Best practices charter 2021 for Software license audits: recommendations from Cigref members for customers and their suppliers

6 janvier 2022 | ACTUALITÉS, Cigref in english, Communiqués, Publications du Cigref, Relations Fournisseurs

Cigref’s Supplier Relationships Club is proposing an update of its 2015 Charter of best practices for software license audits, produced with the active contribution of a dozen lawyers, buyers and software asset managers from Cigref member organizations, formed into an « audit management » taskforce.

The charter is also available in French.

Audits remain a reality

Software license audits are a right of the software publisher recognized by customers, but they expose the audited companies to significant legal and economic risks. Moreover, Cigref members believe that the advent of the cloud does not make audits any less crucial for vendors, who can use identified non-compliances to encourage their customers to migrate to the cloud. This is especially true since most organizations that use digital services are moving to a hybrid cloud approach and their migration path to the cloud takes place over several years. They must therefore deal with their legacy IS, and in particular their existing on-premise software, while adopting new licensing and billing models linked to the consumption of services in the cloud.

Audit management therefore remains a major concern for Cigref members, who have expressed the need to update the Charter of Good Practices for Software License Audits, a document initially developed in 2010 by Cigref and then updated in 2015. 

A good audit is an anticipated and supervised audit

Too often, the audit is still experienced by the audited organizations as a heavy constraint, consuming internal resources, generating tensions with the supplier and creating budgetary uncertainties. In order to take place under the right conditions, the right to audit must be anticipated and contractually supervised at every stage of the process.

This charter is intended for both users and software or cloud service providers, and is therefore a reminder of some of the main principles required to establish a balanced relationship based on trust between the parties, before proposing recommendations and best practices for conducting an audit.

The charter is also available in French.

Critères de décisions RSE à intégrer dans les projets IT : l’outil d’évaluation disponible !

Peut-on encore, en 2023, lancer un projet SI sans se préoccuper de sa contribution à la RSE et de son impact Numérique Responsable ? Quelles sont les bonnes questions à se poser pour justement, engager un tel projet en toute connaissance de cause ? Et d’ailleurs,...

Réagir à une cyberattaque massive : Gérer les conséquences d’une crise d’origine cyber

Le risque cyber est aujourd’hui considéré comme le risque le plus élevé par la plupart des organisations et entreprises. Le travail d'intelligence collective présenté dans ce rapport a donc pour objectif de mettre à disposition des lecteurs des éléments très concrets...

Élaborer et mettre en place la stratégie data : Gouvernance et Architecture Data & Analytics

Le Cigref publie, sous forme de rapport, le résultat des travaux de son groupe de travail sur le thème « Gouvernance et architecture data », co-piloté par Alice Guéhennec, Chief Digital & Information Officer du groupe SAUR et à Patrick Mahu, architecte...

Mise en application du Digital Market Act

Le Digital Market Act ou DMA, réglementation européenne sur laquelle le Cigref s’est beaucoup impliqué au cours de ces dernières années, entre en application à compter d’aujourd’hui, mardi 2 mai 2023. Télécharger le communiqué de presse Maintenant que le DMA...

Cloud Migration Strategies: a structural challenge for companies

Cigref publishes a report on the results of the work of its working group on "cloud migration strategies", co-chaired by Jean-Christophe Lalanne, EVP IT at Air France KLM, and Stéphane Rousseau, CIO at Eiffage. This updated version of the first version of the Cloud...