Policy enforcement
Elucidate how you propose to put into practice the software usage policy and, detail the penalty for non-adherence.
- Do you intend to monitor usage?
- Explain the consequences on failing to comply – Repercussions on the company and the individual
ü Software installation procedure
Communicate to employees that understanding software contracts can be both difficult and risky, and urge them to seek out clarification rather than make assumptions about what’s allowed under the terms of a license agreement. To protect your organization, you may desire to require authorization or altogether ban certain activities. For example:
Ø Should employees be allowed to:
§ Install commercial software?
§ Install freeware or shareware? If so, are there any limitations?
§ Uninstall software? If so, how should this be documented?
Ø Should employees be required to obtain authorization in order to:
§ Transfer or copy software to another machine?
§ Load organization licenses onto a home machine?
In the end, your aptitude to successfully administer your software assets depends not just on the processes and technology you have in place to control what’s installed and being used in your facility, but also on your skill to institute, communicate, and implement a strong and comprehensible software usage policy. As a matter of fact, it should be a cornerstone of every organization’s IT asset management strategy. Not only will it make your network more secure, and compliant, but it will make your job a heck of a lot easier.
