Guidelines On Software Asset Management


Guidelines on SoftwareAsset ManagementVersion 0.3

Contents1 Introduction . ‐ 2 ‐1.1 Issues and Challenges . ‐ 2 ‐1.2 Need . ‐ 3 ‐2 Software Asset Management (SAM) . ‐ 3 ‐2.1 Key Procedures for Implementation . ‐ 4 ‐2.2 Governance Structure . ‐ 5 ‐2.3 Implementation Details . ‐ 7 ‐2.4 Strategic Control . ‐ 9 ‐2.5 Security . ‐ 11 ‐3 Audit and Compliance . ‐ 11 ‐4 Maturity of SAM Policy . ‐ 12 ‐5 SAM Tools . ‐ 14 ‐6 Benefits of SAM. ‐ 16 ‐7 Ackowledgements . ‐ 18 ‐8 Annexure A: International Standard on SAM. ‐ 19 ‐9 Annexure B: SAM – Indian eGovernance Examples . ‐ 20 ‐

1 IntroductionThe growth of ICT and in particular web based technologies has transformed the interactionbetween the Government and its service seekers. Today, Governments worldwide want to usethe potency of ICT to deliver end to end services right at the citizen doorstep, anytime and atminimum cost. ICT is increasingly being seen as the only way to improve governance. With theincrease in accessibility to Internet and mobile technology, citizens themselves are expectingmore and more online information and services from governments.The National e‐Governance Plan (NeGP) was approved by the Government of India in May,2006 in order to promote e‐Governance on a massive scale. Until the formulation of this plan,e‐Governance was a subject purely driven by individual effort rather than a national vision. TheNational e‐Governance Plan is basically a shift in the approach and methodology followed bythe Departments to implement ICT initiatives prior to its formulation. Lessons and experiencesfrom past successful and failed ICT initiatives both national and international have beenblended in the new NeGP approach and methodology.The National e‐Governance Plan seeks to lay the foundation and provide the impetus for long‐term growth of e‐Governance within the country. The plan seeks to create the right governanceand institutional mechanisms, to set up the core infrastructure and policies and to implement anumber of Central, State and Integrated Mission Mode Projects, with well defined servicelevels, to create a citizen‐centric and business‐centric environment for governance.Implementation of e‐Governance projects is a highly complex process requiring provisioning ofhardware & software, networking, change management and capacity building. This is a perfectscenario for the deployment of a robust software asset management policy.Software is an intangible asset protected by copyright and contract law. Due to its intangiblenature, software presents unique challenges in terms of asset management. This challenge isfurther compounded when it comes to the management of software assets for an entity aslarge and complex as the Government of India.1.1 Issues and ChallengesInformation Technology has fundamentally changed the way we communicate, deliver services,access/store/transmit information, conduct businesses and undertake daily online transactions.As the Government undertakes critical and widespread e‐Governance projects and transactswith citizens and entities, through computers and network, powered by software applications,managing IT assets has become a challenging and important task.Some key trends/challenges being faced by organizations today are: Management of all strategic IT assetso Licenseso Upgrades‐2‐

o Documentationo Software versionsMore client machines (PC/Laptops) and Mobile Devices connected to unsecurednetworks.Increasing frequency of virus and security attacks.Increasing frequency of client security patch releases.Wider usage of open source and licensed software with differing licensing agreements.Many License agreements require mandatory periodic independent auditsAn effective Software Asset Management (SAM) framework will ensure that the Department isready to deal with the challenges posed above and at the same time complies with theregulatory, legal, IPR and security requirements of the Software being used.1.2 NeedIn order to establish a Software Asset Management Framework, a need has been felt toestablish a Guideline for the Departments executing e‐Governance projects which can be usedto institutionalize policies and procedures specific to the Departments while following the basicprinciples of SAM. The purpose of this document is to provide practical assistance toGovernment of India departments in maintaining a framework for the management of softwarelicenses and associated media. Implementation of the guidelines will provide assurance todepartments and the Government that: a clear management policy for projects for open source, licensed and customizedsoftware is established. project based software assets are integrated with existing software assets in thedepartment. a clear software asset ownership policy covering the entire asset life‐cycle of the assetsand project is established. to prevent use of illegal software. to comply with software license conditions is adequately monitored. there are the appropriate number of licenses for each item of software in use. there are effective controls in place for the physical security of software media.Recognizing that various Departments differ in their goals, operations and their composition,the guiding principles are designed to serve as the common denominator allowing Departmentssufficient latitude in creating Department specific plans while providing a unifying platform forall Government asset management efforts.2 Software Asset Management (SAM)According to the Information Technology Infrastructure Library (ITIL), SAM is defined as “ all ofthe infrastructure and processes necessary for the effective management, control andprotection of the software assets throughout all stages of their lifecycle.”‐3‐

SAM is a business practice designed to reduce information technology costs, limit risks relatedto the ownership and use of software, and increase IT and end‐user efficiencies. ISO 19770Standard is the international standard on Software Asset Management (SAM) – Annexure 1.2.1 Key Procedures for Implementation2.1.1 There are a number of key issues that guide the initial planning and implementation of aSAM framework that should be addressed before developing an implementation plan. Theseinclude, but are not limited to: Gaining senior management supportAn assessment of the risks involved in not implementing a framework: over‐licensing,under‐licensing, increased expenditure, security breaches, software compatibility issues,lost time and lack of technical support and product upgrades.An assessment of benefits of implementing a framework: savings through purchasingonly what is needed when it is needed, employees being able to work more efficiently,assists with the compilation of an accurate budget, ability to manage and monitor usageto link with ICT planning.The development of a business case to demonstrate the effectiveness of the frameworkConsideration of what functions may be centralized: for example, license management,procurement and software asset registers.Long term management: including continuous improvement, upgrades, compliance andaudits2.1.2 Software needs to be controlled throughout its entire lifecycle, form the initial request tode‐installation from a machine. The Lifecycle diagram below (fig. 1) outlines all of the keyprocedures that should be established to support and maintain a successful framework.‐4‐

Figure 12.2 Goovernancee Structuree2.2.1 NeGPNcompprises of coore and suupport infraastructure componentts and at present 277Missionn Mode Prrojects (MMPs). In orderoto managemthe complexxities involvved in theeimplemmentation of the Mission Mode Projects,Pexxpert resources in thee areas of Technology,T,Project Managemeent, Changee Managemment, Cyberr Security and Legal neeed to be availableaonnfull timee basis at thhe individuaal Departmeents/ Line MMinistries off the Goverrnment of Inndia.2.2.2 MissionMMoode Projeccts are owwned and spearheaded by varrious Line Ministries//Departmments. Thee Line Ministries/ deppartments aare solely responsiblere for all the decisionssconnectted with thheir MMP fromfconceeptualizationn, design, developmendnt, implementation toooperations and maaintenance phase.2.2.3 GovernanceGdinn Figure 2 is suggested in the Operational Guidelines1Structure depictedissued by Dept. of IT, GoI. ThisTsectionn describes various eleements of Governance Structureewhich have to be leveraaged for retaining the Strateegic Contrrol within the LineeMinistryy/Departmeent. Furthincluding Roles andher detailss on Govvernance StructureSdResponsibilities aree provided in Operatioonal Guidelines. The suuggested Goovernance Structure issmentioned below.1The Guiidelines are avvailable at files/dit/filees/Guidlines OOperational MModel V42 2231210.pdf‐5‐

Figure 2: The Governance Structure as per the Government of India Operational GuidelinesEmpowered Committee (EC), with Secretary of the Line Ministry as its Chairman, shall beresponsible for overall guidance, for deciding policy level matters and to act as final body forapproving all deliverables relating to the Programme and also take up responsibility ofmonitoring of implementation of Software Asset Management Guidelines.Central Project e‐Mission Team (CPeMT) is headed by a senior domain representative from theLine Ministry as the Project Mission Leader. The Central Project e‐Mission Team (CPeMT) hasthe overall responsibility of project design, development, supervision, guidance, evaluation andmonitoring of the implementation, business process re‐engineering implementation of an e‐Governance project and shall be responsible for exercising Strategic Control. To effectivelymanage various activities of the project development and implementation, various subgroupscould be formed under CPeMT to support its activities. The two key subgroups are CentralTechnical Team (CTT) and Process Advisory Committee (PAC). Central Technical Team (CTT): The responsibility of CTT inter alia includes providingtechnical leadership and ensuring Strategic Control over the project and management ofall Strategic Assets. CTT shall be responsible for implementation of SAM Guidelines. Process Advisory Committee (PAC): PAC is responsible for providing process level inputsand functional requirements.Head of Dedicated Project Team/ Chairman of CTT to be overall responsible for SAMThe Dedicated Project Team will assist the Mission Leaders of the MMP’s and other IT initiativesby providing strategic direction and leadership to ensure the project are implementedsuccessfully, the outcomes envisaged from the project are realized and ensure implementationof SAM Guidelines as per the details given below in Para 2.3.3.‐6‐

2.3 Implementation Details2.3.1 The implementation of SAM involves four stages: Initiation Assessment Prioritization ImplementationInitiation: Commitment and support of senior management Formulation & formalizing the SAM strategy Defining policies & initial proceduresAssessment: Manual inventory of software Automatic inventory using software inventory tools Mapping of licensesPrioritization: IT strategy IT budget Usage pattern Legal/Regulatory considerationsImplementation: Implement technology Implement people processes Implement processes and procedures2.3.2 A flowchart to practically implement the four stages:‐7‐

S 1StepImplemeentation PlanAssiggn Roles &respoonsibilitiesStep 2w policies &Develop / ReviewprocedureesTraining & awaarenessprogrammsStep 3Conduct an audit ofosoftwareStep 4Develop, popullate andmaintain, SofftwareRegister/Softwarre LicenseSystemmStep 5Determine and recorrdlicense types & numbbersStep 6Dettermine and recordmedia typesStep 7Conduct gap analysiss onlicensesStep 8Audit of softwareArequirementsS 9StepPurchase, poolp or uninstallsooftwareStep 10Review LicenseAgreementsOngoingg review andcompliaance audit ofsoftware, liicenses, mediaand processespFigure 3Figure 42.3.3 Rooles and Reesponsibilities of Dediccated Projeect Team for SAM:Establisshing Organnization Poliicies Establish a SAM cell withinwthe Deedicated Prooject Teamoftware usee, copyright and personnal softwaree usag

to comply with software license conditions is adequately monitored. . Conduct an audit o software Step 5 Determine and recor license types & numb Step 7 Conduct gap analysis licenses ct Team fo oject Team al software nd retirem sfer of lice f d ers Det on A r SAM: usage pol ent of Softw nses Step 6 ermine and record media types Step 8 udit of software requirements Step 10 Review License .