Best practices charter 2021 for Software license audits: recommendations from Cigref members for customers and their suppliers

6 janvier 2022 | ACTUALITÉS, Cigref in english, Communiqués, Publications du Cigref, Relations Fournisseurs

Cigref’s Supplier Relationships Club is proposing an update of its 2015 Charter of best practices for software license audits, produced with the active contribution of a dozen lawyers, buyers and software asset managers from Cigref member organizations, formed into an « audit management » taskforce.

The charter is also available in French.

Audits remain a reality

Software license audits are a right of the software publisher recognized by customers, but they expose the audited companies to significant legal and economic risks. Moreover, Cigref members believe that the advent of the cloud does not make audits any less crucial for vendors, who can use identified non-compliances to encourage their customers to migrate to the cloud. This is especially true since most organizations that use digital services are moving to a hybrid cloud approach and their migration path to the cloud takes place over several years. They must therefore deal with their legacy IS, and in particular their existing on-premise software, while adopting new licensing and billing models linked to the consumption of services in the cloud.

Audit management therefore remains a major concern for Cigref members, who have expressed the need to update the Charter of Good Practices for Software License Audits, a document initially developed in 2010 by Cigref and then updated in 2015. 

A good audit is an anticipated and supervised audit

Too often, the audit is still experienced by the audited organizations as a heavy constraint, consuming internal resources, generating tensions with the supplier and creating budgetary uncertainties. In order to take place under the right conditions, the right to audit must be anticipated and contractually supervised at every stage of the process.

This charter is intended for both users and software or cloud service providers, and is therefore a reminder of some of the main principles required to establish a balanced relationship based on trust between the parties, before proposing recommendations and best practices for conducting an audit.

The charter is also available in French.

Nomenclature des profils métiers du SI – version 2022

Le Cigref maintient, depuis 1991, une Nomenclature des profils métiers existant dans les Directions des Systèmes d’Information (DSI) des entreprises membres du Cigref. Cet outil ne présente pas ce que seront à l’avenir les métiers des SI mais ce qu’ils sont...

Towards a Zero Trust philosophy: a break in continuity for application security

Cigref has published a report on the work of its "Zero Trust" working group, led by Thierry Borgel, CIO of the ICADE group. Zero Trust is a development of IT security principles and a philosophy that organisations will need to adopt to strengthen the security of their...

Vers une philosophie Zero Trust : une rupture dans la continuité pour la sécurité des applications

Le Cigref publie, sous forme de rapport, les travaux de son groupe de travail sur le thème « Zero Trust », piloté par Thierry BORGEL, DSI du groupe ICADE. Le Zero Trust est une évolution des principes de sécurité IT et une philosophie que les...