Voted Best Answer
Feb 21, 2018 - 09:57 AM
Taking each of your questions responses are below:
Who is the letter generally addressed to? eg Company Secretary, CIO, other? – Any formal communication about an agreement should be addressed to the nominated person/role within that agreement. If no such person/role has been nominated then the notification would most likely be sent to an individual with whom there has been recent contact by the vendor’s account manager. There should be internal procedures within the customer’s organisation that any such communications are passed to a single point (e.g. the ITAM/SAM Manager) to manage the audit/self-certification.
How does the letter distinguish between formal audits (as mandated in licensing T&Cs) or an informal 'licensing review'? What else might be in the letter? I have included an example of a formal audit letter and a request for self-certification below for your reference. Basically, both ask for the same things.
Anything else that might be useful for people watching the course? Establishing a formal process that is supported by their executive management. Dis-engaging any activities with the vendor for the duration of an audit is always a good initial repost but this would need the CIO endorsement.
What are the very first things you do when receiving an audit letter? Sigh, swear, get annoyed, get depressed, think how are we going to make the vendor work hard for no return!! Then, we start the formal process we have established for such events.
Hopefully this is a good starter for 10 for you. Happy to discuss the process over a call or at the next BCS meeting.
Example of Formal Audit Letter
“Vendor” has selected “Customer” for a formal license review. Software licensing compliance has been one of the biggest business control and governance challenges for most enterprises and software vendors during the last several years. At “Vendor” , we want to work closely with customers to ensure proper software licensing governance. To that end, “Vendor” is conducting license inspections with its customers throughout the world to ensure they are properly licensed for all “Vendor” software deployed throughout their organisation.
The review will be facilitated by “Vendor’s” Licensing Compliance Office. We will provide instructions on how software deployment data should be collected and will review your deployment data report for completeness and accuracy. Please contact “Vendor’s Compliance Officer’s Name” , from “Vendor” within 5 days from the date of this notification via email at licensecomplianceofficer@ “Vendor” .com with contact information of the person designated by “Customer” to coordinate the completion of the review.
During the verification period, it is important that your organisation do not remove any installations or change any access to the “Vendor” software products until the verification period is closed. If “Customer” is unable to complete the license review effectively within 30 days of the date of this letter, or the “Vendor’s ” Licensing Compliance Office determines the information submitted by “Customer” is insufficient or incomplete, “Vendor” reserves the right to proceed with the onsite license compliance audit as described in the Master License Agreement.
We value the relationship with “Customer” and look forward to your support and cooperation in completing this inspection. If you have any questions relating to the process, please do not hesitate to contact the “Vendor’s” Licensing Compliance Office at licensecomplianceofficer@ “Vendor” .com.
“Vendor’s” Licensing Compliance Officer
Example of Self-Certification Letter
Reminder of “Vendor” Enterprise License Agreement Reporting Obligation
To Whom It May Concern,
This is an early courtesy notice reminding “Customer” of a reporting obligation under the ELA Order Form (“ELA”), between “Vendor” and “Customer” dated “ddmmmyyyy” covering the purchase of licenses to certain Software (as defined in the ELA), which expires on “ddmmmyyyy” .
You may have already been notified of this expiration through other channels. Please note if you are in the process of renewing this agreement or have already done so, the reporting obligation under the aforementioned prior agreement still exists and reporting must be completed per the terms of this agreement.
In accordance with Section 1(c) of the ELA, “Vendor” hereby requests that “Customer” complete and return the enclosed Certification and Deployment Summary reporting the exact quantity of ALL “Vendor” software licenses that “Customer” has Deployed as of the ELA Expiration Date. All software deployed as of the Expiration Date includes all Software Deployed during the ELA period as well as all Pre-ELA Installed Software.
A copy of the ELA is enclosed for your reference.
Please return the Deployment Summary and the Certification to “Vendor” at licensecomplianceofficer@ “Vendor” .com by Due Date: “ddmmmyyyy” .
Note – Deployment may continue until the aforementioned expiration of the agreement. Therefore, it is advisable to begin the initial steps in gathering the required information.
As a reminder, “Customer” is obligated to maintain such reports and accurate records of such Software Deployment in accordance with the terms of the ELA and “Vendor” reserves any related audit rights to ensure ongoing compliance with the terms of the ELA. We do appreciate your timely assistance. If you have any questions, please contact licensecomplianceofficer@ “Vendor” .com.
“Vendor” will be sending additional reminders of the reporting obligation as the due date approaches. Therefore, if there is a more appropriate contact for providing this information, please let us know their name and email.
“Vendor’s” Licensing Compliance Officer