In the previous post in our six-part series on understanding the FedITAM Framework, we covered the questions that the GSA recommends answering as part of purchase management, one of which touched on contract terms and clauses. But because it’s such a complicated, error-prone, and potentially costly part of the overall IT asset management process, the FedITAM Framework sets apart managing contract compliance as a process area in its own right.
Three Questions to Ask When Managing Contract Compliance
The FedITAM Framework contains three questions to help you ensure that you’re meeting contractual obligations in your hardware and software use:
What installed assets expose us to piracy liabilities because they lack licensing agreements?
While this shouldn’t apply to many, if any, of your software assets (it seems like every bit of software comes with a huge, impenetrable licensing agreement), it’s worth checking for the odd utility or script that has no apparent restrictions on use. Keep an eye out for abandonware, software that’s no longer supported by its developer. Though you’d think such software would be considered public domain and free from installation and use restrictions, you’d probably be wrong. The license agreement in force when the software was originally installed still applies, and in the unlikely event that the copyright holder wanted to enforce that copyright, you’d be liable. Also check the terms on any open source software you’re using — despite being “free” software, there are restrictions.
Do our installations exceed authorized licensing?
Periodically review any volume licensing agreements to ensure that installations are within authorized limits, paying particular attention to software installed on client systems via your network. If your ITAM solution continually tracks software installations and lets you easily generate variance reports, knowing whether you’re on the right side of your licensing agreements should be relatively simple.
Are agencies in compliance with contract terms and are software and hardware vendors in compliance with federal policies?
It’s not enough that you’re compliant — your vendors must be, too. Avoid issues by sticking to vendors listed as approved in your ITAM/ITSM solution.
In the next post in this series, we’ll cover the questions public sector IT managers (and private sector IT managers, for that matter) should be asking as they manage IT asset inventory usage and retirement.