Latest ITAM News

Managing the Fine Print – Working with Terms and Conditions

In looking back at the articles and presentations I’ve written for IAITAM over the last several years – what I refer to as the “ITAM 101 Series” – for whatever reason the topics seem to be, well, less than exciting. There was the one about audits – everyone’s biggest fear in the SAM realm. Controlling your software and software usage – there’s one to get folks dancing in the aisles. And OK, fine, yes I can get excited about inventory – I worked with Tally Systems when we invented the first inventory tools.

So it was with the usual trepidation that I started to look at terms and conditions – something I needed to learn more about, as well as an area that affects software managers every day. But not really exciting.

Then my friend Heather Young (previously directory of SAM programs for Microsoft, now at Google) dropped me a note and made my week! Amazon Web Services has recently published Lumberyard (aws.amazon.com/lumberyard), “a free, open-source 3D engine for building cloud-powered games.” [1] A careful reading of the license terms notes that it’s gaming software and not intended for real-life modeling “such as use in operation of medical equipment, automated transportation systems, autonomous vehicles, aircraft or air traffic control, nuclear facilities, manned spacecraft, or military use in connection with live combat.” [2] That seems entirely reasonable. But then comes the golden nugget:

However, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization.

YES – the zombie apocalypse clause! Now, you have to work for this gem: it’s in section 57.10 which puts it 56 page scrolls down from the top of the page on my screen. But what a reward for the effort!

In the real life of the software asset manager, you won’t find this kind of amusement very often. But some diligent work will be rewarded with fewer audit worries and easier renewals.

The Whys and the Wherefores
The IAITAM Certified Software Asset Manager manual defines Terms and Conditions – or Ts&Cs – as the permissions and language protecting the copyright holder in a license or any type of contractual agreement; they are the definitions and descriptive paragraphs that specify the rules or obligations for use of software. [3] You will also see them referred to in various contexts as:

  • EULA – End User License Agreements
  • Service level agreements
  • Subscriptions
  • Enterprise agreements

The IBMSA Glossary of Software Licensing Terms [4] reinforces the “published-determined” aspect of Ts&Cs and adds two other terms that are often seen:

  • License grant and restriction – Part of the license agreement specifying what the licensee may or may not do with the software product. Under copyright law, all rights are reserved to the licensor except those specifically granted to the licensee.
  • Product-use right (PUR) – Terms and conditions in a license agreement specifying how users can operate a product, and under what limitations, without breach of intellectual property, and thus of copyright law.

Terms and Conditions could govern the entire relationship for all applications for a specified vendor, and in this case might define the conditions and procedures under which audits would take place – if at all. Alternately, Ts&Cs might govern the management of a single application. An example here are the rules from Microsoft about virtualizing IE6 to run in a Windows 7 environment; Microsoft didn’t want you doing this, so if you had a specific need for such a configuration this is something you might negotiate. [5]

There are a number of fairly standard sections in EULAs. [6] Here – very briefly, because none of these sections are brief in real life – are what you can expect from the sections:

  1. Grant of license – your rights to use the software, whether you may have backup copies, and – at least in the United States – that you may not “sell, share, distribute or sublicense the software.”
  2. Licensing restrictions – what you can and cannot do with the software. Pay close attention – there are potential violations for auditors to find lurking here.
  3. Ownership – the fact that you own nothing.
  4. Audit Rights – the rights the publisher imposes on you to audit your use of their software. We’ll talk about this more in the next section.
  5. Termination – if you break the rules, the vendor can take the software away. Remember – you don’t own anything.
  6. Warranty – this is essentially a lot of words explaining that there is no warranty. If it doesn’t work, you’re on your own.
  7. Damages – if there is no warranty, then the vendor isn’t going to pay damages if their software breaks your machine. Are you sensing a theme?
  8. Limitation of liability – let’s see: no warranty, no damages, so maybe you’ll get a refund. Maybe.

Through it all, EULAs are always long and – as with any legal document – filled with legal terminology designed to protect the vendor and confuse the software asset manager. I already referenced the IBSMA glossary of terms, and The ITAM Review has their own. [7] Most companies committed to managing their Ts&Cs will involve their legal counsel, who would in turn be well advised to work WITH the software asset manager rather than to go it alone. In some cases it may be prudent to bring in an outside consultant, and there is certainly an abundance of education available in the marketplace to learn more about the licensing agreements of various software manufacturers.

What Can You Hope to Accomplish
It should be clear by now that terms and conditions in software licenses are deliberately complex and definitely skewed to favor the software vendor. But, if you will be spending enough to get the attention of the vendor, many items in the terms and conditions can be negotiated.

Most companies entering into negotiations believe they come in on the defensive. But you have one advantage that allows you to take the offensive: you have the money and the vendor wants it.

It’s very important to remember that everything in this process is a negotiation and the negotiation should be bi-directional. You have a starting position, and so does the vendor. The goal is to arrive at a middle point where everyone has conceded something – but not too much – and where everyone is still happy to do business together. Don’t ask your vendor’s sales rep to ask for things that will hurt his credibility, and then you won’t have the rep asking you to give up items that might push you towards another vendor.

There’s an excellent section in the CSAM course and manual [8] about how to prepare for and conduct such a negotiation; in part it distills down to a handful of points:

  • Know what you’re trying to achieve
  • Know what you’re willing to give in on
  • Know what you’re not willing to give up on
  • Know the language you need to insist on

An interesting idea suggested several years ago by Timothy Nuckles in a series of three articles [9] published by The ITAM Review is to develop your “ideal” set of terms and conditions and introduce them into the acquisition process as early as possible, perhaps as early as the RFP stage. This will provide an early indication as to whether the vendor is willing to negotiate and, if so, get the ball rolling early.
One of the goals of Ts&Cs negotiations should be to soften the effect of any software audits that may occur in the future – if not remove them from future considerations. Here are some of the important aspects concerning audits that you may be able to control:

  • Will you be audited or will you have true-ups? If you can substitute true-ups, will they be annual or at the time of contract renewal?
  • How audits will be conducted with regard to schedules, who will perform them, and the rights that you have.
    • If possible, try to have audits conducted by the vendor rather than a third party; they will be less likely to audit because that’s not their line of business.
  • What tools will be used for the audit? You’ve invested heavily in a SAM tool, but you might not be able to use it; for some vendors, such as IBM and Oracle, specific tools must be used.

There’s another great article from The ITAM Review that lists in detail items that you should consider as non-negotiable, negotiable, and nice-to-have when working on audit rights. [10] Some highlights:

  • Non-Negotiable
    • Auditors must be onsite when reviewing deployment data and all data must remain on a company provided laptop that has no network connectivity.
    • Only company (x) discovery tool can be used when gathering deployment data.
    • Finalization of audit includes a non-audit clause that will extend for a minimum of 2 years.
  • Negotiable
    • Scope of audit should be based on a specific group (i.e. specific business unit or division), list of domain(s), and geographic locations.
    • Your company may choose to complete a “Self Audit” and provide report to Supplier or third party auditor.
  • Nice-to-Have
    • No non-compliance penalties other than license purchases for non-compliant areas will be assessed.

To Accept or Not to Accept – That is the Question
Joe Software-Installer is handed some new software just purchased by your company with the assignment to install it on the computer of the CIO. Joe takes the disk, and starts the software installation. Very shortly thereafter, Joe is confronted with a screen where he is asked to “accept the license agreement” or something similar. Joe is in a hurry, so he clicks OK and moves along with the installation. Bruce McDowell ITAK Article graphic

I mean, really, look at this sample for the Novell ZENworks click-through – look at that scroll-bar: it goes on forever. Who’s going to read any of this stuff anyway – the text is so small and complicated. And it’s so easy to want to click-through; you want the software, you NEED the software NOW!

But what did commitments did Joe just impose on your organization by clicking-through?

“IAITAM recommends, and industry analysts agree, that you do not accept any software license agreement that you are not permitted to preview or negotiate.” [11] This suggestion injects the software asset manager into the middle of the free-flowing installation of software that everyone strives for, especially with a software packaging team hitting ITNinja.com for the latest magic flags to make the EULA disappear from the installation process by auto-accepting it.

However, with one little click, Joe Software-Installer or Jane Software-Packager is making a commitment on behalf of the corporation. David Foxen contributed an article [12] to The ITAM Review that discusses the perils of clicking through during an installation. There’s no material difference between a click-through and a license with negotiated terms and conditions hammered out through hours of discussions. Clicking on the EULA during an upgrade could completely negate hard-won concessions in place from a previous version.

But, you think, what’s the harm to Edgar Engineer bringing in an Open Source widget he uses at home and installing it on his work machine? Well, a careful examination of the EULA might show that said widget is free to use for personal use (at home) but requires a payment in a commercial environment (at work). Oops – Edgar just put you in a compliance bind. And there’s one particularly nasty bit of evil mentioned in one of the comments from the ITAM Review article:

I’ve seen a vendor auditor use the audit clause in an eval to get into a company when the commercial team had negotiated it out of the main centralised contract.

Adding to the complexity of the situation is that only by reading the EULA do you discover at which point in the acquisition cycle the vendor terms and conditions are actually accepted. [13] There are several possibilities:

  • On purchasing the software
  • On download
  • On installation
  • On acceptance of the EULA

Bottom line – before anyone clicks-through on a EULA or codes an auto-accept-EULA switch into a deployment package, someone with knowledge of software license agreements and any special terms and conditions negotiated by the enterprise should read and sign-off on the license text. By extension, the fewer people with the ability to deploy software, the less likely someone will skip the review process and commit the company to something awkward. On the plus side, once a EULA has been reviewed and blessed, an application deployment package provisioned to the enterprise app store can be used efficiently as needed – so long as someone is watching the installation counts!

Conclusion
Terms and Conditions are generally perceived as complex and intimidating – sort of the “there be dragons there” of software asset management. However, to a SAM practice, they should be looked at for the potential opportunities hidden in the fine-print. The larger and more regulated a business is, the greater the gain in control that may be realized by strategically negotiating for terms and conditions that can benefit your enterprise. So get out the reading glasses, put on a pot of coffee and dive in!

Sources
You’ll have noted that there are a lot of footnotes in this article. There is an incredible volume of writing about the topic and I have just scratched the surface of what is available. I wanted to make sure that I provided readers with access to the complete source material.
I have several primary sources for research projects such as this:

  • The IAITAM Certified Software Asset Manager course presents a strong, structured view as to how Terms and Conditions fit into the various Key Process Areas.
  • The ITAM Review publishes practical first-hand information from industry experts and practitioners in the areas of ITAM, SAM and software licensing. Recent postings include “Licensing Quick Guides” for Adobe, IBM, Oracle and Salesforce.com.
  • The International Business Software Managers Association (IBSMA) provides education and networking events for asset management and licensing professionals.

It’s also a rare week that I don’t attend at least one web seminar presented by one of the sponsors of the IAITAM semi-annual conference and exhibition events. There are a lot of incredibly talented folks out there who are happy to share what they’ve learned.

Footnotes
[1] “Amazon’s new cloud engine has a zombie apocalypse clause” by Steve Ranger for ZDNet, Feb. 10, 2016 http://www.zdnet.com/article/amazons-new-cloud-engine-has-a-zombie-apocalypse-clause/
[2] Lumberyard Service Terms, http://aws.amazon.com/service-terms/
[3] IAITAM Certified Software Asset Manager Manual, page 64, copyright 2008-2016 by IAITAM Publishing LLC
[4] IBMSA Glossary of Software Licensing Terms – http://www.ibsma.com/page/glossary-of-software-licensing
[5] “Virtualizing Internet Explorer on Windows 7” by Paul DeGroot for IBSMA, Dec. 5, 2010 http://www.ibsma.com/forum/topics/virtualizing-internet-explorer
[6] “EULA’s explained in simple terms” by David Foxen, The ITAM Review, June 4, 2014. http://www.itassetmanagement.net/2014/06/04/eulas-explained-in-simple-terms/
[7] “What you need to know – ITAM and Licensing Terms” by David Foxen, The ITAM Review, July 28, 2015. http://www.itassetmanagement.net/2015/07/28/itam-licensing-terms-2/
[8] IAITAM Certified Software Asset Manager Manual, page 100
[9] “Quick Guide to Licensing Agreements: Tipping the Balance Towards Clients (Part 1/3)” by Timothy Nuckles, The ITAM Review, August 20, 2009. http://www.itassetmanagement.net/2009/08/20/quick-guide-to-licensing-agreements-tipping-the-balance-towards-clients-part-13/
[10] “Audit Defence Checklist – Nice to have, negotiable or non-negotiable terms” by Chris Moffett, The ITAM Review, February 1, 2016. http://www.itassetmanagement.net/2016/02/01/audit-defence-checklist/
[11] IAITAM Certified Software Asset Manager Manual, page 65
[12] “The Dangers of Click-Through Licensing” by David Foxen, The ITAM Review, May 20, 2014. http://www.itassetmanagement.net/2014/05/20/dangers-clickthrough-licensing/
[13] IAITAM Certified Software Asset Manager Manual, page 37

About Bruce McDowell

In 1990, Bruce was a founder of Tally Systems, helping to bring the first hardware / software inventory tool to market and later working with the professional services group, managing on-site inventories for Fortune 1000 companies and product implementations. After Novell acquired Tally Systems in 2005, Bruce worked in a number of roles including Product Management for the inventory, recognition and asset management components of ZENworks. Since 2009, Bruce has been an independent consultant working on configuration and asset management projects mainly based around Novell’s ZENworks product line. He has also developed and presents several courses for Novell Training.