Why did KPIT choose to get Verafirm certification?
Verafirm certification is the only certification to demonstrate the maturity of an enterprise in the Software Asset Management (SAM) area. There are several other certifications in information security, business continuity and quality. But when it comes to Software Asset Management space, we have a standard called ISO 19770, which provides the guidelines on how to equalise processes and technologies in the enterprises in order to support the SAM initiative.
To prepare for SAM, there are many inputs required – the enterprise must have the right organisation structure related to SAM. It must have the skill-set and and understanding about different licensing models. It must have the tools to help figure out what is the installed base on a machine and how it is getting used. It must have visibility of processes right from procurement to retirement. Once you have all these in place, the Verafirm certification is easy to attain. For us, getting a Verafirm certification was a proactive effort. This is a kind of self declaration that the enterprise is compliant, and now we don? need to spend energy in demonstrating our compliance to the third party auditors.
When it comes to compliance certification, how does India fare?
Most organisations want to have such certifications because it is in their interest to be 100% compliant. No organisation wants to be in a situation where it is intentionally non-compliant. However, to achieve complete compliance, the level of effort and thought leadership that is required in the organisation is not something that can be developed overnight. This is because most software publishers during the last few years have got aggressive with conducting compliance audits and a large number of companies are getting penalised. The good thing is that now we are having lot of awareness across the industry on issues of licence compliance.
Does Verafirm certification have financial benefits as well?
Verafirm certification has huge financial implication, as SAM is not just about compliance. This certification is actually a mark of an organisation? maturity in Software Asset Management. When enterprises are talking of the entire life-cycle of their assets there are some milestones that are important to achieve. The enterprises need to have the policies and processes to find out what they have procured and if the quality and time of procurement is in line with the licensing structure. For instance, an enterprise might need the software for six months, but ends up buying the perpetual licences, or if they need something six months after, they might buy the software in advance. So, enterprises need the right mix of all the three things – right licensing model, quantity and time.
Also, monitoring the utilisation of the IT that has been deployed is critical. This can help an enterprise in refraining from renewing an AMC that is not being used. Such visibility helps avoiding the opex in software assurance. There are assets that the company has already invested into, but the resources are not aware of. The enterprises can get visibility in that too.
Tell us about the challenges that you faced in getting the certification.
Audit is not a tedious process, what is really required is the basic hygiene in the organisation. The organisation must ensure that they have policy, process and people in place to support the SAM initiative. Once these three things are there certification is not a complicated. However, reaching this level of maturity requires commitment, discipline, pro-activity and support.
In your opinion what kind of skills are required for effective SAM?
There are no formal training programmes from almost all software publishers. They talk about licensing only to the enterprises that are discussing procurements and they need to understand the requirements. They are not bothered about the optimisation and utilisation of the software. But software optimisation is not rocket science, it only requires the conscious effort by the IT teams.
