Procedures

Software Asset Management - Procedure

Printer-friendly version
Body

1.0   Purpose and Scope

This procedure outlines the requirements for software access and management at The University of Queensland (UQ or the University) and applies to all UQ consumers as defined in the UQ Information and Communications Technology Policy (ICT Policy).

This procedure supports UQ software strategy, funding and sourcing decisions, and enables UQ to monitor software compliance and proactively prepare for software audits. Where full compliance with this procedure is not be feasible or in UQ’s best interests, UQ consumers must request an exemption to the Chief Information Officer (CIO) as ICT Category Owner.

1.1   Context

This procedure should be read in conjunction with other ICT policies and procedures, including:

2.0   Process and Key Controls

The following requirements apply to the access and management of software at UQ:

  1. Before purchasing any new software, UQ consumers must refer to UQ’s Standard Software Catalogue, which provides software for academic, research and administrative use.
  2. UQ consumers should purchase software through the UQ Standard Software Catalogue if the software is available.
  3. UQ consumers that access software must comply with all usage restrictions, licence conditions, purchasing and installation requirements of the software.
  4. UQ consumers seeking to purchase new software that is not available through the Standard Software Catalogue must contact the ITS Enterprise Licensing team or their Organisational Unit’s Local IT Team to conduct a software procurement process.
  5. The Information Technology Services (ITS) Division has oversight of software procurement at UQ and is responsible for UQ’s software asset management including registration, installation, support and disposal. The ITS Division’s software asset management lifecycle is detailed in the Appendix (section 7.1).

3.0   Principles and Key Requirements

3.1   Assessing UQ software

UQ consumers must refer to UQ’s Standard Software Catalogue before purchasing new software at UQ. The Standard Software Catalogue lists all software available to UQ consumers for academic, research and administrative use that is available to download on UQ-owned computers, personal devices or both (restrictions on use are listed in the Standard Software Catalogue).

The Standard Software Catalogue provides all licensing, purchasing, usage and installation requirements for each software product. UQ consumers must comply with the requirements of the software, including any purchasing or requesting software processes.

3.2   Non-standard software procurement

For software purchases that are not available through the Standard Software Catalogue, UQ consumers must contact the Organisational Unit’s Local IT Team or the ITS Enterprise Licensing team to conduct a software procurement process. Procurement of new software at UQ must comply with UQ’s procurement policies and procedures, and UQ’s Financial and Contract Delegations Framework.

3.3   Software installation, support and disposal

UQ consumers must comply with the installation requirements of the software product as outlined in the Standard Software Catalogue. UQ consumers may self-install some software products accessed through the Standard Software Catalogue or contact their Local IT Team or the ITS Division for installation assistance.   

As outlined in section 4.0 of this procedure, teams within the ITS Division and Local IT Teams are responsible for:

  • installation of software that cannot be self‑installed;
  • disposal of software; and
  • providing software support to UQ consumers.

4.0   Roles, Responsibilities and Accountabilities

4.1   UQ consumers

UQ consumers must:

  • Refer to and use the UQ Standard Software Catalogue to access software at UQ.
  • Comply with all usage restrictions, licence conditions, purchasing and installation requirements of the software.
  • Contact their Local IT Team or the ITS Division before purchasing any software that is not available through the Standard Software Catalogue.

4.2   Enterprise Licensing Team

The Enterprise Licensing Team within the ITS Division is responsible for:

  • The UQ Standard Software Catalogue Management.
  • Standard software acquisition for centrally managed software licences and non-standard acquisition for ITS-supported business units.
  • Software registration for ITS-supported units and centrally managed software.

4.3   Local IT Teams

Local IT Teams within non-ITS-supported business units are responsible for providing the following services to the business unit:

  • Non-standard software acquisition for business units.
  • Responding to software services requests of the business unit, including providing advice.
  • Software selection and packaging –
    • Maintaining a software deployment schedule for new software products and new version releases.
    • Evaluating new software requests and confirming suitability with UQ systems.
    • Updating the software libraries and registers, including:
      • UQ Standard Software Catalogue.
      • Definitive Software Library.
      • Software package deployment locations.
  • Installation and deployment of new software, including software as part of new hardware deployments.
  • Check availability of the licence for the consumer and/or device, and the use of the UQ SAM Tool client is operating correctly on the device.
  • Software support and disposal for the business unit.
  • Software registration and processing software inventory.
  • Responding to software audits (see section 5.0).
  • Considering and advising the consumer on the risks relating to the software.
  • Overseeing software licence compliance and optimisation (see section 5.0).

4.4   ITS Customer Support Services

The ITS Customer Support Services Team is responsible for providing the following services to all UQ consumers:

  • Responding to software services requests.
  • Considering and advising the consumer on the risks relating to the software.
  • Installation/deployment of new software, including software as part of new hardware deployments and confirming: the ownership, availability and suitability of the software being deployed. 
  • Availability of the licence for the consumer and/or device.
  • The UQ SAM Tool client is operating correctly on the device.
  • Providing software support services in the UQ environment, including advising on the use of installed software and in relation to resolving software errors.

4.5   ITS Service Automation

ITS Service Automation is responsible for:

  • Configuring and managing the UQ Software Asset Management tool.
  • Creating and maintaining software packages and scripts.
  • Management of UQ’s teaching space computer laboratories.

4.6   Licensing Sub-Category Manager

The Licensing Sub-Category Manager is responsible for:

  • UQ Software Asset Management Tool supplier management, in consultation with ITS Service Automation.
  • UQ Software Asset Management process management.
  • Managing software audits.
  • Overseeing UQ’s software asset management compliance and benefit realisation.

4.7   Information Technology Asset Management Committee

The Information Technology Asset Management Committee (ITAM) is a sub-committee of UQ’s Information Technology Governance Committee and is responsible for ensuring the University effectively manages its hardware and software IT assets. 

ITAM oversees the continual improvement of the management practices surrounding Software Asset Management (SAM) and Hardware Asset Management (HAM) at UQ. ITAM is responsible for the following software matters:

  • Ensure that UQ’s software usage complies with vendor terms and conditions.
  • Ensure that UQ’s software assets are efficiently managed and utilised throughout their lifecycle.
  • Approve changes to UQ’s standard software catalogues.
  • Develop and maintain standardised and effective SAM procedures, processes and tools, and provide appropriate assurance of effective implementation.
  • Providing forums for stakeholder engagement on software asset management.

4.8   Chief Information Officer

With support from the Information Technology Governance Committee, the Chief Information Officer is responsible for:

  • ICT Category Ownership at UQ.
  • Oversight of UQ’s Information Technology Asset Management Committee.
  • Oversight of software asset management at UQ.

5.0   Monitoring, Review and Assurance

Enterprise Licensing, ITS Customer Support and Local IT Teams will monitor and report on UQ’s effective licence position, undertaking the following activities:

  • Monitor licence compliance, consumption and usage, and resolve licence compliance issues.
  • Review installation and usage data to identify opportunities for licence recovery, consolidation and rationalisation.
  • Review licence and installation evidence to ensure software usage is reported correctly and that new applications are recognised correctly.
  • Ensure audit readiness by reporting as required –
    • software entitlement status for specific software vendors and products,
    • software installations, and
    • overall compliance position to show under/over-licensing.

The ITAM Committee will meet every two months to monitor and review Software Asset Management activities in order to:

  • Assess UQ’s software compliance position.
  • Assess compliance with the procedure and to demonstrate/confirm its effectiveness.
  • Identify, assess and prioritise any deficiencies in the implementation of SAM at UQ.
  • Identify and consider beneficial SAM process improvement.
  • Identify and implement strategic initiatives relating to software compliance.
  • Ensure ongoing relevance of this procedure.
  • Approve proposed changes to the Standard Software Catalogue.

UQ’s Licensing Sub-category Manager will manage regular software audits to ensure that UQ software is installed and being used in compliance with its licence.

Enterprise Licensing, ITS Customer Support Services and Local IT Teams will assist with audit processes by undertaking the following activities:

  • Verify the formal vendor audit notification and inform Chair of ITAM, Software Licensing Sub‑Category Manager, key stakeholders and support staff.
  • Review purchase details to confirm licence details, usage rights and quantity.
  • Gather data from available SAM tools and through alternative methods as necessary when directed by the auditors.
  • For audited products, analyse UQ’s software entitlements and installations and report on overall compliance position.
  • Carry out agreed audit outcome actions.

6.0   Recording and Reporting

UQ’s software licence entitlements must be recorded in the UQ SAM tool and all UQ client computing devices must have the appropriate UQ SAM tool agent installed.

The Software Licence/Agreement/End-User Licence Agreement (EULA) must be stored in an approved UQ record keeping system.

Documentation related to all vendor software audit requests must be provided to the chair of the ITAM Committee and stored in an approved UQ record keeping system.

The ITAM Committee will report quarterly to UQ’s Information Technology Governance Committee (ITGC) on strategic software asset management initiatives and amendments to this procedure, for ITGC endorsement. The ITAM Committee will provide an annual report to ITGC on the overall effective governance of software asset management at UQ.

Details of meetings and actions to be recorded and stored following standard UQ requirements for record management.

6.1   Software registration

All new software purchases must be recorded in the UQ Software Asset Management Tool, which requires the following licence details of the software using the approved Licence Details form:

  • Publisher.
  • Product name, version, edition, product SKU (stock keeping unit).
  • Licence program (e.g. academic, commercial, research).
  • Licence Quantity.
  • Licence Metric (e.g. device, named user, concurrent user, processor, site).
  • Licence Type (perpetual or expiry date).
  • Maintenance (included or not, expiry date).
  • Software Support (included or not, expiry date).

7.0   Appendix

7.1  UQ Software Asset Management Cycle

UQ’s software asset management lifecycle aims to achieve software compliance and optimisation through a governance structure which controls SAM Processes, Roles and Tools (Figure 1). Software asset management at UQ is undertaken across multiple areas within the ITS Division as outlined in section 4.0 of this procedure.

The key software asset management processes to be followed (Request, Acquisition, Registration) are defined by the IT Asset Management Committee (ITAM) and approved by the Information Technology Governance Committee (ITGC).

Figure 1: UQ Software Asset Management Lifecycle

7.2   UQ Software Asset Management Tools

Software asset management at UQ is supported by the following tools:

UQ’s Standard Software Catalogue: List of managed software available to UQ consumers for installation on UQ devices or for access via a UQ account. The list contains information regarding product name and vendor, permitted users, permitted usage, compatible platforms, purchase method and installation method. The UQ Standard Software Catalogue is managed by the ITS Division.

UQ Software Asset Management (SAM) Tool: Central software management system for recording software purchases and entitlements and collecting information about software installations, to allow for analysis of software compliance and software consolidation opportunities. Software licence server information and licence keys are stored in the UQ SAM Tool. The current UQ SAM Tool is Flexera’s FlexNet Manager Platform.

Systems Management Software: Software tools used to deploy licensed software and licence keys to authorised devices, to apply patches and updates, and to remove software when it is no longer required. The current Systems Management Software in use at UQ includes Microsoft System Center Configuration Manager for clients running Microsoft Windows operating systems and Jamf Pro for clients running Apple OSX and iOS operating systems.

Definitive Software Library: Secure software repository in which the media / source files for authorised versions of software are stored and protected. This is a primary component of UQ’s software release and provisioning framework and service continuity plan. The current ITS Definitive Software Library is maintained by the Service Automation Team. Local IT Teams may have additional repositories specific to their supported business units.

Software Knowledgebase: Secure location in which known issues relating to the installation and support of software products is stored for use by IT support staff in providing software support. The current ITS Software Knowledgebase is maintained by Customer Support Services (CSS). Local IT Teams may have additional software knowledge bases specific to their supported business units.

7.3   Definitions

Definitions relating to UQ’s ICT resources and systems are outlined in the Information and Communication Technology Policy. In this Procedure, the following additional definitions apply:

IT Asset Management Committee (ITAM) – The purpose of the IT Asset Management Committee (ITAM) is to ensure the University effectively manages IT software and hardware assets.

Information Technology Governance Committee (ITGC) – The purpose of the Information Technology Governance Committee (ITGC) is to ensure IT objectives are in line with the University's strategic direction and that the stakeholders’ needs are met by governing benefit realisation, risk optimisation and resources optimisation.

IT Support Teams – These teams can be either ITS Customer Support Services or Local IT Teams as defined in Section 4.0.

Software Audit – The process of identifying what software is installed, where it is installed, its usage, and reconciling this against entitlements and software purchase records. Software Audits may be initiated internally to establish UQ’s effective licence position for a software product, or initiated externally by an audit request from a software vendor who has audit rights under the software licence terms for their software product.

Software Licence – A typical software license grants an end-user permission to use one or more copies of software for UQ related use.

 

 

Custodians
Chief Information Officer Mr Rob Moffatt
Custodians
Chief Information Officer Mr Rob Moffatt