Software Audit? Non-Disclosure Agreements Are A Must
Non-Disclosure agreements in a software audit are one of the most important things you need to get in place if you are being audited. With more and more software vendors utilizing third party auditors to compile the actual audits and create the Effective License Position (ELP) having a Non-Disclosure agreement in place is essential.
It’s not new news that software audits are becoming more common and aggressive. In fact, here at MetrixData360, we’ve been beating this drum for years. One of the patterns we have seen emerge is that various vendors are utilizing third-party auditors to compile the licensing position. These third-party auditors can be accounting firms or just partners of the software vendor. In either case, it’s critical that you get specific non-disclosure agreements in place to protect yourself as in many cases they are incentivized to drive a licensing gap.
Software Auditors Don’t Work For You
It’s important to remember that these third-party auditors work for the vendor and are paid by them as well. In most cases, we understand that they are rewarded for driving licensing gaps. They will run their scripts, request various deployment data from you and present you with an ELP which shows your entitlements juxtaposed with your deployments and identifies any gaps in licensing. It is important to note that the first few ELPs that they present to you will be error-filled and will include incorrect assumptions. You will then present evidence and work to ensure that it is correct. In our experience these first few ELP’s skew heavily in the vendor’s favor. You don’t want them to assume that these early ELP’s are representative of your true licensing position. This is where the non-disclosure agreement comes in.
Make Sure Your Data Stays Yours
The most important thing that you want to achieve in this non-disclosure agreement is to ensure that they (the third-party auditor) cannot share data with the organization that has commissioned the audit without your approval. This seems straight forward but in our experience without a non-disclosure agreement in place, these third-party auditors will often share data before it has been signed off on by your team. The result is that the vendor will see early, incorrect versions of the ELP. This may include development and test environments, out-of-scope products, etc. This often will cause them to forecast purchases for you based on incorrect data and it makes it harder to get them to accept the correct data when it is ready.
The goal will be to ensure that when the ELP finally is released to the vendor it contains clean, correct data that you are comfortable with. This will help to make any negotiations smoother and eliminate misunderstandings. If you have any questions about this process, contact us to book a free consultation