Vital Intent: The Business of Leadership

If you’ve ever been lucky enough to experience a software compliance audit by a vendor or third-party, you’ll know just how stressful and inconvenient they can be, especially when you are not prepared and are unsure of your license position. Implementing a software asset management (SAM) program is an efficient way to mitigate the stress and risk of a vendor audit and a key element in this program is the self-audit. Conducting a periodic self-audit of software products from major vendors, especially those with active compliance audit programs, can remove much of your uncertainty and prepare you for the almost inevitable audit notification letter from a vendor.

To conduct a meaningful self-audit, you must first understand what it is the vendor would look for if they were conducting the audit. This knowledge will come from the vendor’s contract, as the contract will always be the baseline that the vendor will audit against. The contract states what is required by both parties to maintain the business relationship, including the software license agreement and any addenda – an audit clause that details the who/what/when of any audits the vendor may conduct or that the customer may conduct of the vendor, the license types and models, any record-keeping requirements, self-audit requirements, or reporting requirements, and any maintenance requirements. There may also be a schedule of what was purchased under this contract that becomes a baseline or starting point against which software usage can be compared. There may also be limitations on where this software can and/or cannot be used (for example, are you permitted to use it outside of the U.S. or even outside of the state?)

Information Gathering

Once you understand the terms of the contract under which you will be conducting your self-audit, you can begin to gather the relevant purchase data, validating the schedule in the contract and identifying additional licenses purchased since the contract was signed. Armed with this data, you can begin to put together a clear picture of how many software licenses you are entitled to use in your organization. Your purchase data can be gathered from multiple sources, e.g., internal procurement databases, internal IT asset management systems, fulfillment agents/resellers, and the vendor itself. To get the complete picture, check all of these resources for information and don’t rely on just one. It’s possible that a reseller through whom you’ve purchased software has not passed on that purchase information to the vendor yet, so follow up on all of it to get the most information to build your purchase data picture.

Obtaining a precise count of how many software licenses are deployed

The first step in maintaining an accurate picture of your software licenses is maintaining a central repository that holds all of the data pertaining to software purchases, including receipts, serial numbers, terms and conditions of your contracts, deployed hardware, and software installations . Once you have this, utilizing a third-party discovery tool  and ITAM tool is easiest and most accurate to access data. There are many types of tools to do the job, with some of them possibly even a part of software you already own. If your self-audit is part of an ongoing SAM program, then you probably already use some type of discovery tool and/or central repository of some sort.  When obtaining your data, make sure to get multiple discovered counts taken over the course of a few days or, even better, a few weeks. The nature of software usage in an organization is such that there tends to be a kind of ebb and flow from day to day and week to week, often due to laptops connecting into the network on an irregular basis, but also due to normal business operations. Take and use your highest count in your comparison to purchase data.

In the absence of a software discovery tool and/or IT asset management system, an old-fashioned “sneaker” audit could be undertaken, where you check each workstation and server in the organization (or a sample thereof). Of course, this is less accurate, and requires many resources, but is not unheard of.

Whatever discovery method you use, the final step is to compare the count of what has been purchased to the count of what has been deployed and is being used. Simply put, if you have purchased more licenses than you are using or are using exactly what you have purchased, your license position is in a compliant state. If you are using more licenses than you have purchased, your license position is in a non-compliant state and you need to purchase additional licensing in order to become compliant. Although this seems rather obvious, when you don’t know for sure how many licenses you are using at any given time, it’s very difficult to evaluate compliance. And, in fact, most organizations do NOT know what they have in terms of licenses, giving software vendors opportunity to use audits as an additional revenue stream! In addition to know the license count, you must be sure to use them in the manner stated in the software contract. Many contracts will include terms and conditions on how each license can be used, and deployed which is required to remain in compliance.

Now, You are Ready

Once these steps are completed, and you have addressed any non-compliance to the contract terms or to the purchase and use of the software licensing, you are prepared for any vendor audit with  knowledge of your license position. If, however, fortune does not favor you to undergo a vendor audit any time soon, you have at least maintained your audit terms and are managing your software licenses in a manner consistent with the self-auditing aspects of a good SAM program.  At least for this software product or vendor, you have peace of mind, and that has benefits of its own.

In the wake of the recent tsunami and hurricane season just a few short months away (hurricane season begins June 1), people are questioning what is being done to prepare for such an emergency. Many people believe that disaster preparedness is the government’s responsibility.  The fact is that preparedness is everyone’s responsibility – from government agencies, private industry, the community and faith-based organizations to families and individuals.  The truth is, disaster preparedness is probably more an individual responsibility than anything else. 

The government and those organizations mentioned above have a shared responsibility, but they have limited resources and personnel to assist those hardest hit – the weak and the injured. It is incumbent upon each of us to make preparedness a priority so we can take care of ourselves and our families.  While the steps and lists below are good place to start to help you get prepared, they should be customized to meet your and your family’s needs.

Surviving

3 Steps to Survival

1.  Get or make a Kit

2.  Make a Plan

3.  Stay Informed

Get / Make a Kit

• Water, one gallon of water per person per day for at least three days, for drinking and sanitation
• Food, at least a three-day supply of non-perishable food (stock things you would normally use in the house, so you can rotate it from your normal supplies.  Be sure to replace anything you have taken from your kit.
• Cash and change.  In a disaster you may not have access to credit or banks for the short-term
• Battery-powered or hand crank radio and a NOAA Weather Radio with tone alert and extra batteries for both
• Flashlight and extra batteries
• First aid kit
• Whistle to signal for help
• Dust mask, to help filter contaminated air and plastic sheeting and duct tape to shelter-in-place
• Moist towelettes, garbage bags and plastic ties for personal sanitation
• Wrench or pliers to turn off utilities
• Manual  can opener
• Local maps
• Cell phone with chargers
• Prescription medicine
• Extra pair of glasses or contact lenses
• Diapers, formula, baby food, and other baby needs.
• Books, games, and cards
• Elderly care needs
• Pet food and medicine.  (Be sure to have extra water for your pets).
• Your supplies should be kept in a sturdy, water-tight container that you can easily lift. Use more than one container if necessary.
• Copies of important papers and insurance documents

 Make a Plan

• Identify an out-of town contact
• Be sure every member of your family knows the phone number and has a cell phone, coins, or a prepaid phone card to call the emergency contact
• If you have a cell phone, program that person(s) as “ICE” (In Case of Emergency) in your phone
• Teach family members how to use text messaging. In many cases this is the only method of communications after a disaster. 
• Know your workplace plan and your children’s school plan
• Have a plan for when you are out of town or on vacation
• Identify a congregation point or two if the disaster has no notice and your family members are separated from one another.
• Make sure every member of your family knows the plan.  Walk through the plan with them, and come up with “what-if” scenarios.

 Stay Informed

Some of the things you can do to prepare are the same for both a natural or man-made emergency. However, there are important differences among potential emergencies that will impact the decisions you make and the actions you take.

• Learn about the potential disasters in your area
• In addition, learn about the emergency plans that have been established in your area by your state and local government

 Other Tips for Survival

• Take a CPR and first aid class
• Learn the edible plants and fruits that exist in your area
• Learn about alternate sources of power
• Learn how to produce clean drinking water
• Learn how to build a shelter from natural resources
• Keep your wits about you. You are no good to yourself or family if you are physically, emotionally, or psychologically unavailable
• Work together and pool the resources of your neighborhood and the combined skills of your neighbors
• Don’t rely on an agency, or other people to take care of you or your family.  Remember that disaster preparedness begins with you.

All one has to do is turn on the television, listen to the radio, open a newspaper or talk to a neighbor or co-worker during the last several days and the topic of discussion is the tsunami in Japan and the resulting nuclear power disaster that continues to unfold. Their thoughts suddenly turn to fear regarding the safety of America’s nuclear power plants.

There are people in California buying up iodine pills like they were candy, afraid that they were going to be contaminated by radioactive material from 6,000 miles across the Pacific Ocean. That’s like flying in an airplane over Orlando and someone getting in a car accident on I-4, but you get the whiplash. It’s just not going to happen.

There are also those in Congress that are conducting official inquiries into the nuclear power industry in the U.S. The fact is, nuclear power is one of the safest methods of producing the vast amounts of power Americans consume daily. In addition, the power plants are tested and exercised regularly. Plants are continuously being upgraded or replaced to ensure the latest technology and safety systems are in place…that was until this week. There are power companies actually considering bringing older backup reactors back on line and scraping the plans they had for building newer and safer ones.  What’s wrong with this picture?

We are all worrying about the wrong thing! Instead of being concerned with how good are our nuclear emergency plans are, we should be concerned with how good our tsunami plans are on the East and Gulf Coasts of the United States. Now that you are scratching your heads … I will explain.

There is a very good chance that a major tsunami in in the northern Caribbean could affect more than 35 million people on the islands of the Greater and Lesser Antilles and along the east and Gulf coasts of the United States. The danger has been highlighted in the scientific community.

The major source for past tsunamis in the northern Caribbean has been movement along the boundary between the North American and Caribbean tectonic plates. This fault line stretches 2,000 miles from Central America to the Lesser Antilles, brushing up against the north coast of Hispaniola (Haiti and the Dominican Republic). Remember the earthquake in Haiti last year?

Believe it or not, the tectonic landscape of the northern Caribbean is very similar to the Indian Ocean – except that the zone is not as long. What that means is the Caribbean zone is long enough to produce a > 8.0 earthquake. In comparison, the earthquake that unleashed the tsunami in Malaysia had a magnitude of 9.3. The Japan Tsunami last week had a magnitude of almost 9.0.

In recorded history, there have been 10 significant tsunamis that have resulted from movement along the Caribbean plate boundary.Six of these caused loss of life. Aside from the few deaths on the west coast of the Unites States attributed to the Japan tsunami, the most recent tsunami to claim lives was in 1946 and was triggered by a magnitude 8.1 earthquake in the Dominican Republic. It killed around 1,800 people.

It’s not just the Caribbean that can produce an earthquake. In 2001: A rare, strong 6.0 Magnitude earthquake struck Florida and the southeastern USA. The quake was centered in the Gulf of Mexico about 250 miles off the coast of south Florida. The earthquake was felt in much of Florida and parts of Alabama, Georgia, Louisiana and Mississippi. The wave in this instance merely rose a few feet above normal sea level.

Aside from the direct threat from plate movement, other research has shown that underwater landslides in the region – or even in the middle of the Atlantic – could trigger a giant tsunami. In 1992, a small (by comparison with Japan) tsunami hit Florida’s east coast. The scientific community is still at odds as to what caused the “rogue wave”  However, the National Weather Service believes that the mini-tsunami (18 feet high and 27 miles long) that hit Daytona Beach in 1992 was caused by such a landslide.

In general, Tsunami waves are deep, and while they may appear to be just a few inches or feet tall on the open ocean, the waves can soar to the height of a multi-story building as they are forced upward near the shore.

We see a similar phenomenon occur during a hurricane with storm surge and storm tide.

Along the coast, storm surge and inland flooding is often the greatest threat to life and property from a hurricane. In the past, large death tolls have resulted from the rise of the ocean associated with many of the major hurricanes that have made landfall. Hurricane Katrina (2005) is a prime example of the damage and devastation that can be caused by surge. At least 1,500 persons lost their lives during Katrina and many of those deaths occurred directly, or indirectly, as a result of storm surge. Storm surge flooding of 25 to 28 feet above normal tide levels was associated with Katrina.

To make matters worse, the President’s proposed federal budget will cut the National Weather Service funding by nearly one-third – this includes tsunami prediction.

With hurricane season rapidly approaching and seismic and volcanic activity on the rise, it is critically important for every citizen, every family, every business, and government agencies to work together to prepare for disaster whether we have notice or little- to no- notice should the worst case scenario occur.