Reaching SAM goals - a successful implementation of Software Asset Management
"Over the years, Softline has proven to be a real trusted advisor and knowledgable partner that helped us on our journey of becoming a mature SAM organisation. The set goals where high but, as a team, we were able to meet all expectations set and even over-achieve in some areas." - Ellen de Belder, Head IT Quality, Risk & Compliance, Signify
Signify is the world leader in lighting for professionals and consumers and lighting for the Internet of Things. Signify has 36,000 employees and is present in over 70 countries. The company unlocks the extraordinary potential of light for brighter lives and a better world.
The Signify SAM journey so far can be summarised as a real success story that resulted in an impressive risk reduction and cost avoidance in less than 1,5 years. Signify has software license compliance under control, avoiding significant (financial) risks.
Key enablers that helped realising these outcome
- Well-defined governance in place and management support within Signify;
- Good cooperation between the Signify SAM experts, the process stakeholders and service provider Softline;
- Considering ISO/IEC 19770-1 as the standard best practice;
- Implementation of tools that perfectly support the defined processes;
- Initial focus on data completeness and quality.
Startingpoint: governance & organisation
Signify, formerly known as Philips Lighting, divested from Royal Philips in 2016. The starting point for Software Asset Management can be summarised as follows:
1. A Software Asset Management (SAM) team was formed by the license experts transferred from Royal Philips to Signify, complemented with Software Asset Management managed services delivered by Softline, divided as follows:
- Signify SAM Team, consisting of internal and external SAM experts: Responsible for the SAM vision & strategy development, audit execution, software contracting, risk & provision management, alignment with stakeholders and software publishers.
- Software Asset Management project & service by Softline: Responsible for the SAM service implementation and execution (SAM Compliance Reporting, Risk Mitigation Actions, Tooling Maintenance, Software Ordering & Registration).
2. A Corporate Management statement was brought into place to emphasise the importance of software license compliance:
- Software license compliance is essential for the Signify business operation
- Signify strives to continually improve its Software Asset Management process and execution
- Signify aligns with the best practice as described in ISO/IEC 19770-1.
3. Most software contracts were split and licenses were transferred to Signify (to define the license baseline)
4. The Software Asset Management tooling contract in place with Flexera‘s FlexNet Manager Suite for Enterprises (FNMS)
The Software Asset Management governance, process and tooling needed to be set up for the new Signify company, including identifying and address potential licensing issues. The ISO/IEC 19770-1:2017 standard for ITAM was to be used as guideline.
Startingpoint: challenges to overcome
At the start of the project, the Royal Philips / Signify infrastructure split was still in progress on several levels while Flexera‘s FlexNet Manager Suite for Enterprise (FNMS) was the first application to land in the new Signify domain (e.g.: devices owned by Signify vs. Royal Philips). Also, the split of software contracts and transfer of software licenses was in progress, but not yet fully finalised.
- There were challenges within the datacenters to get the Flexera agent installed and to get Oracle databases and vCenters connected.
- The Flexera FNMS recognition data needed to be reviewed and updated for many reconciliations to make sure that the compliance reports are trustworthy (delivered as a Softline managed service).
On an organisational level
- A strong partnership between supplier Softline Solutions, bringing in many years of experience and expertise directly from the field, and the Signify Software Asset Management experts.
- Close engagement between the SAM function, stakeholders from IT Operations and the Signify Business resulted in realising the overall goals.
- High compliance level achieved on ISO/IEC 19770-1:2017 (+80% conformance).
On a process level
License compliance management process in place and supported by standardised templates making the information is easy to find and understandable for all stakeholders.
- Centralised purchasing and registration of software contracts and licenses.
- Standardised license compliance measurement & reporting for the top 20 software suppliers.
- Monthly risk identification process in place for the full tail supplier list (= non-top 20), resulting in vendor onboarding to the SAM process where needed.
- A mature vendor onboarding & intake process resulting in a centralised storage for SAM related data, organised per vendor and supplemented with an up to date Vendor Facts sheet.
On SAM & ITAM tooling level
FNMS tooling and infrastructure deployed and operational, tooling coverage and accuracy constantly monitored (inventory data, organisational & geographical data, software entitlements, Oracle DB connections, SAP system connections and VMware vCenter connections, application recognition data).
- Request handling & incident management implemented for Software Asset Management.
- Kanban boards implemented and operational for risk mitigation and landscape cleanup actions.
On data level
- All software contracts and licenses properly registered in Flexera FlexNet Manager Suite.
- Asset inventory through FNMS, full global coverage (over 70 countries).
- SAM related vendor & contract master data captured in vendor facts sheets and available to all SAM process stakeholders.
Sharing the key success factors from peer to peer
- Governance and Senior Management support are key
- Good stakeholder management:
- Create awareness for SAM and SAM processes within all levels of the company
- Agree on SAM processes and data delivery with your 3rd party service providers
- Setup small multi-disciplinary teams that can decide and move fast in case of issues
- Scope: Start with the top software publishers, but to avoid unexpected costs, make sure that you have a process in place that triggers you whenever risks arise in the tail software publishers‘ list
- Tooling: Always double check the outcome of the SAM tooling, e.g.: trustworthy compliance reporting requires validation of the recognition data embedded in the SAM tooling (file- and installer evidence)
- Because of the complexity and the liability; in-house SAM expertise is a necessity between a SAM Service Provider and the business. Introduce a multiple eye principle before finalising on a compliance state and next steps to be taken!
- License compliance risks identified and tackled leading to a significant decrease of the financial provision for license breaches since the introduction of the company.
- Top 20 software vendors under control (= zero or negligible risk exposure, desirable audit outcomes) and contracts optimised.
- ISO/IEC 19770-1 conformance went up from 17% to 81% (e.g.: Tier 1; trustworthy data scores >90%).
- Full data transparency with very high level of completeness through Flexera inventory; Software Asset Management acting as a reliable data source to other IT processes (e.g.: Architecture, CMDB, IT Security, projects).
"Over the years, Softline has proven to be a real trusted advisor and knowledgable partner that helped us on our journey of becoming a mature SAM organisation. The set goals where high but, as a team, we were able to meet all expectations set and even over-achieve in some areas.
With the use of the Softline’s House of ITAM® that is based on the ISO/IEC 19770-1:2017 standard for ITAM, the perfect framework is set. It helped us to visualise the planned activities in an orderly manner and it enabled Signify to measure the progress on the overall ITAM maturity. An assessment against ITAM 19770-1:2017 kicks-off every new year and delivers input to the goal setting for Software Asset Management.
After the project finalisation and the first years of service, we together celebrated success and agreed upon a new three-year contract for the delivery of IT Asset Management Services.
A SUCCESSFUL implementation of MATURE Software Asset Management was not a walk in the park but, as a TEAM, with the right EXPERTISE and PERSEVERENCE, we made it WORK!”
Ellen de Belder: Head IT Quality, Risk & Compliance @ Signify