Best practices charter 2021 for Software license audits: recommendations from Cigref members for customers and their suppliers

6 janvier 2022 | ACTUALITÉS, Cigref in english, Communiqués, Publications du Cigref, Relations Fournisseurs

Cigref’s Supplier Relationships Club is proposing an update of its 2015 Charter of best practices for software license audits, produced with the active contribution of a dozen lawyers, buyers and software asset managers from Cigref member organizations, formed into an « audit management » taskforce.

The charter is also available in French.

Audits remain a reality

Software license audits are a right of the software publisher recognized by customers, but they expose the audited companies to significant legal and economic risks. Moreover, Cigref members believe that the advent of the cloud does not make audits any less crucial for vendors, who can use identified non-compliances to encourage their customers to migrate to the cloud. This is especially true since most organizations that use digital services are moving to a hybrid cloud approach and their migration path to the cloud takes place over several years. They must therefore deal with their legacy IS, and in particular their existing on-premise software, while adopting new licensing and billing models linked to the consumption of services in the cloud.

Audit management therefore remains a major concern for Cigref members, who have expressed the need to update the Charter of Good Practices for Software License Audits, a document initially developed in 2010 by Cigref and then updated in 2015. 

A good audit is an anticipated and supervised audit

Too often, the audit is still experienced by the audited organizations as a heavy constraint, consuming internal resources, generating tensions with the supplier and creating budgetary uncertainties. In order to take place under the right conditions, the right to audit must be anticipated and contractually supervised at every stage of the process.

This charter is intended for both users and software or cloud service providers, and is therefore a reminder of some of the main principles required to establish a balanced relationship based on trust between the parties, before proposing recommendations and best practices for conducting an audit.

The charter is also available in French.

Pilotage de l’entreprise par la donnée : extraire la valeur de la donnée à l’échelle de l’entreprise

Dans cette ère du numérique, la donnée est souvent présentée comme l'or noir du 21ème siècle, constituant une richesse inestimable pour l'humanité. Cependant, contrairement au pétrole, dont la valeur est largement reconnue, les données demeurent en grande partie...

Auditer la gouvernance du numérique : les évolutions majeures du Guide d’audit de la gouvernance du numérique

Les organisations constatent aujourd’hui, qu’avec l'accélération des évolutions technologiques, la softwarisation des produits et des chaînes de production, et la numérisation de l’ensemble des processus des organisations, la contribution du numérique à la...

Cigref publishes its third version of the trusted cloud reference document

Cigref's "trusted cloud" referential expresses the generic trust needs of Cigref members as users of cloud services. It summarizes Cigref's work carried out since 2019 by the "trusted cloud" working group, led by Vincent Niebel, CIO of the EDF Group. This version,...