Exception-al Software Compliance

There are exceptions to every rule, but in the software compliance game, failing to get a handle on them early can lead to trouble down the road.

So far we've told you who's watching; discussed the basics of asserting control over your computer and software asset tracking; and you hopefully have already...

  • Documented your IT Asset Policy
  • Educated your user community on the company IT Asset Policy
  • Implemented Controls for your IT Assets
  • Scheduled regular system audits

Now we're ready to take the next step in managing your assets: dealing with the exceptions on your reports.

This is where you'll get the most bang for your buck. By focusing your efforts on dealing strictly with the computers and users that are the exceptions to the rules, you will quickly start to see positive results in your compliance reports. You will also discover that managing these assets will begin to require much less effort on behalf of those charged with maintaining the accuracy of inventory and computer licenses.

...before you box your business into an asset management system, ensure that it's something that's going to cover all the bases and allow for future growth.

Once your team has the basic controls in place, whether it's a fully scripted approach that flags the exceptions during the initial network login, or some third-party inventory application, a combination of those, or even a homemade, custom-built database, every approach should also include a strictly enforced and readily available software policy.

Common Methods

This is where it can get complicated for a larger business that might be feeling some growing pains, or tragically, shrinking pains. Just try pulling up all of those old invoices and transferring ownership of software licenses and computer assets when your business decides to downsize and sell off a portion of the company.

This too can be a complicated task if the proper recordkeeping and license tracking policies haven't been in place or have been haphazardly enforced. In other words, the sooner you plug all the holes, the sooner your business will emerge leak proof and less likely to sink from poor planning.

The methods of managing your software licenses and computer assets discussed above have pros and cons. We'll focus on the various methodologies behind software management suites in a later discussion, however, for this article, we'll cite the example of a scripted solution that incorporates computers logging onto the network only after the login script performs basic checks of the system status. These checks can include patch levels, software inventory and available licenses, anti-virus, user information and so on.

The drawback is that this method can be overly time consuming for some users. Remote offices and other traveling user groups can find this process of asset management sluggish, especially when the computer or laptop is off the company network for a prolonged period of time. However, building your business policy around this type of software management process can be a very cost effective way of dealing with a large network on a single campus setting without involving costly third-party management suites.

The idea is, before you box your business into an asset management system, ensure that it's something that's going to cover all the bases and allow for future growth.

Dealing with the Exceptions

Whichever approach your business has adopted to track assets and software licenses, if you're lucky you'll be monitoring the status using online dashboards, or perhaps using database report summaries, or as a last resort, spreadsheets. In any case, your goal here is to spot the exceptions, those computers that have a discrepancy.

Be it a piece of software that is not approved for use in your software policy or a piece of software that is approved but no one seems to have purchased a license before it was installed. Whatever the case, these are the types of exceptions we're looking for and need to be dealt with promptly. This means the software has to either be removed or purchased, and the offending computer and user need to be documented and reported.

This type of business unfortunately calls for a heavy hand with no "exceptions" made. The quicker you set the example with the workforce on your software policy standards, then the less work you'll have down the road.

And your business will thank you for it.

This article was first published on EnterpriseITPlanet.com.

Comment and Contribute


(Maximum characters: 1200). You have characters left.