Software Licensing Compliance and SAM at SAP
As a software company, SAP is acutely aware of the importance of licensing. Our more than 65,500 employees use a wide range of applications in their daily work, and we need to make sure that each one is used legally, securely, and cost effectively.
This is not simply good business practice and good corporate citizenship. It is also a matter of risk, since we may be audited at any time by a software vendor, or for compliance practices.
That is why my team has developed a three-year license risk reduction program to establish processes, improve software asset management tools, and educate employees about our policies and requirements.
Now that the program is implemented, my Asset and License Management team has three main activities: Software Approval Process (SWAP), Software Asset Management (SAM) and Software Compliance.
Software Approval Process
The Software Approval Process (SWAP) enables SAP employees to check if the software they would like to use can be authorized by SAP.
All SWAP rated software is available in a dedicated catalog on the SAP intranet. As a result, when an employee wants to use a specific software, he or she can check the SWAP rating. If no rating exists, the employee can start an approval process. The end of the approval process directs the employee on how to procure the software. Or, it informs the employee that the software he or she wants to use cannot be authorized – and for what reason.
Software Asset Management
SAP’s Software Asset Management (SAM) strategy provides a strong governance platform, with professional software contract management and a constant focus on compliance checks.
We also maintain crystal-clear end user communication through a “ONE” SAP intranet portal page. With continuous updates, this page offers all relevant information on software usage at SAP, including information on compliance and responsibility.
In addition, we created a three-minute video that clearly explains:
• Software usage and responsibility
• The portal page for all software information
• Software Approval Process (SWAP)
• Software procurement process
• How to use the Software Compliance Information (SCI) tool
Moreover, the SAM strategy empowers end users to take autonomous action to ensure compliance through the Software Compliance Information (SCI) tool. This is a novel approach that allows our employees to act as 65,500 “friendly auditors” who oversee their own practices.
The SCI tool, available on the SAP intranet, shows each employee a complete profile of their software usage, including any issues that require security or compliance attention. The tool covers:
• Software in use: A list of applications that are currently licensed and installed
• Software not in use: A list of applications that have been licensed but not installed
• Software incorrectly licensed: A list of applications that have been installed but not correctly licensed
• Unapproved software: A list of applications that have been installed but that are not permitted on SAP systems due to security or licensing concerns
When an application is licensed but not installed, the SCI tool allows an employee to facilitate its re-installation, or transfer the license to a license pool. This option has helped SAP save substantially in license true-ups in 2013.
When a software application is installed but not correctly licensed, the user is invited to either uninstall immediately or purchase the license. In other words, SCI not only displays information about software usage; it also invites the user to take action.
In addition to offering the SCI tool, my team ensures compliance by running compliance campaigns and calling attention to compliance situations among end users when self-service has been overlooked.
In addition to producing significant savings, the Software Compliance Information process has helped SAP reduce its licensing compliance risk for thousands of employees.
But we’ve only just begun. We continue to spread the word of this process to employees around the world, and expect to have full awareness among our entire workforce by 2014.