Prep is everything when you’ve got an IT vendor compliance audit looming. There is only one way to calm the pre-audit yips and that is to put the time in to make sure everything’s ready.
So, you think you’re ready for your next compliance audit? Great stuff, but wait a sec – have you considered absolutely everything? There could be some nasty risks lurking in the way you use software and licenses, and they catch lots of companies out come audit time. Let’s take a peek…
You’re using software for a different purpose than you bought it for
Some license types come with restrictions, such as only permitting use in non-production environments, for example. It’s sometimes cheaper to buy these licences rather than getting unrestricted ones and very easy to forget about the restrictions after a few years. If you do, and you start using the license for a restricted purpose, you could be on thin ice. Well worth digging out those license terms from a few years ago then.
Product usage rights changed and no one told you
What?! Product use rights can change at any time? Yup, they most definitely can, and you might not have heard about the changes. Time to look for the latest updates and check that all is in order.
You’ve upgraded your software or hardware recently
This one can be a real head-scratcher. If you upgrade your software or hardware, which product use rights apply – the ones that came with your original purchase or the new ones? Further food for thought relates to your support agreement – will this be affected by the upgrade? Unfortunately, there’s no universal answer to this one, as it all depends on the supplier.
You’ve misinterpreted the licensing definitions
This catches so many companies out – they assume one thing from the license definitions, but the supplier means something else. You all need to be on the same page or you could end up in a supplier’s compliance bad books.
You bought software licenses from an ISV by accident
When you use an independent software supplier for complex solutions that are specific to your industry, you could also end up with third party software. Some companies don’t even know this software exists, so it isn’t on their compliance radar. If you buy from an ISV, this is always one to check.
Don’t worry – it’s not as scary as it all sounds. All you need is a magnifying glass and a fine tooth comb for those terms and conditions and you’ll be just peachy.