Area of Risk
Commercial software vendors are becoming increasingly aggressive in enforcing their rights under the copyright laws. Most Information Systems employed on the Georgia Tech campus make use of Commercial Off-The Shelf (COTS) software. Virtually all COTS software products are licensed to the user, not sold, under the copyright laws of the United States. While some software is “free for educational use”, this software is by far in the minority. All types of software are still covered under copyright laws. The unauthorized duplication, operation on machines other than for which licensed, or other ”piracy” is a violation of Federal law, and may expose the individual and the Institute to legal actions which could lead to significant monetary loss, professional embarrassment and possible imprisonment.
The Georgia Tech Computer and Network Usage Security Policy contains guidance regarding licensing as follows:
- No software may be installed, copied, or used on Institute resources except as permitted by the owner of the software
- Software subject to licensing must be properly licensed, and all license provisions (installation, use, copying, number of simultaneous users, terms of license, etc.) must be strictly adhered to
- Users are prohibited from using, inspecting, copying, storing, and redistributing copyrighted computer programs and other material, in violation of copyright laws
One of the most daunting conundrums for the educational environment is the monitoring and control over the installation of software.
- Is the operating system a secure operating system?
- Is there a software management system in place that details the authorized software, and a standard configuration for unit computers?
- Does the CSS/CSR have a spreadsheet or database that cross-references software licenses to specific computers?
- Are administrative controls limited to only those personnel authorized to install software?
- Are monitoring techniques in place to detect the un-authorized downloading or copying of installed software?
- Are routine inventories conducted of installed software?
- Can you show proof of purchase and license agreement for each piece of licensed software installed on any of your computers?
- Do you have the correct number of per-seat or server client licenses for the unit servers?
- Promulgate a unit policy on software management
- A pro-active user education and training program that sets the standards for users to follow
- Use a “secure” operating system that can be tailored to the users, and only allows specified personnel the ability to install software
- The employment of automated license tracking software is highly recommended; this usually involves the installation of “agent software” that keeps an active inventory of installed software and changes to installed software
- Have your purchasing department or purchasing officer maintain a file of software purchase orders and vouchers
- Limit the authority of who can purchase software, especially with PCards
EMPOWER THE PEOPLE RESPONSIBLE
System administrators, users, and management all play a constructive role in developing and maintaining software licenses. Local unit policy should specify which positions are associated with software licensing duties.
COMMUNICATE WITH EVERYONE
Make use of Information Systems:
- Use Web sites and Email to promulgate policies and procedures.
- Ensure accuracy and currency of information
- Ensure due diligence by staying current!
USE A SYSTEMATIC APPROACH
- Conduct routine inventories.
- Insist proper procedures are followed for software purchases.