Margaret (Marg) Knox
The University of Texas System
Sent from my iPad, I apologize for any typos
> On Mar 23, 2017, at 5:31 PM, Braaksma, Zachary <[log in to unmask]> wrote:
> Thanks for sharing Marg. I wanted to comment on your point "- a third party is not what I consider desirable practice. Their compensation may be on finding something versus a neutral result"
> I agree in that a third-party, assigned by the Vendor, is not a desirable practice. I know of two large software vendors, who contract with Big 4 accounting firms as the third-party, do not directly compensate per-engagement based on the findings of the Big 4 accounting firm(s); they make sure this is stated to the customer during any "review". However, the accounting firms may assist with targeting/recommending customers to be audited (based on purchase activity, product mix, maintenance-renewal activity, etc.) and the large software vendors will not continue to award the audit to firms who do not demonstrate results. So, although compensation is not directly tied to a specific engagement, there is pressure for the third-party firm to have findings in an audit for continued business with that software vendor.
> That said, having a third-party, assigned by the Customer, may be desirable if compliance is unknown to the Customer when an audit is initiated (of course, this is reactionary and not best practice). Having a clause that allows a customer-selected third-party to come and demonstrate compliance may be of benefit, somewhat tied to your last point in running school run tools to demonstrate compliance. Of course I would expect such an engagement to be a review of compliance, optimizing license allocation/counting, and then providing summarized results to the software Vendor in a previously agreed upon (hopefully in the contract) format/method. This also allows the Customer to evaluate internally, without immediate obligation to the software vendor, how to approach any problems identified (technically, legally, etc.) before there is pressure coming from the software vendor based on non-compliance findings they may have identified during an audit.
> Thanks again,
> Zac Braaksma
> Office: 281.998.6382| Cell: 281.253.7398
> -----Original Message-----
> From: The EDUCAUSE Software Licensing Issues Constituent Group Listserv [mailto:[log in to unmask]] On Behalf Of Knox, Marg
> Sent: Thursday, March 23, 2017 1:44 PM
> To: [log in to unmask]
> Subject: [LICENSING] audit terms
> The SHI newsletter today had an interesting article on getting the best audit terms in your contracts. So food for thought, see https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblog.shi.com%2F2017%2F02%2F20%2Fnegotiate-better-software-audit-clause%2F%23.WMFoxVUrLRY%3F_cldee%3DbWtub3hAYXVzdGluLnV0ZXhhcy5lZHU%253d%26recipientid%3Dcontact-273e6c58aff1df119f66005056ae0ffb-06de9135c9ca46c78c54ac8b2b1731f3%26esid%3D3f48a249-d20f-e711-80ff-005056950f19%26urlid%3D15&data=02%7C01%7Czachary.braaksma%40SJCD.EDU%7C2bbe7acee5c04e349daa08d4721cd9dc%7C514efd408efe4f15819f34e56acf1562%7C1%7C0%7C636258915626347968&sdata=SRQRaEEGMC6sFocSOTJhv580n9mDu%2FEbenHmnrcJVwY%3D&reserved=0
> A couple of thoughts
> - I would add is the concept of "good legal cause" for an audit clause. Fishing expeditions are not a good use of our resources so I want to know what evidence a vendor has to need the audit
> - security/privacy issues. If a tool is going to be used then it would have to be fully vetted by our security and privacy folks before deployed. And a whole bunch of legal language would be needed for that usage (who that data can be shared with, what kind of data, etc).
> - a third party is not what I consider desirable practice. Their compensation may be on finding something versus a neutral result
> - a possible preference for the last two could be that the school run tools they have (that perhaps came with the package, since surely the vendor cared enough to include same:-)) and upon appointment on site, review results with the vendor. Any sensitive data/ confidential data would be redacted prior.
> Margaret (Marg) Knox The University of Texas System Executive Director, Systemwide IT (SWIS)
> (512) 322-3774 [log in to unmask] Austin, Texas, 78701
> Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7Czachary.braaksma%40SJCD.EDU%7C2bbe7acee5c04e349daa08d4721cd9dc%7C514efd408efe4f15819f34e56acf1562%7C1%7C0%7C636258915626347968&sdata=T6AE%2FlkR%2FNQ8DUAeTD9Ah0hg6usSmgY9kTdIG2SCDXQ%3D&reserved=0.
> Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.