SOFTWARE ASSET
MANAGEMENT POLICY
Software Asset Management Policy
Metadata
Author.Contributor
Coverage.spatial
Creator
Derrick Bates
UK, Cumbria
ICT Client Team
Organisational Development
1st May 2008
The document sets out the corporate policies and
procedures for the management of corporate software
assets.
Txt
Date.issued
Description
Format
Identifier
Language
Publisher
Rights.copyright
Status
Subject.category
Subject.keywords
Eng
Cumbria County Council
Cumbria County Council
Version 1.0 Final
Software Asset Management
Asset management; licence; compliance; piracy; fast;
resources; retrieval; policy; strategy; security; users
Cumbria County Council Software Asset Management
Policy
Title
Distribution
Issue
Date
Version
Name
Title
Revision History
Document
ID.version
V 0.1
V 0.2
V 0.3
V 0.4
V 1.0
Status
Date
Reason for review
Author
Draft
Draft
Draft
Draft
Live
2007-09-14
2007-09-21
2007-11-13
2008-03-14
2008-05-01
Creation
Amended
Further amendments
Further amendments
Final
D
D
D
D
D
Bates
Bates
Bates
Bates
Bates
Approval
Name
A Cook
Position
HIT & BI
Date
01/05/08
Signature
These Policies replace all previous versions and amendments to Council software management policies. It
applies to all Members, employees, temporary and contract workers of Cumbria County Council.
Version 1.0, May 2008
Page 2 of 10
Software Asset Management Policy
Table of Contents
1
INTRODUCTION ...........................................................................................5
2
SOFTWARE ASSET MANAGEMENT POLICY STATEMENT .....................5
3
SOFTWARE ACQUISITION..........................................................................5
4
SOFTWARE DELIVERY ...............................................................................5
5
SOFTWARE INSTALLATION .......................................................................5
6
SOFTWARE MOVEMENTS ..........................................................................6
7
SOFTWARE RETIREMENT ..........................................................................6
8
SOFTWARE DISPOSAL ...............................................................................6
9
COMPLIANCE AND DOCUMENTATION .....................................................6
10
FONTS .......................................................................................................6
11
EVALUATION (FREEWARE & SHAREWARE) ........................................6
12
GAMES & SCREENSAVERS....................................................................6
13
INTERNET DOWNLOADS ........................................................................7
14
EMAIL ATTACHMENTS............................................................................7
15
MOBILE/LAPTOP USERS ........................................................................7
16
AUDITING..................................................................................................7
17
DISASTER RECOVERY ............................................................................7
18
DISCIPLINARY PROCEDURES FOR BREACH.......................................7
19
APPENDIX 1 – PROCEDURES.................................................................8
Version 1.0, May 2008
Page 3 of 10
Software Asset Management Policy
19.1
Acquisition, Delivery & Installation ..............................................................................................8
19.2
Movements .......................................................................................................................................8
19.3
Retirement & Disposal....................................................................................................................8
19.4
Fonts .................................................................................................................................................8
19.5
Evaluation (Freeware and Shareware)..........................................................................................8
19.6
Games & Screensavers....................................................................................................................9
19.7
Internet Downloads .........................................................................................................................9
19.8
Email Attachments..........................................................................................................................9
19.9
Mobile/Laptop Users.......................................................................................................................9
19.10
Auditing............................................................................................................................................9
19.11
Disaster Recovery..........................................................................................................................10
19.12
Disciplinary Procedures for Breach ............................................................................................10
Version 1.0, May 2008
Page 4 of 10
Software Asset Management Policy
1 Introduction
The document supports the Council’s compliance with current statutes and
regulations as well as British and International Standards for Software Asset
Management (SAM). It lays down the Council’s policies and procedures in
respect of management of its software assets. The means of signifying
agreement with these policies and procedures is through the Council’s
Acceptable Use Policy.
As at publication date and for the purposes of this document the ICT Strategic
Partner is Agilisys.
2 Software Asset Management Policy Statement
It is the policy of Cumbria County Council to respect all computer software
copyrights and adhere to the Terms & Conditions of any licence to which
Cumbria County Council is a party. Cumbria County Council will not condone the
use of any software that does not have a licence and any employee found to be
using, or in possession of unlicensed software may be the subject of disciplinary
procedures.
It is the responsibility of all Cumbria County Council employees, consultants,
temporary or contract workers to read, fully understand and signify agreement to
Cumbria County Council’s Acceptable Use Policy.
3 Software Acquisition
All computer software acquired by the Council must be purchased through the
ICT Strategic Partner. No user may purchase software directly and the purchase
of software by any other means such as credit cards, expense accounts or petty
cash is expressly forbidden. Specialist software for use by the disabled must be
accompanied by an assessment from Occupational Health.
4 Software Delivery
All newly purchased software will be delivered to the ICT Strategic Partner so
that licences can be checked and Asset Registers updated. No other staff may
take delivery of computer software.
5 Software Installation
Computer software can only be installed by the ICT Strategic Partner, under no
circumstances is computer software be installed by any other Council staff.
Version 1.0, May 2008
Page 5 of 10
Software Asset Management Policy
6 Software Movements
All staff or department moves must be controlled through the corporate Office
Move procedure so that the appropriate software can be added or removed and
asset registers updated.
7 Software Retirement
The retirement of Software/Hardware used by the Council may only be carried
out by the ICT Strategic Partner.
8 Software Disposal
The Disposal of Software/Hardware used by the Council may only be carried out
by the ICT Strategic Partner in compliance with the Waste Electrical and
Electronic Equipment (WEEE) Directive.
9 Compliance and Documentation
All licences, invoices and original media for all of the software in use in Council
premises are to be held securely by the ICT Strategic Partner.
All media must be signed in and out by an authorised person as defined by the
Strategic ICT Partner. A periodic check will be carried out by the IT Security
Officer to ensure the actual media matches with the inventory.
10 Fonts
Font software is bound by the same policies and procedures as all software. No
user may install any font software onto Council systems.
11 Evaluation (Freeware & Shareware)
Shareware, Freeware & Public Domain software is bound by the same policies
and procedures as all software. No user may install any free or evaluation
software onto Council systems.
12 Games & Screensavers
The Council does not permit the use of any games or screensavers other than
those previously agreed by line managers, or the games and screensavers which
form part of your operating system
Version 1.0, May 2008
Page 6 of 10
Software Asset Management Policy
13 Internet Downloads
No software, whatsoever, may be downloaded from the Internet.
14 Email Attachments
Users may not load or use any software received via e-mail. Sharing software via
email is prohibited.
15 Mobile/Laptop Users
Council software policies apply to mobile users and all laptops will be equipped
with auditing software for regular checks.
16 Auditing
All users must be aware that the Council electronically audits all computers on a
regular basis. Sample random audits also may be carried out.
17 Disaster Recovery
The owner of every business process and support process is responsible for
ensuring that an appropriate business resumption risk assessment is carried out.
Where that resumption includes the redeployment or reinstallation of software in
support of business activities the software licencing must comply with this Policy
and the conditions of the original Vendor licence.
18 Disciplinary Procedures for Breach
The Council’s software policies are implemented to safeguard the Council from
the many varying laws surrounding software use. Any user found to be in breach
of these policies may be subject to disciplinary procedures.
Version 1.0, May 2008
Page 7 of 10
Software Asset Management Policy
19 Appendix 1 – Procedures
19.1
Acquisition, Delivery & Installation
The user is to call the ICT Strategic Partner Service Desk requesting a quote for
the software and obtain a reference number. Complete the online Equipment
Request Form using the supplied reference number. Obtain the relevant
authorisation signature and pass to the ICT Client Team as a Non Standard
Request. Once delivered, the software will be added to the Authorised Software
List against the specific user. The software will then be identified to the audit tool
and loaded to the user’s workstation by the ICT Strategic Partner. The software
will be added to the Definitive Software List and the media will be placed in the
secure storage area, controlled by the ICT Strategic Partner.
19.2
Movements
In the event of staff relocations Departmental Managers are to complete the
online Office Move Form. As part of this procedure they are to ascertain whether
new software will be required. Old software can be re-distributed and the new
locations of staff, hardware, network points and software for the asset register
recorded by the Strategic ICT Partner.
19.3
Retirement & Disposal
Once a computer is deemed ready for disposal, all software will be removed.
Where the licence permits, the software will be re-used, stored for future use or
retired. Software purchased as part of a computer will be disposed of with the
computer as these licences are non-transferable.
All Council data will be removed and the hard disk will be securely cleaned or
physically destroyed. The asset register will be updated and the certificate of
disposal/destruction will be held on file.
19.4
Fonts
Where a user has a valid business requirement for a specific font they will use
the standard software acquisition procedure.
19.5
Evaluation (Freeware and Shareware)
Where a user has a valid business requirement for a piece of shareware or
freeware they will use the standard software acquisition procedure. Upon the
appropriate management agreements, the software will be obtained, tested and
loaded to the user.
Version 1.0, May 2008
Page 8 of 10
Software Asset Management Policy
If this software is shareware, and requires deletion or licensing after a trial period,
the user will be contacted one week prior to the end of trial date to ascertain
whether he or she wishes to retain use of the software. If the software is to be
retained usual acquisition procedures will be followed. If it is not required the
software will be completely uninstalled.
19.6
Games & Screensavers
Before being delivered to the user, the ICT Strategic Partner will ensure that the
computer is loaded with software to corporate standards and the screensaver is
set to enable after a static period of 5 minutes with a password required to gain
access.
19.7
Internet Downloads
If a user has a valid and approved reason for an item of software available on the
internet, he/she will inform the ICT Client Team using the standard software
acquisition procedure. The ICT Client Team and the ICT Strategic Partner will
then check the licensing requirements for the software, where appropriate
purchase a licence, download the software, virus check the download and
benchmark the software, prior to delivery to the end user.
19.8
Email Attachments
If you receive any unexpected files, which do not appear to be standard business
documents, inform the IT Security Officer and the ICT Strategic Partner
immediately.
19.9
Mobile/Laptop Users
Laptops used as a primary access mechanism through a docking station in a
Council office will be subject to the same audit regime as desktop machine.
Users with laptops that are not regularly attached to the Council network will be
subject to periodic recall for update and audit. See Auditing.
19.10 Auditing
The Council uses auditing software on a regular basis to ascertain whether all of
the software loaded is legal. The audit is checked and reconciled with the
Definitive Software Library and all unauthorised software is deleted. The source
of the unauthorized software will be ascertained and disciplinary action may be
taken.
Version 1.0, May 2008
Page 9 of 10
Software Asset Management Policy
19.11 Disaster Recovery
The ICT Strategic Partner is responsible for regularly reviewing its ability to
recover or re-supply the organisation, within the timeframe required, with all the
business software that will be needed to effect recovery of the business in the
event of a major disaster.
19.12 Disciplinary Procedures for Breach
The standard Council disciplinary procedures will apply.
Version 1.0, May 2008
Page 10 of 10