|Dear Sam,The BSA is asking to audit me, what should I do?|
But, before we begin, who is BSA? The Business Software Alliance (they have officially changed their name to BSA | The Software Alliance) is a trade association. BSA calls itself the leading advocate for the global software industry before governments and in the international marketplace. BSA offers their members compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.
BSA helps its members guard against software theft by taking legal action against end-user license infringement. Their membership list is impressive, including Adobe, Autodesk, IBM, Microsoft, Oracle, Siemens, and Symantec, among others. As many organizations know, many of BSA’s members also run their own license compliance programs.
I reached out to those who have engaged with BSA and learned the following four tips. Here is what you should do when you receive the letter:
- Carefully read the letter. Be clear about what it is asking for. If you are not sure, engage your counsel or engage the services of experienced IP counsel. Just search Business Software Alliance and audit, and you will find a host of law firms which assist in negotiating with BSA. If you need time to digest what they are looking for, let BSA know you need more time to respond.
- Do not go out and buy software. BSA looks at dated receipts and invoices. Software acquired after the date on the audit letter is not considered authorized software.
- Do not change your processes regarding removal of software – do not remove software in a knee jerk reaction to the audit letter. Remember, the BSA is generally tipped off by a former employee who may have shared information with BSA. If however, you have been using a system to automatically reclaim unused software for some time (such as AppClarity: Reclaim), you are not expected to change your ongoing business as usual IT processes in response to the audit letter.
- Ensure the confidentiality of information. You should make it clear that any information provided to BSA is confidential and protected from being discoverable evidence during litigation
It is important to note that most BSA reports alleging piracy come from former employees. Often, these are called ‘disgruntled’ employees as they contacted BSA (possibly in return for an award) alleging unlicensed software in your own organization.
So, is there a way to prevent my getting audited by BSA?
The short answer is no. While there are numerous articles suggesting BSA mainly targets small to mid-size businesses, reports of piracy from disgruntled employees are possible from any size organization. A current, or former employee is much less likely to allege piracy if you have policies and processes in place that ensure authorized software. Ask yourself the following key questions:
- Do I have an ITAM policy in place? How regularly is it communicated to staff?
- How often do I review my software installations against my license entitlement records?
- How do we go about acquiring lawful software – is it centralized?
- Do we maintain policies around our software life cycle?
If you can’t answer these questions, you are asking for an audit (whether it be from BSA or a software vendor).
1E has a wealth of resources that can help organizations of all sizes get compliant, or get more from their existing IT assets. AppClarity provides a precise straightforward view of the software installed and active across the enterprise – empowering organizations by delivering total visibility into their software estate. Shopping enables IT departments in some of the world’s largest organizations to automate software delivery – equipping users with the software they need in minutes versus hours or days. 1E’s suite of products is dedicated to simplifying and speeding up the entire software lifecycle. To learn more, please visit https://www.1e.com.
Ask your own question of Sam at /ask-sam/