A Chief Information Officer’s Guide to Mitigating Costs Amid Software Copyright Disputes and Audits

At this stage, if your company has not faced a software audit, you are probably on borrowed time. Many software publishers are initiating software audits using their in-house compliance teams instead of outsourcing to law firms or third-party vendors. Often, compliance teams will contact the business or IT contact at the targeted company. These technical teams respond to the software publisher’s or  third party’s audit request and provide significant amounts of data without authorization from the legal or governance teams.

While it is understandable that CIOs may prefer to take a hands-off approach to software audits and delegate the minutia to technology teams, there are risks to failing to adequately train and manage technology teams. The following provides a guide to CIOs for ensuring that unauthorized disclosures do not jeopardize the company’s legal position or risk exposure to significant fines and copyright infringement penalties.

There are a few key tips to mitigate costs and exposure by minimizing unauthorized disclosures.

  1. Develop Strategic Communication Protocols for Third-Party Inquiries

Regardless of the size of the IT department at a company, it is helpful to institute protocols outlined in an employee handbook (or vendor agreement) that prevent individuals from disclosing information without seeking approval. The teams should be required to notify the legal and governance representatives as part of the protocol.

Some types of audits appear to be non-threatening “license verifications” or requests for software asset management reviews, which sometimes creates a false sense of security for individuals who may otherwise seek management approval prior to sharing information.  Even these seemingly innocent requests should be treated with caution.

The first step in receiving a software-related inquiry is to identify what type of information is being requested, and whether a response is mandatory. In some of these situations, a company has no obligation to respond. In others, a failure to provide a timely response may escalate the matter to potential litigation.

It is equally important to ensure contracts with third-party IT vendors prevent disclosing information without company approval, even if the third party manages all software on the company’s network. This is particularly important because some third-party IT vendors will comply with a subpoena without giving the company an opportunity to quash or protect itself.

  1. Train and Educate Business and Procurement Teams

Business and procurement teams should coordinate with legal to conduct regular training for responding to external inquiries and specifically software audits. These negotiations should always be supervised by inside or outside counsel with specific experience with software audits.

Sometimes, during the business negotiations, these teams may disclose information regarding the company’s software installations that a software publisher later tries to use as leverage in future negotiations.

It is crucial that these departments are trained on the specific types of information that may be disclosed and to ensure that the information provided is properly vetted for accuracy and legal implications.

  1. Routinely Conduct In-House Audits

Executives should assign a specific individual or team to conduct routine self-audits and internally track entitlements to ensure license compliance. This recommendation holds true even for larger corporations that use MSPs to manage their software. Even though software compliance is outsourced, the liability for non-compliance or copyright infringement penalties lies with the company using the software. Therefore, a good management team should insist that an internal IT team conduct its own primary and secondary reviews of software compliance.

The benefit of creating an internal team that tracks license compliance is that it ensures that the correct quantity and type of licenses are purchased, resulting in savings from both potential non-compliance and also reduces the probability of wasting money on software that is not needed.

  1. Hire an Expert

A critical way to mitigate costs is knowing when to hire outside counsel. This guide for CIO to manage its technology and business teams to mitigate risk and reduce potential liability is a great start, but ongoing management is necessary. If you do not have deep experience in copyright infringement claims related software audits, it could save the company tens of thousands of dollars (or more) to hire outside counsel. If in doubt, consult Scott & Scott, LLP.

The foregoing tips comprise a starting guide for CIOs to manage technology teams specifically related to software compliance. Software compliance is a complex and dynamic process that requires consistent evaluation and management. If a CIO is unclear on licensing implications or the legal ramifications of software compliance or audits, he or she should consult attorneys with in-depth experience.