While there are prescribed standards for conducting several
types of audits, external software license audits remain
unregulated and ripe for legislative intervention. Until then,
companies must fend for themselves.
From our experience, a software publisher's motivation to
conduct an audit falls into at least one of the following
buckets:
- Compliance - to verify compliance in the ordinary course of business and calculate a true-up if usage exceeds the terms of the operative license agreement
- Renewal/Sales – to gain leverage in negotiating a renewal and/or to sell additional products
- Profit – to extract additional money through the threat of or actual initiation of litigation for copyright infringement and/or breach of contract
So, what can a company do to protect itself?
From a legal perspective, the first line of defense is to negotiate
a license agreement that contains clear definitions, such as, what
constitutes "use" of a license, who qualifies as a
"user," the environment where the software can be
deployed and, if applicable, how the software can be incorporated,
marketed, sold or distributed. Once the parameters are established,
the company should adopt internal processes to ensure
compliance.
In the absence of federal or state regulation, the parties to a
licensing agreement can also agree in advance how a software audit
is to be conducted, allowing the company to negotiate terms that
offer some protection from unreasonable demands or spurious
results. For example, the audit provision in the license agreement
can address:
- how frequently a software audit can be conducted
- the process for conducting the audit, e.g., what is the form and amount of advance notice required? will the audit be conducted by an independent third party? will a formal audit report be generated? is there a process for the company to contest the findings? who pays for the audit?
- what happens in the event that the audit establishes that the company is not in compliance with the terms of the license agreement
Lastly, what should a company do if the software publisher
demands an audit?
Remember that the best defense is (sometimes) a good offense. The
company should not automatically capitulate to an audit request
without first seeking legal counsel to evaluate the applicable
audit provision and guide the company through the process to
minimize exposure and reduce the risk of subsequent litigation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.