Software audit

audyt-oprogramowaniaKompleksowy audyt IT - PDFThe software audit is a set of activities designed for optimisation of use of the software licences held by companies and institutions. The undertaken activities, such as licence recording, their cyclic verification and periodical licence reports, provide the organisations with full knowledge regarding the current state of possessed software resources as well as the level of their use.

The information allows to make decisions regarding such elements as removal of unused and redundant installations and, as a result, to improve the efficiency of the IT environment. This involves also elimination of risk resulting from potential use of application in conflict with the licence contract conditions.

Software audit - system based on open source solutions

The software audit offered by ESKOM consist in building and implementation in the IT environment of the client a proper system, based fully on open source solutions. Thus, the incurred costs cover only activities connected with implementation and maintenance. The system components are:

  • GLPI application (Asset Management System) – tool for records and management of possessed resources (licences),
  • OCS application (Autodiscovery System) – cyclic solution monitoring devices for detection of potential changes,
  • report scripts.

Both applications will be integrated during implementation, and the system is complemented by report generating scripts. The GLPI and OCS software operates in the Linux system (preferred CentOS distribution) and proper OCS operation requires installation of its agents (used to detect installation) on all monitored devices. The agent operates in the background, using only minimal amount of resources (4 MB RAM).

Implementation and maintenance of the audit system

The software audit implemented by ESKOM is a system consisting of several consecutive stages. The action scheme includes the following activities:

  • installation and configuration of the GLPI and OCS applications,
  • installation of OSC agents on devices,
  • initial GLPI base supply,
  • installation of report scripts,
  • verification of list of the installed software against supplied licence documentation.


The condition of a proper audit, especially such activities as licence verification or reporting, will be delivery of a complete set of documents regarding licences held by the Client for the software as well as imposing limits on the users of the supervised environment - to make autonomous installations impossible for them.

Maintenance of the system consist in automated, configurable activities, including, inter alia, frequent (hourly) collection of information on the installed software and generation of daily reports. In case of identification of deviations of the current state from the design one, the system prompts for acceptance or rejection of the software installed by the user. In case of acceptance, the licence base is extended, whereas in case refusal, the software is uninstalled.

Comprehensive software audit - costs of system development and maintenance

The costs of building and implementation of the audit system incurred by the client depend on the size of the IT environment covered by it and include two sets of activities:

  • installation works - fixed lump sum fee, including installation of the operating system, GLPI and OCS applications as well as report scripts, in the amount of PLN 4 800,
  • configuration works - the fee depends on the size of supervised environment and process automation level. Filling the information in the table below will help in estimations:

 

No.

Question

Response

1

What is the implementation scope (desktop / servers)?

 

2

How many work stations / servers are there?

 

3

Is the Active Directory system implemented - is installation of agents possible for GPO?

 

4

Is remote work possible (no / partially / yes)?

 

5

What percentage of users have administrative authorisation for software installation?

 

6

Is there a valid list of all held licences in place, and if so, then in what form?

 

7

Is there an implemented work station / server image standard?

 

8

What is the number of confirmed images or used operating systems?

 

9

Is there an approved list of software approved for use in place?

 

10

How many utility applications are there?

 

11

Is there a change management process in place?

 

12

Is there a Help Desk system implemented for complaint support, if no, is this also supposed to be a subject of implementation?

 

 

GLPI

OCS