When I first started a SAM program the world was a lot simpler. Sarbanes-Oxley (SOX) had been created but not yet implemented by those folks that it would immediately effect, and the signs of an impending financial crisis were not yet seen. So the need for a complete understanding of what you, the consumer of software, were entitled to use was not clear.
Today, thanks to both of these turning points, software publishers have processes in place to quickly retrieve the entitlements out of their system and into your hands, and some have begun to standardize how the information is presented.
I call this report a publisher statement. I want to emphasis that the publisher generates this themselves, the data doesn’t come from anyone else’s system. The publisher statement is important because it reflects what the publisher knows about, and will most likely be the basis on which your environment is compared, in an audit.
Some publisher statements have formal names and consistent formats: Microsoft’s Microsoft Licensing Statement (MLS) and Adobe’s License Intelligence Report (LIR) are the two early adopters. Microsoft’s from way back and Adobe’s in more recent years. Symantec, Autodesk, and Citrix are starting to show some consistency but I’ve seen some from these publishers that are not, for some reason.
Other publisher statements continue to come in different shapes and sizes. For some it could be as simple as the body of an email, or a pdf of a scanned invoice.
So how do I get my hands on one?
It’s easy; start with the person you contact to buy new licenses or renew your subscription / maintenance on existing licenses. The difficulty back in the day was explaining to your contacts why you wanted the information, why I was asking it of them, and what data I specifically wanted to see. I had to do some networking to locate the person that said “I know what you’re asking for, I can get that to you soon.” Today, I don’t have to ask for these myself but suspect it doesn’t take as much time as it did.
What do I ask for?
If your publisher doesn’t have a standardized report here’s the list I tell my customers to request:
- Operating system(s)
- License metric
- Purchase date
- If a pack how many to the pack
- Perpetual or Subscription
- If subscription the start and end dates to the rights
- Most recent start and end date
- Publisher’s sku
- Agreement/contract number (if applicable)
- Purchasing entity or business unit’s name
- Downgrade rights details
- Cross platform rights (if applicable)
- Cross edition rights (if applicable)
- Total cost of the purchase
- Currency used for purchase
- Invoice number
- Activation or serial number
- Geographic (or any other form of) scoping (if applicable)
When requesting the publisher statement, there are some new factors to consider that didn’t exist before SOX; document retention and processing fees. I’m not positive but I want to say the company I was working for at the time, brought in a document management tool and started to define data retention terms about the time the Federal Rules of Civil Procedure (FRCP) recognized the term Electronically Stored Information (ESI) in 2006. The result being the ability to request access to electronically stored data (text and instant message, legal documents, emails, etc.) for litigation.
As time’s progressed, I’m seeing more and more publishers making roughly the recent five years of data available. Beyond that there may be a fee for retrieval from the archives or the data is not available, period. Also, fees are being charged for second copies of the publisher statement made within a specified time period. The more common I’ve heard is one per quarter.
Be sure to quality check to your list upon receipt. Many times what comes back is nowhere close to what was specified as required, or the information is highly summarized; a report of active maintenance only. No original purchase data, no details of the underlying versions, editions, quantities, etc., and no reference to entitlements that are perpetual but not under active maintenance.
What to expect from your request
Return times can fluctuate. I’ve seen anywhere from same day, to months, to almost a year. I’m not sure why it would take three months to generate a standard report? The almost a year was due to a combination of things on both sides of the request.
My rule of thumb for any type of follow-up applies. Give the contact three business days (maybe longer if it’s a busy time for them or yourself) then check in for an update. Ask for an expected date of arrival, who will be sending it, and in what form the delivery will take. I’ve often looked for an email at the address my proof of entitlement emails come in to for weeks only to find out the report was sent to my software partner shortly after the request had been submitted.
When you get the report it could be extremely simple, missing requested data, or hard to understand. Definitely ask for the missing data and a thorough explanation of how to read the data. You’re going to be the one to translate that data to your management system so that the data can be interpreted by yourself or your successors in an audit; be it internal or eternal.