Ahhh…the SPLA audit. There are very few things in this world that can disrupt a business like an audit notification. In this post, I will write about the reasons behind an audit and what you can do about it.
Did you recently purchase another company? Are you hosting software that you lease from a third-party such as e-discovery software or EMR software? Did your SPLA report change (higher/lower)? Have you not reported usage at all? Do you advertise hosting offerings but report minimal usage? Do you not have a SPLA agreement but provide software as a service?
All of the above are valid, but the more important reason? They can. Vendors can audit whoever they choose. It’s their software. I wouldn’t focus on the “why” as much as I would focus on “how” Meaning how do you reduce your exposure and go on with your business?
The first step with any audit notification is to not do anything. Don’t blame someone, justify it somehow. etc, etc. I would just breathe. Again, vendors can audit whoever they want. It might sound odd to not do anything (at first) but too many providers take to email and start fuming. Don’t do that.
There’s a ton of tricks and tips in an audit. Here’s a list of some of the tips.
1. Take inventory. I think every service provider knows where they are vulnerable. 99% of the time it starts with two products with 3 letters; S-Q-L and R-D-S.
2. Look at your customers. Do any of your customers have software assurance?
3. Respond to the auditors, but keep one thing in mind – less is more my friend. Not responding will only frustrate everyone involved.
4. Don’t hire a lawyer – be the lawyer. Have you ever been involved in a litigation dispute? Your lawyer will contact the defendant; and the defendant contacts their lawyer. What do you think happens if your lawyer contacts a vendor? Vendor contacts their legal department. I hate to say it, but my money is on the guy with the billion(s) of dollars. I’d rather talk to the vendor representative who needs my business.
5. Take inventory of the licenses you purchased outside of SPLA that you use(d) to support your hosted solution.
Now for the tricks –
Now it wouldn’t be fair if I show this to my competitors right? Email me at email@example.com to find out more.
Thanks for reading,