Based on today’s Friday
“Clean up” SAM or How to account the software.
My IT colleagues write a lot about a wide variety of software for private and corporate use, ranging from small plug-ins and utilities to huge complexes for distributed client-server systems.
But I am always surprised by the attitude towards such a thing as software in organizations. The majority (i.e. more than 50%) of those with whom I had to communicate in my profession (middle and senior managers) have no idea at all what is going on with their software. The fleet of cars is being monitored — everything is being monitored, real estate is being monitored, commodity values are being monitored, toilet paper is being monitored, but software is somehow not very good. Most likely, this is due to the immateriality of this “phenomenon” — it is impossible to feel.
But, software is also an asset of an enterprise and is often more valuable than other assets (compare the cost of any abstract proprietary server solution and the cost of an employee’s chair). And it is recommended to keep this asset in order. The science called Software Asset Management (SAM), a software asset management technology, will help us to restore this order.
On May 9, 2006, the international standard ISO 19770-1 “SAM Processes” was released, which can help us in this direction.
So we have an organization with a number of computers from 1 to infinity, there is absolutely any software on the computers. The organization wants to introduce this technology. I will help you.
Step one: Collecting information.
We collect all general information that may relate to software — the number of computers, servers, network structure, location of computers geographically (offices, branches), how the process of software selection, purchase (if we buy), installation, configuration, use, deletion, storage, who is responsible for all these processes,
etc. it is necessary to fully assess what is happening in the organization now, without going into small details.
The result of this stage for small companies will be several lines of text, for large companies dozens and hundreds of sheets can easily come out here.
Step two: Conducting an inventory of the software.
At this stage, we need to collect in any accessible and convenient way absolutely the entire list of software available on all devices of the organization — computers, laptops, servers, PDAs, servers hosted by hosters, personal computers used in work, etc.
Everything that is installed, recorded, saved, etc. on all devices related to the work of the organization, we need to find and put in a single list, this applies to both ordinary programs and all kinds of plug-ins and even third-party fonts.
This process can be carried out in several ways or by combining them:
a) manually through the list of installed software and by examining the contents of hard drives (a small fleet of PCs, remote offices)
b) semi—automatically – we approached the computer with a USB flash drive, launched any scanner we liked, saved the report in a file, went to the next computer
c) completely automatically — by installing a software package for collecting and consolidating such information on the entire network
The result of this stage should be a summary table with a list of all the software found, quantity, location, etc.
Step three: Conducting an inventory of existing licenses.
If an organization has bought software in any form or manifestation at least once, we need this step. We collect all the confirmations of our rights to use the software and related materials received during purchases — certificates, license agreements, boxes, recalculate stickers on cases, installation discs, serial numbers in electronic form, etc. Where to look for all this in your organization, you know better than me — EVERYWHERE. Starting from the sysadmin’s closet and ending with a warehouse with old boxes from equipment.
Also, at this stage, we need to make copies of all documents related to the software, but stored in the accounting department – delivery contracts, invoices, acts of acceptance and transfer of rights, etc.
After collecting, we need to analyze the documents found in order to understand exactly what they give the right to and what they do not (often you can not do without specialists in this field).
The result of this stage will be a summary table with a list of available software licenses and the number.
Step three and a half: Matching two lists.
By combining two existing tables into one common one, we are looking for coincidences and disagreements in them.
If it’s a coincidence, we have licenses for this software and its use is legal.
If there is a discrepancy towards the lack of a license or an extra license, we analyze each case individually.
A small remark — I know what GPL, BSD and other words sympathetic to me are, but at the moment if we have something like Ubuntu in the table of found software, and we don’t have anything mentioning Ubuntu in the table of found licenses and documents, we may have problems.
Here we must reduce the discrepancy of the tables to zero in one way or another.
Step four: Develop procedures.
At this stage, we need the summary information obtained at the very beginning and the ISO-19770-1 standard is very useful.
Here we need to develop internal documents and regulations that will regulate the entire software lifecycle in the organization.
That is, step-by-step instructions describing the necessary actions of responsible persons and ordinary users in specific situations. For example, what should a user do if they need new software to work with. How new software should get into the organization from the outside. How to handle it in the process — installation, use, storage, write-off, etc.
The number and complexity of documents depends on the size of the organization, small ones cost two or three pieces of paper per 1 page, large ones make up a non-acidic multi-volume.
ISO-19770-1 will help us in this matter by providing many templates for such procedures.
These documents will allow you to maintain the order established at the last stage constantly.
Step five: Implementation.
It is almost impossible to apply two or three dozen documents and procedures at once into the established life of the company, we risk paralyzing its work altogether.
Therefore, here we are developing a plan for the gradual adoption of the documents we have drawn up to avoid a shock effect. After the last one has been accepted, it is better to repeat it from the second to the third and a half, if possible, because the implementation of all documents can take quite a long time.
PROFIT!
What is the profit for the organization from this order? I think a reasonable person will understand everything anyway, but I will list some of them:
Saving on purchased software — I have seen many situations when something was bought that already exists, but got lost in the bins or was not bought at all what was needed.
Additional security of the entire IT infrastructure – who has ever had users catch a virus along with incomprehensible software downloaded from the Internet
The ability to plan software costs by formalizing the acquisition process
you can come up with a dozen more points that are not so obvious, but let’s stop here.
If the audience is interested in this topic, I can disassemble each of the five steps into an additional topic, which, in principle, I plan to do soon.
Afterword:
If you search for SAM in Google search, you can see that Microsoft is most actively promoting this technology, this is only due to the fact that it is the leader in the software market and, accordingly, is most interested in restoring order among users (most often it is the shortage of licenses that is naturally revealed).