Professional Documents
Culture Documents
Table of Contents
OVERVIEW ....................................................................................................................................................... 3 REASONS FOR FOLLOWING THE TERMS OF SOFTWARE LICENSES ................................................................................... 3 STEPS TO ENSURE SOFTWARE COMPLIANCE ..................................................................................................... 4 STEP 1. DESIGNATE A SOFTWARE MANAGER ............................................................................................................ 4 STEP 2. ESTABLISH RESPONSIBILITY ...................................................................................................................... 4 STEP 3. DISTRIBUTE THE TEMPLE UNIVERSITY SOFTWARE POLICY ................................................................................ 4 STEP 4. ASSESS THE CURRENT SITUATION .............................................................................................................. 4 STEP 5. MATCH OWNERSHIP DOCUMENTATION WITH SOFTWARE INVENTORY ................................................................... 5 STEP 6. INSTITUTE SOFTWARE PROCUREMENT PROCEDURES........................................................................................ 5 STEP 7. MAINTAIN SOFTWARE COMPLIANCE ............................................................................................................ 5 OTHER CONSIDERATIONS.................................................................................................................................... 6 COMPUTER SERVICES SOFTWARE MANAGEMENT PROCEDURES ......................................................................... 8 END USER RESPONSIBILITIES ............................................................................................................................... 8 IMPORTANT NOTE: END USERS ARE ULTIMATELY RESPONSIBLE FOR ANY SOFTWARE COPYRIGHT VIOLATIONS FOUND ON HIS/HER MACHINE(S). ................................................................................................................................................... 8 SOFTWARE MANAGER RESPONSIBILITIES................................................................................................................. 8 IMPORTANT NOTE: SOFTWARE MANAGERS ARE ONLY RESPONSIBLE FOR SOFTWARE COPYRIGHT VIOLATIONS ON HIS/HER MACHINE(S). ................................................................................................................................................... 8 DOCUMENTATION BINDER CONTENTS..................................................................................................................... 8 APPENDIX A: BLANK SOFTWARE AUDIT WORKSHEETS ..................................................................................... 11 INDIVIDUAL WORKSTATION SOFTWARE AUDIT WORKSHEET....................................................................................... 11 SUMMARY SOFTWARE AUDIT WORKSHEET ............................................................................................................. 12 APPENDIX B: SOFTWARE AUDIT WORKSHEET EXAMPLES ................................................................................. 13 INDIVIDUAL WORKSTATION SOFTWARE AUDIT WORKSHEET....................................................................................... 13 SUMMARY SOFTWARE AUDIT WORKSHEET ............................................................................................................. 14 APPENDIX D: PROOF OF PURCHASE DOCUMENTATION .................................................................................... 15 APPENDIX E: MESSAGE FROM THE VICE PRESIDENT OF COMPUTER AND INFORMATION SERVICES .................. 16 APPENDIX F: SOFTWARE CATEGORIES ............................................................................................................ 17 COMMERCIAL SOFTWARE ................................................................................................................................... 17 SHAREWARE .................................................................................................................................................. 17 FREEWARE .................................................................................................................................................... 17 PUBLIC DOMAIN SOFTWARE ............................................................................................................................... 17
Revised 12/2/11
Overview
This document is designed to assist departments in managing University software assets. Proper software management includes establishing responsibility, maintaining an accurate inventory, ensuring license compliance, and effectively allocating the use of software applications. This document offers best practice guidelines for software management and outlines the compliance process followed by the Department of Computer Services. Adoption and use of these guidelines are strongly encouraged in order to manage software assets efficiently and avoid consequences associated with illegal software use.
Note: Portions of this document are reprinted with permission from the Software Information Industry Associations (http://www.siia.net) Software Management Guide. Brand and product names are trademarks or registered trademarks of their respective companies.
Revised 12/2/11
Note: Blank software audit worksheets are provided in Appendix A. examples are provided in Appendix B.
Revised 12/2/11
Purchasing
It is essential that the purchasing of software be a standardized procedure just like the acquisition of other critical assets. All software purchases should proceed through the college or department's normal purchasing channel, which requires a purchase requisition or credit card (and supervisor or management approval). Even though many software packages may be inexpensive, software should not be purchased through employee expense reports, travel reports or from department petty cash, because it is then difficult to track purchases for budgeting and compliance purposes.
Revised 12/2/11
Audit process
The audit process is the critical step in implementing a software management plan. Without regular software audits, there is no way of knowing whether or not the management plan is effective. Audits can also enable the Software Manager to obtain a better sense of what software is being used, as well as what software is not being used and therefore may be unnecessary. The basic purpose of an audit is to: determine what software applications are installed on your computers; and remove and replace any unauthorized software found.
There are three types of audits: self, internal and external. Self audits The best way to expedite an audit is to use a tool such as an auditing software program. An auditing program allows the Software Manager to evaluate the contents of each users hard drive and network servers. Internal audits Please be advised that the Temple University Department of Internal Audits will conduct unannounced software license spot checks. Any non-compliance identified by Internal Audits will be reported to the Management Audit Committee and may result in disciplinary actions. External audits Outside agencies, such as the Business Software Alliance, have the right to conduct their own audits of Temple Universitys software installations. Such audits may be scheduled or unscheduled and may involve selected units or the entire organization. If an audit is scheduled, the affected unit is required to maintain the status quo the unit must not delete software or purchase new licenses until the audit has been completed. During the external audit, auditing software is used to identify all software programs installed on each workstation and file server. The audit results will then be compared to the organizations license agreements and purchasing records. A software application is considered unauthorized if ownership cannot be substantiated with documentation that proves purchase. (See Appendix D, Proof of Purchase Documentation.) Please note: Any fines or fees associated with the non-compliance of software license agreements will be charged back to the college or department where the illegal copies are located.
Other Considerations
Limiting who can install software
You can centralize control over which software is installed on your departments computers by using security and management programs, such as Fortres 101 (Windows - Fortres Grand Corporation) and/or FoolProof (Macintosh/Windows Riverdeep Interactive Learning). These applications lock a computers hard drive so that end users cannot install any software programs. A designated administrator will have the password to unlock the hard drive and perform the installation. Temple University has purchased an enterprise license for the Fortres 101 program. Under the terms of this site license, Fortres 101 can be installed on any computer located on the following campuses: Main, HSC, Ambler, Center City, Tyler, Fort Washington, and the School of Podiatric Medicine. To schedule the installation of Fortres 101 on computers within your department, please contact the Computer Services Help Desk at (215) 204-8000. For more information on FoolProof products contact Computer Business Services at (215) 204-5000.
Revised 12/2/11
Temple Universitys computers are important assets and risks to these assets should be minimized. To ensure that all software used in a college or department is both legal and virus-free, software should be purchased and installed through the established software procurement process only.
Registration
Registration cards should be completed for all software as it is purchased and delivered, or in the case of online software purchases, the online registration form should be completed at the software publishers website. Promptly completing this process ensures that the college or department will receive product support and timely product announcements. The college or department should register all software in a standard format, such as Temple University followed by the college or department name. Therefore, when individuals leave, the registered software remains with the University and notifications of upgrades will be sent to the proper place. Proper registration will also result in the publisher having a record of the purchase that complements the existing Purchase Order and/or receipt.
Documentation
Original manuals, tutorials and other user-oriented documentation should reside with the end user. This encourages employees to purchase legitimate software. If you work in a network environment, you may opt not to distribute a manual to each user. In that case, be sure to designate a resource person, such as the Software Manager, to respond to questions.
Revised 12/2/11
Important Note: End users are ULTIMATELY responsible for any software copyright violations found on his/her machine(s).
Important Note: Software Managers are ONLY responsible for software copyright violations on his/her machine(s).
Note: For more information on the Temple University Software Site License Program, refer to the Computer Business Services website: http://www.temple.edu/cs/business
Revised 12/2/11
Example: A Software Manager within Computer Services consolidates purchase requests within the department and submits a Purchase Requisition to the Software Site License Program for ten copies of Microsoft Office XP Professional. Upon receipt of the licenses, the Software Manager records the name of each designated license recipient or CPU serial number on the Purchase Requisition, Software Site License Agreement, or Summary of Order form. Copies are distributed to each licensee for inclusion in their respective documentation binders.
Revised 12/2/11
Shareware/Freeware
Shareware programs, such as WinZip, typically offer a trial period. After the trial period expires, the end user is responsible for either uninstalling or purchasing the program. For each shareware program, the end user is responsible for tracking the information described previously under Non Site-Licensed Software. For each freeware program, the end user maintains a copy of the license agreement. The license agreement can usually be found on the web site from which the software was downloaded or in the Readme file.
Revised 12/2/11
10
Software Publisher
Proof of Purchase R L P SL SF
R L P SL S
Sales order/invoice receipts, packing slips denoting the product(s) and quantity purchased Letter from the manufacturer and/or publisher denoting what comes with the computer Purchase Order that the Purchasing Department has approved and processed Software Site License Agreement and/or Software Site License Program Summary of Order Unexpired License Agreement for Shareware or Freeware Temple University Software Management and Compliance Guidelines 11
Revised 12/2/11
B
Publisher
C
# of Copies Found R L
D
Total Support Observed P SL SF
E
(C-D) Short fall
R L P SL SF
Sales order/invoice receipts, packing slips denoting the product(s) and quantity purchased Letter from the manufacturer and/or publisher denoting what comes with the computer Purchase Order that the Purchasing Department has approved and processed Software Site License Agreement and/or Software Site License Program Summary of Order Unexpired License Agreement for Shareware or Freeware
Revised 12/2/11
12
Software Publisher
Proof of Purchase R L P SL SF
Acrobat Reader 4.05 QuickTime Talkback 2.2.2254 DVD Player 5.00.007.3 Office Pro 2010
Adobe Systems, Inc. Apple Computer, Inc. Full Circle Software, Inc. Mediamatics, Inc. Microsoft Corporation
R L P SL SF
Sales order/invoice receipts, packing slips denoting the product(s) and quantity purchased Letter from the manufacturer and/or publisher denoting what comes with the computer Purchase Order that the Purchasing Department has approved and processed Software Site License Agreement and/or Software Site Licensing Program Summary of Order Unexpired License Agreement for Shareware or Freeware Temple University Software Management and Compliance Guidelines 13
Revised 12/2/11
B
Publisher
C
# of Copies Found R L
D
Total Support Observed P SL SF
E
(C-D) Short fall
Acrobat Reader 4.05 DropStuff 4.0 QuickTime Scrapbook 7.5.2 FileMaker Pro 4.0 Talkback 2.2.2254 DVD Player 5.00.007.3 Office Pro 2000 Word 97 Exchange 7.0 Internet Explorer 9.00.2014
Adobe Systems, Inc. Aladdin Systems, Inc. Apple Computer, Inc. Apple Computer, Inc. File Maker Inc. Full Circle Software, Inc. Mediamatics, Inc. Microsoft Corporation Microsoft Corporation Microsoft Corporation Microsoft Corporation . .
1 1 1 1 1 1 1 1 1 2 1 1 1 2 1 1 1
1 1
0 0 0 0 0
1 1
0 0 0 0 0
R L P SL SF
Sales order/invoice receipts, packing slips denoting the product(s) and quantity purchased Letter from the manufacturer and/or publisher denoting what comes with the computer Purchase Order that the Purchasing Department has approved and processed Software Site License Agreement and/or Software Site License Program Summary of Order Unexpired License Agreement for Shareware or Freeware
Revised 12/2/11
14
Please note that a number of these various types of documentation will routinely be received for each software license. To avoid unauthorized copying, care must be taken to unequivocally match the particular items of documentation with installation of the subject software on one, and only one microcomputer. Internal Audits will determine whether other documentation, such as the original diskette or CD-ROM, original license, or a copy of the completed registration card, which does not meet the acceptable documentation standard, is none-the-less sufficient to abrogate the need for the purchase of a new license depending on individual circumstances and the type of documentation and explanation.
Revised 12/2/11
15
Appendix E: Message from the Vice President of Computer and Information Services
To: From: Date: Subject: The University Community Timothy C. ORourke, Vice President - Computer and Information Services April 2003 Software Policy Compliance
For the past several years, various colleges and departments within Temple University have been audited for compliance with the University's Software Policy. This memorandum is issued in an effort to remind the University community of the importance of complying with that policy and to reiterate the seriousness of failing to do so. Simply put, the unlicensed duplication or use of any software program is illegal and can expose both you and the University to civil and criminal penalties under copyright law. Temple University's Software Policy was adopted in order to: establish standards of conduct with respect to software acquisition, copying, transfer and use; inform students and employees of the repercussions associated with software misuse; set forth disciplinary procedures for such misuse; and avoid University liability for individual's violations of copyright law and software licenses. The Software Policy applies to all software acquired by or on behalf of Temple University and all software (however acquired) used on Temple University resources. Each user is individually responsible for reading, understanding, and adhering to the Software Policy, Computer Usage Policy and all licenses, notices, and agreements in connection with software, which he or she acquires, copies, transmits, or uses. An individual who violates the Software Policy is subject to any combination of the following: immediate system "lock-down" to prevent installation of future software; suspension or revocation of computer accounts; and disciplinary action as detailed by the relevant policies and rules for faculty, staff, and students. These actions may include suspension, expulsion or termination of employment. Without limiting the individual's personal liability, the applicable unit (e.g., administrative or academic department, center, institute, school or college) for any employee who violates the Software Policy is internally responsible for: any assessed or agreed to fee/fine/settlement/license amounts associated with remedying noncompliance and restoring an appropriately licensed system; costs associated with future installation/upgrade of software; and costs associated with monitoring compliance. In addition to University disciplinary actions, individuals who commit copyright infringement are personally subject to civil and/or criminal sanctions. Temple University is under no obligation to defend, indemnify or hold harmless such violators, as acting in violation of federal law is clearly outside the course and scope of employment. Furthermore, the University can be expected to cooperate with law enforcement officials in the investigation and prosecution of any violator. Temple University's Software Policy and Computer Usage Policy and a number of resources available to assist you in understanding software licensing and ensuring compliance with these policies including Instructional Course on Software Licensing and Related General Copyright Law and Software Management and Compliance Guidelines are located online at: http://www.temple.edu/terms. Please contact Computer Services at (215) 204-5000 should you have any questions or require assistance. Thank you for your cooperation.
Revised 12/2/11 Temple University Software Management and Compliance Guidelines 16
Commercial software
Commercial software represents the majority of software purchased from software publishers, commercial computer stores, etc. When you buy software, you are actually acquiring a license to use it, not own it. You acquire the license from the company that owns the copyright. The conditions and restrictions of the license agreement vary from program to program and should be read carefully. In general, commercial software licenses stipulate that (1) the software is covered by copyright, (2) although an archival copy of the software can be made, the backup copy cannot be used except when the original package fails or is destroyed, (3) modifications to the software are not allowed, (4) decompiling (i.e., reverse engineering) of the program code is not allowed without permission of the copyright holder, and (5) development of new works built upon the package (derivative works) is not allowed without the permission of the copyright holder.
Shareware
Shareware software is covered by copyright, as well. When you acquire software under a shareware arrangement, you are actually acquiring a license to use it, not own it. You acquire the license from the individual or company that owns the copyright. The conditions and restrictions of the license agreement vary from program to program and should be read carefully. The copyright holders for shareware allow purchasers to make and distribute copies of the software but demand that if you adopt it for use you must pay for it. In general, shareware software licenses stipulate that (1) the software is covered by copyright, (2) although one archival copy of the software can be made, the backup copy cannot be used except when the original package fails or is destroyed, (3) modifications to the software are not allowed, (4) decompiling (i.e., reverse engineering) of the program code is not allowed without permission of the copyright holder, and (5) development of new works built upon the package (derivative works) is not allowed without the permission of the copyright holder. Selling software as shareware is a marketing decision; it does not change the legal requirements with respect to copyright. That means that you can make a single archival copy, but you are obliged to pay for all copies adopted for use.
Freeware
Freeware also is covered by copyright and subject to the conditions defined by the holder of the copyright. The conditions for freeware are in direct opposition to normal copyright restrictions. In general, freeware software licenses stipulate that (1) the software is covered by copyright, (2) copies of the software can be made for both archival and distribution purposes but distribution cannot be for profit, (3) modifications to the software are allowed and encouraged, (4) decompiling (i.e., reverse engineering) of the program code is allowed without the explicit permission of the copyright holder, and (5) development of new works built upon the package (derivative works) is allowed and encouraged with the condition that derivative works must also be designated as freeware. That means that you cannot modify or extend freeware, and then sell it as commercial or shareware software.