The Queensland Government is expected to be an example of good practice in adhering to the requirements of the Commonwealth Copyright Act 1968 and the law of contract. When an agency purchases software, they are merely purchasing the right to use the software in accordance with the terms of the licence. A licence is a contract between the software manufacturer and the purchasing agency, detailing the type of licence and terms of use of the software purchased.

Under the Financial Management Standard 1997, software is not recognised as an asset unless it has a value of over $100,000. From a financial accounting point of view licences have a bookkeeping value and may be completely written off, however industry standards suggest that software in use should be treated as an asset. The impact of not doing so means running the risk of not being compliant, incurring the cost of external audits and unwanted publicity, potential civil and criminal sanctions, sub-optimal ICT costs and compromising security.

As a result of the growing need for the management of software as an asset, there are a number of industry standards which agencies may also use when establishing software licence management practices including ISO/IEC 19770-1 Information technology - Software Asset Management (May 2006).

Agencies should ensure that Software Licence Management is addressed in ICT resource strategies and planning activities. An ICT Resources Strategic Plan assists agencies to assess their ICT resource goals and determines and documents the agency's ICT needs and funding requirements over a 4 year period (minimum) and needs to be reviewed and updated annually. For further information please refer to Information Standard 2 - ICT Resources Strategic Planning.

Software purchasing has several unique considerations separate to normal ICT purchasing activities, such as the fact that you do not "own" the software purchase, and the existence of a unique Vendor/Reseller Relationship. An understanding of software purchasing challenges will allow agencies to achieve best value for purchases and provide improved services to customers. For further information, please refer to the following links and documents located in the IS45 toolbox:

• Information Standard 13, ICT Procurement;
• Software Purchasing Best Practice Guide; and
• Centralised Software Purchasing - Reference Sheet

The Queensland Government Chief Information Office, SAM Establishment Project is responsible for the development of a SAM best practice framework. This framework will include a SAM Capability Baseline Study, work plans to guide agency SAM activities, certification of SAM policies and a variety of templates and tools to support agencies in implementing SAM across their organisation. These tools can be accessed through Software Licence Management Implementation Toolbox.

Gaining commitment and support from agency senior management for the importance of sound governance and planning practices for software licences, is a critical step in the overall process of implementing and maintaining a successful licence management framework within the agency.

It is suggested that agencies first develop a business case to gain support for software licence management in the agency. This document should clearly outline the strategies and program of work which will be required to establish and maintain a robust framework and system in the agency. Further details of issues which should be highlighted in business cases and/or strategies are located in the Best Practice Guide for Third Party Software Licence Management.

Efficient and effective planning of software licences in the agency will:

• determine the number, type and details of all software currently installed across the agency;
• establish requirements for software and maintenance upgrades;
• determine where licences are not utilised in the agency;
• budget for accurate costs for current and future software purchases;
• manage the risks associated with the use of illegal software; and
• compliance with software licence conditions are being adequately monitored.

To increase the level of capability across Government, certified SAM training will be sponsored by the Queensland Government Chief Information Office. Employees working in ICT procurement/policy or service delivery are encouraged to attend. Further details may be obtained by emailing: ICTfunding@publicworks.qld.gov.au

An agency secondment program within the Queensland Government Chief Information Office has been established as a centre of excellence for software licence management. Employees from agencies will be seconded on a rotating basis to work on the implementation of a best practice framework across Government.

Depending on the agency structure there may be one overarching policy, which outlines the directive for the agency as a whole, with each separate entity/ agency portfolio formulating policies specific to their business requirements and functions.

Generally speaking a policy document is a high-level statement of an organisation's beliefs, goals, and objectives. A policy should not be a specific and detailed description of the issue and each step that is needed to implement the policy. Policies should be consistent with current agency documentation standards and practices.

The primary issues which the agency needs to consider when managing software licences across the agency include policies which address the direction, scope and approach to licence management including software media and licence record retention.

The risks involved in not proactively managing software licences will vary across agencies and will be largely dependant on the size and complexity of the agency software environment. However, the key issues that all agencies need to address include:

• legal implications of software piracy;
• potential breaches of software licence terms and conditions;
• financial and legal risks of being under licensed;
• financial implications of over licensing;
• potential security breaches and viruses;
• no technical support or product upgrades; and
• software compatibility issues.

An assessment matrix has been developed to assist agencies to quantify these risks based on a set of agency specific assumptions. Further information can be found in the Current Software Licence Management Risks - Assessment Matrix Reference Sheet.

Further details on managing the risks involved with software are located in the Best Practice Guide for Third Party Software Licence Management.

An awareness of the risks involved and importance of vigilance in managing software licences should not only be addressed with employees in the ICT area, but with all agency employees.

Agencies should ensure that policies relating to software use are communicated to all employees particularly the issues of software piracy and terms and conditions.

A tool kit has been developed to assist agencies with staff communication on the importance of software licensing management. Further details on this tool kit can be located through the Software Licence Management Implementation Toolbox.

One of the key factors which will guide the planning and implementation of software licence processes and frameworks, particularly in large agencies, is where and how the management of the framework will be undertaken. Software licences and media should be centrally managed within the agency to ensure that the agency as a whole benefits from the framework and controls any legal risks.

In terms of volume licensing contracts, central management is key to ensuring that the agency is able to report and review its ongoing compliance with the terms and conditions of the contract. If centralised, the agency processes and systems, should provide improved links to the agency ICT resources strategies and plans along with the potential for cost savings in future software purchases.

In most organisations the role of managing deployment and monitoring of software and licensing invariably falls within the ICT area, with the procurement area managing the purchase of software including the negotiation of contract terms and conditions. However there are a number of other roles which should be identified and resources assigned which may fall outside the traditional roles within the ICT or procurement areas and are considered industry best practice for the effective management of software. The framework is based on roles and responsibilities outlined in ITIL Best Practice for Software Asset Management and ISO/IEC19770-1 Information technology - Software Asset Management - Part 1: Processes.

Agencies are encouraged to identify and secure resourcing for the roles outlined in the Software Licence Management Roles and Responsibilities Framework - Reference Sheet to ensure the ongoing support and improvement of the Agency's SLM Framework, i.e. the policies, procedures, strategies, tools, work instructions and standards relating to SLM within the Agency.

Further details on the roles and responsibilities which should be considered when establishing processes and frameworks for managing software licensing are located in the Best Practice Guide for Third Party Software Licence Management. 

Although managing software licensing is an ongoing process there are a number of initial stages and key steps which should be undertaken. The key steps are:

Stage 1 - Preparation	Step 1 - Preparation and Planning
	Step 2 - Develop/Review policies and procedures; training and awareness programs
Stage 2 - Getting there	Step 3 - Conduct an audit of software
	Step 4 - Develop, populate and maintain Software Register/Software Licence System
	Step 5 - Determine and record licence types and numbers
	Step 6 - Determine and record media types
	Step 7 - Conduct a gap analysis
	Step 8 - Audit software requirements
	Step 9 - Purchase, pool or unstill
	Step 10 - Review licence agreements
Stage 3 - Staying there	Step 11 - Ongoing review
Stage 4 - Proving you're staying there	Step 12 - Audit and Review

A checklist has been developed to assist agencies in preparing, implementing and maintaining a framework. Further details on steps involved in developing a framework are located in the Checklist - SLM Implementation Toolbox Reference Sheet and the Best Practice Guide for Third Party Software Licence Management.

Once the initial steps are taken the agency needs to ensure the ongoing success of the software licence management framework, by establishing and implementing procedures and governance in the operational environment. Therefore the development of software licence related procedures are a critical component of the overall framework.

Many of the procedures relating to the management of software will already be in place within the agency, for example, software installation. However it is essential that procedures are reviewed to ensure that the lifecycle of software licences is addressed, for example, how often licences will be audited, how will the retirement of licences managed, how will media be managed. A good starting point would be to document the current agency framework for managing licences and any potential problems or gaps.

Details of suggested processes and procedures in the lifecycle of managing software licences are included in the Best Practice Guide for Third Party Software Licence Management.

The selected technologies and tools required to successfully implement and manage software licences should integrate easily with the existing agency platforms and architecture. The number and complexity of tools used will vary with the complexity of the agency software environment.

A number of tools including deployment, discovery, metering and demand, licence and contracts can be used to provide a complete solution for managing software licences across the agency. Further details of tools and technologies are included in the Best Practice Guide for Third Party Software Licence Management.

Ongoing compliance checks and monitoring are critical to the success of the agency software licence framework. Procedures for the annual review and compliance with the agency software licence management policies and practices should be developed and implemented to ensure that risks and changes to the software environment and licence terms and conditions are being adequately managed. It is suggested that a quarterly review of the agency software inventories and licence registers are conducted to verify licence compliance.

Sections of the software environment may be checked at different times to determine that software policies and procedures are being adhered to. For example there may be a timetable put in place to examine specific parts of the software inventory on an annual basis prior to when maintenance contracts are due or random sampling of workstations to check for the accuracy of inventories. Details of suggested audit and monitoring processes are located in the Best Practice Guide for Third Party Software Licence Management.

• ICT Procurement (IS13);
• Use of ICT facilities and Devices (IS38);
• Information Security (IS18);and
• ICT Resources Strategic Planning (IS2).