Last month we told you about the software piracy watchdogs that are on the lookout for corporate organizations that are willfully pirating software or committing copyright infringement. Whether due to lack of adequate controls around software policies or lack of education on behalf of the organizations employees, it's illegal and we're going to talk about the basic controls that your business should have in place to prevent any undue hardship in the future.

Let's start with your Software Policy.

Covering the Basics

For starters, your business needs a policy in place. And the key to any successful policy is awareness. Regardless of how thorough and in-depth your businesses policies are, they're worthless unless your employees are aware of them and educated on their meaning and content.

Businesses should begin by educating their employees on the definition of software piracy. This definition comes right from the Business Software Alliance more commonly known as the BSA:

Software piracy is the unauthorized copying or distribution of copyrighted software. This can be done by copying, downloading, sharing, selling, or installing multiple copies onto personal or work computers. What a lot of people don't realize or don't think about is that when you purchase software, you are actually purchasing a license to use it, not the actual software. That license is what tells you how many times you can install the software, so it's important to read it. If you make more copies of the software than the license permits, you are pirating.

Simply put, making or downloading unauthorized copies of software is breaking the law, no matter how many copies or people are involved.

Whether you are casually making a few copies for friends, loaning disks, distributing or downloading pirated software from the Internet, or buying a single software program and then installing it on multiple computers (including personal), you are committing copyright infringement—also known as software piracy.

It doesn't matter if you are doing it to make money or not — if you or your company is caught copying software, you may be held liable under both civil and criminal law. Civil penalties can be as high as $150,000 per software program infringed. In addition, introducing pirated software into your computing environment can open you up to the risk of damage to your network through defective software or malicious code.

Once you've educated your employees about software piracy, you can follow-up by having them sign a business policy statement at the time of hire and on an annual basis indicating that they acknowledge, understand and will comply with the company's policy on software.

Additional Software Policy Considerations

Putting the correct wording in your software policy to educate your employees is a good start. Now you'll need to include additional verbiage that will allow your business to properly control the acquisition and distribution of your software licenses.

Most enterprise businesses would benefit greatly by having a single department or person who is authorized to purchase software licenses and another to install and maintain the purchased software. This method is the first step toward having an auditable trail of the complete lifecycle of the software. This method will also allow your business to cover the following software purchasing best practices:

  • Purchase your software from a reputable dealer
  • When possible, purchase from a publisher-recommended reseller
  • Obtain both a digital and paper receipt or proof of purchase
  • Ensure the that the software is properly installed and inventoried
  • Control distribution of the software media

So if your business does not already have a single point of contact for software acquisitions and deployment then put one in place and be sure to add this process to your software policy.

The last thing that you want to allow is for your employees to go out on their own and purchase and install whatever software they deem necessary for them to do their job. As valuable as they are, your employees are not purchasing experts and they are not computer technicians. Certainly consulting with your employees and the various departments within your organization to build an enterprise-wide technology stack is your best bet to fulfilling all your businesses internal software needs.

In addition to procuring and installing the initial software package, consider that most software also requires incremental patching or updates. Ensure that your software policy covers this topic by discussing the process your employees should follow to receive these periodic updates.

Most large businesses will have a software deployment tool in place such as Altiris, Marimba, Computer Associates or others, so in most cases your employees will have to do nothing other than to log into your company network to receive these updates. However, you will need to educate them of this process nonetheless and the best place to do that is in your Software Policy document.

The topic of software compliance including procurement, deployment, detection, auditing, lifecycle, updates and retirement is complex. This is why subject matter experts are crucial to properly managing this important element of day-to-day business.

Check back regularly for our continued discussion on this topic. If you would like to ask a question about software compliance, or any other enterprise IT related subject, please visit the Enterprise IT Planet Forums and we'll do our best to help answer it.

This article was first published on EnterpriseITPlanet.com.