When conducting an internal audit or dealing with a high-stakes, high-pressure examination by external auditors, you know how beneficial it is to have a solid configuration management solution like System Center Configuration Manager in place. However, you also know that even with a configuration management solution, it can still be frustrating since Configuration Manager isn’t able to provide you all of the facts.
For your next audit, consider the following tips:
Tip 1: Identifying Software Suites
Reviewing your Configuration Manager software inventory reports and discovering a grand total of 5,000 copies of Microsoft Word, 300 copies of Adobe Photoshop, 50 copies of Adobe Illustrator among other items in your ecosystem may be alarming. Compounding the situation is the fact that you can’t find purchase records for any licenses for the software.
Another fact… companies tend to buy software suites (i.e. Office, Creative Suite, Design Suite, etc.). There is the possibility that buying all of those suites could be a wasted depending on use. And you could true-up your licensing and save some money by not buying the whole suite for people who only need one app.
Challenge is that Configuration Manager doesn’t actually know much about suites in most cases. The software inventory component identifies individual applications but that doesn’t help when you need to match up license purchases.
What to do? Get more information. Suites can be detected by the right tools which can be used to enhance, not replace, your Configuration Manager inventory. Changing Configuration Manager from being a purely configuration management tool (a pretty technical set of tasks) into a tool that helps manage and maintain the organization from a business level is a good start.
Tip 2: Consistent & Accurate Data
Having consistent, accurate data is crucial when making critical business decisions. Reality is that there may be many variations of the same item. For instance, the company that produces the Dreamweaver software application can go by the names below.
- Adobe Systems, Inc.
- Adobe, Inc.
- Macromedia, Inc.
If doing a search using Configuration Manager to identify all entities, the results would yield in separate company listings rather than tying them all together.
However, during a software audit, the information is crucial since:
- Having consistent vendor information makes it easier to track down the proof-of-purchase and other license information that an auditor will need if you know who you purchased from
- Knowing the current vendor enables you to accurately consolidate purchase requirements for better discounts, especially with true ups.
- Having consistent information helps you manage your ecosystem (i.e. determining software support lifecycles, finding vendor contact information, etc.)
With Configuration Manager, all it requires is having existing information enriched and enhanced. Cleaning and normalizing the data into a common language/taxonomy for use in your infrastructure. Doing so will help speed up software audits but also will improve the quality of your own operational reports and other materials produced from Configuration Manager.
Tip 3: Having the Required Data
Quite frequently, software audits involve more than just matching up software and licenses. In most cases, you won’t be 100% compliant for every piece of software in your environment. It’s normal. Auditors expect it. They also expect you to quickly true-up and become compliant.
Again, this is an area where Configuration Manager should be able to help, starting with since it has software inventory if you enhance and enrich the information.
What additional information should you be looking for?
- Current vendor contact information – invaluable for finding out what the true-up is going to cost you.
- Support information – why spend money trueing-up on an outdated version? Find the latest version instead.
- Compatibility information –make sure software is forward compatible with your other IT plans.
- Suite information –look at different licensing alternatives that addresses compliance at the lowest possible cost and especially if installed as part of a suite,
More information is available and can be extracted using existing Configuration Manager inventory as a starting point.
Surviving Software Audits
Configuration Manager doesn’t contain every little data point that you need during a software audit since it is about configuration management and software audits are about licensing and other details that have more to do with lawyers and accountants than technology. However, Configuration Manager is a flexible system – perfectly capable of doing more for you (when enhance with additional information) in that the additional information – data about support lifecycles, consistent vendor names, contact information, software suite mapping, and more – helps to facilitate your next software audit. Without it… it’ll probably give you another headache.
So where does that additional information come from? Third party databases contain everything you need, save time from manually digging for information. Millions of products and market data points can enhance what Configuration Manager already knows, giving you complete knowledge of your ecosystem, and ensuring a successful software audit.