Getting Right with the BSA
In the wake of the BSA letter, we got busy to make the best possible use of our limited grace period. During the last three weeks of November, two members of my staff spent significant time inventorying and cataloging the software in use on all company systems. We also checked our various developer and other "bulk use" license agreements, as well as our single-copy and multi-copy licenses to assess what was needed to bring all our systems into full license compliance with BSA and vendor requirements.
The upshot of this work was that we ended up spending about $10,000 on software, or about $670 per system for a total of 15 systems. We didn't find any cases of outright piracy at work, but we did learn a lot more about our licensing agreements and what kinds of uses of software were legitimate and what kinds of uses were not legitimate. We also had to struggle to make the requirements for conventional corporate licenses fit our circumstances: most small companies like ours operate on a single premises; our company is entirely virtual, and everybody works out of their homes at least four days a week, with only limited time in the "company office" (one day a week from each of my four project managers at my house, which is our "company headquarters," so to speak).
Among the lessons that we learned while performing this audit were as follows:
Microsoft had slipped some changes to their Microsoft Solutions Developer (MSDN) program past us in their previous membership requirements, and we'd incorrectly counted some of our server licenses (the MSDN license permits aggregate use of up to 5 Windows Server licenses across all types of servers). After we did our overall count, and added in our separate purchased licenses, we purchased 4 Windows 2000 Server licenses or upgrades and necessary client licenses to make sure all counts matched up. This accounted for about 20 percent of the total expenditure.
Many vendors, including Microsoft, require an individual license for each operating system installed on a machine, whether it's used or not. We discovered to our dismay that on multi-boot machines, each operating system (and application) installed for each bootable image must be licensed separately. Ouch! We hastily de-installed several copies that weren't used very often, and heaved a sigh of relief.
We use numerous shareware programs widely such as PaintShop Pro, WinZip, and WS_FTP and hadn't been keeping track of the total number of copies installed. A recount of systems and licenses showed us that we came up short on the license side. In fact, this is where the bulk of our expenditures about 50 percent went to "get right."
We decided to standardize on some other software packages, including Norton Anti-Virus and some Web development tools. This accounted for the remainder of our outlays.
I think my company is pretty typical of small, dynamic organizations that don't always have standardized software configurations for servers and desktops, or formal purchasing policies and regular license reviews in place. In the wake of the BSA letter, we've gone ahead and formalized those configurations. We've also learned that license reviews are absolutely essential, and now conduct them on an annual basis (our 2001 review is underway right now, in fact, and we update our inventory every time we buy a new machine or decommission an old one). It's been a real learning experience (and a source of some serious expense) but we think we've figured out how to stay in compliance and out of trouble. If we can do it, so can you!