MEGABYTE Act Recommendations for CIOs (Part 2 of 2)
In MEGABYTE Act Recommendations for CIOs (Part 1 of 2) of this blog series, we looked at the first three of six requirements that the MEGABYTE Act of 2016 recently put into place. We then gave our recommendations for how CIOs can achieve compliance by next year.
Here, we'll continue with requirements four, five, and six, and give our recommendations for each one.
4. Provide training relevant to software license management
Software license management as a discipline has been growing in importance in private sector organizations for many years, and there are a number of organizations that offer training on processes, policies, metrics, business management and security requirements to fulfill demand.
The most well-known software asset management certification course is offered by the International Association of IT Asset Managers (IAITAM).
Be aware that there is a well-documented ITAM/SAM skills shortage in the marketplace, so plan for extended timeframes if recruiting from outside the agency.
Recommendation: CIOs should evaluate staff to determine if existing employees have the skillsets needed to fulfill on this new law.
This will require people who understand not only tools, but also procurement/sourcing, contracts, project and portfolio management, vendor management, performance scorecards, and enterprise architecture. All of these areas will provide feedback into software savings opportunities and lifecycle planning.
5. Establish goals and objectives for the agency software license management program
Goals and objectives that include critical success factors (CSF) and key performance indicators (KPI) are essential to designing an effective software license management program.
For example, a KPI would be the ability to respond to a software vendor audit in 30 days. A CSF would be the ability to provide a monthly or quarterly report that demonstrates compliance with the legislation.
Metrics that support these goals and objectives will disclose whether or not they are successful or failing. Time- and cost-based metrics will uncover opportunities for continuous improvement, but these need to be aligned with agency goals.
Recommendation: CIOs should evaluate existing metrics and the processes they support to determine if they are capable of supporting effective software license management. If the existing metrics aren’t comprehensive or are non-existent, a baseline inventory of the environment will be needed to create a starting point for the metrics.
6. Consider the software license management lifecycle phases
These phases include requisition, reception, deployment and maintenance, retirement, and disposal. They help with implementing effective decision making, as well as incorporating existing standards, processes, and metrics.
With the key stages of the asset lifecycle outlined in the legislation, building best practice processes, policies and metrics around each of these stages will be the priority.
The longest part of the lifecycle is the deployment and maintenance stage, so that is where the most change will be happening to the software.
Software patches, upgrades, and new releases will happen over the usable life of the software, which could be anywhere from three, five, seven, ten years or longer for ERP or highly specialized applications.
Processes and metrics need to reflect the unique characteristics of each agency and not just the generic templates leveraged from the private sector. Budgets, mission, and use of outside contractors and staffing are just a few areas that will require agency-specific process design.
LANDESK offers an ITAM/SAM attainment workshop to help customers assess their current process, policy, and governance maturity. The workshop also uncovers where the holes exist in their current program and the areas where they are currently doing well.
Recommendation: CIOs should develop processes and metrics that reflect the unique characteristics of their agency and not rely on generic templates leveraged from the private sector.
With other mandates already in place around purchasing and disposal, CIOs should place focus on the process of managing the software license entitlement and ensure that they are in compliance with software contracts.
The potential savings from an effective ITAM/SAM program, in a government agency that already has some best practices in place, could still be up to 20 percent of the management costs associated with the various assets in the first year of implementation. I’ve often see ITAM/SAM programs generate enough savings to be self-funded and have funds freed up to be allocated back to technology investment.
With the proper processes, policies, and people in place, CIOs should have no problem reporting their cost savings and risk avoidance from improved software license management practices on a regular basis.
Side note: While the MEGABYTE legislation does not apply to state and local government, there are 28 representatives from states that co-sponsored this legislation. CIOs of these states (and others) should consider how they would approach getting a handle on their software licenses and what kinds of savings those might represent to their organizations.
Be sure to check out why LANDESK was named Info-Tech's Champion by downloading our free report below!