Software use and your legal liabilities

1.1 A good policy will reduce the risk posed by viruses, malware and other security problems.

• Software downloaded from the internet can carry viruses — particularly if it has come from a disreputable source.
• Illegal software also often contains spyware or even trojans which may allow hackers to break into your computers and steal data.
• Peer-to-peer file sharing software is the source of many virus infections.

1.2 It will protect you against possible legal problems (see 2).

• Penalties for software piracy include an unlimited fine, or even a prison sentence.

1.3 It will help ensure you receive the technical support you need.

• If you have illegal or poor-quality software, you will not have access to support from the software publisher.
• Neither will you be notified of known problems, or be entitled to updates designed to fix bugs.

1.4 A software policy can also save your business money.

• By managing your software properly, you can ensure you only buy the software you actually need.

2.1 When you ‘buy’ software, you usually purchase a licence.

This sets out exactly how you can use the software.

• Almost all standard software packages are sold with a licence.

  If you commission bespoke software, you can have the copyright assigned to you.

• The licence will specify how many copies you can make (and use).

  Unless the licence states otherwise, you may only use one copy of the software on one computer.

• Some licences place restrictions on who may use the software, and for what purposes.

  Some software is provided free, or at a reduced price, for academic or personal use only.

2.2 Breaching the licence is software piracy.

Typical breaches include:

• making or selling illegal copies
• using illegal copies of software, even unknowingly
• using legally acquired software on more computers than the licence allows
• allowing employees, or other contacts, to make unlicensed copies of software
• allowing a consultant to install software on your system when you do not have a licence for it

2.3 Software piracy is a criminal offence.

• You risk up to ten years in jail, or an unlimited fine.

2.4 Software publishers may sue you for piracy.

• You can be sued for any improper use of their intellectual property.
• Damages can run to tens of thousands of pounds. They are normally linked to the amount of money lost, which depends on the number of illegal copies and the length of time they have been in use.
• You also face the possibility of the expense and disruption of legal action, regardless of whether you have to go to court.

2.5 It can be easier than you think to be caught.

• Software often has piracy detection built in. Although this may not report you, it may disable key features in the software.
• The software publishers’ trade association, the Business Software Alliance (BSA), offers rewards for information on the illegal use of software.
• Disgruntled employees or ex-employees may report you.
• Any consultant or company you use to support your IT system is likely to discover illegal software.

2.6 Your reputation could suffer if it is made public that your business has been using illegal software.

3.1 Identify the software you already have, and any you may need.

• This information should be entered on a register of software assets (see 5).
• Inventory software may be helpful. This automatically creates a list of all software installed across the computers on your network.

3.2 Allocate software to individual employees, according to their particular needs.

3.3 Arrange appropriate training in the use of the software.

• There is no point buying expensive software and then not training employees in its use.

3.4 Authorise all software purchases and installations (see 4).

• Central purchasing may reduce costs, and will make it easier to track software.

3.5 Upgrade software when necessary.

• They may need to manage both regular updates (to fix bugs or security issues), and decide whether to upgrade when a new version of the software is released.

3.6 Check the software policy is being applied and enforced properly (see 6).

• The same individual may also take responsibility for enforcing other aspects of your IT policy.

4.1 Only buy software from reputable sources.

• This will be a trustworthy dealer, or partner outlet recognised by the software publisher.
• If in doubt, make further checks (see 4.2), or buy the software elsewhere.
• Be particularly wary of software which is sold online and looks suspiciously cheap. It is likely to be illegal.

4.2 Carry out some basic checks to make sure the software is legitimate.

• Software packages should typically contain a licence document with a serial number.

  If you are buying multiple copies of software for use on a number of computers, you may only receive one licence document.

  Manuals for pre-installed software are often supplied electronically.

• Check the packaging. Poor quality labels, and photocopied documents are often signs of pirated material.
• If you are still unsure, check the licence number with the software publisher, preferably before you buy.

4.3 Make sure the individual responsible for software policy approves all software installations.

As well as new software packages you have purchased, these approvals should include:

• Free software, or software which can be downloaded from the internet.
• Software upgrades.
• Installation on additional computers of software you already use.
• Employees’ personal software for their own use. You can set your computers up so employees are unable to install additional software without registration.

5.1 Create an inventory of the software in use.

• Record the product name, version number and serial number for every software package on every computer.
• Note down the same details for software you have not yet installed.
• If you own licences which allow you to use multiple copies of a piece of software, record how many copies are installed, and on which computers.
• Include details of any software pre-installed on computers you have bought.

  Keep all the information secure.

• Applications are available which can automatically create and update your software register.

5.2 Identify and correct any problems.

• Uninstall copies of unlicensed software, or purchase the necessary licences.
• If you are using too many copies of licensed software, you may need to buy more licences.
• If any computers have unnecessary or unauthorised software installed, uninstall it.

  This will release disk space and can improve your system’s performance.

• Upgrade out-dated software so all users have the same version.

5.3 Routinely update your software register.

• Amend the register whenever you purchase or install new software.
• Conduct an audit of the software on each computer at least once a year.
• Undertake intermittent spot-checks if you suspect any problems.

5.4 Store original software and documentation securely.

This should include original software CDs or DVDs, and any manuals, licence documents and invoice details.

• If you cannot find all the relevant information, you may want to contact the software publisher to check your software is legitimate.
• File manuals and documentation properly so you can find them easily.

6.1 Communicate the policy to all employees.

• Tell them you do not allow the use of illegal, pirated software.
• Consider referring to the policy in your statement of employment terms.

  Alternatively, ask employees to sign a statement saying they understand and accept the policy.

• Regularly remind employees of the policy, particularly when breaches are suspected.
• Encourage employees to tell you if they think they may have dubious software, or if they have any other concerns.

6.2 Rigorously enforce the policy.

• Make following your software policy a disciplinary requirement.
• The more effort you put into enforcing your policy and making sure employees know the use of illegal software is not acceptable, the less vulnerable you will be.

  Showing that you made all reasonable efforts to prevent unauthorised use of software helps protect you against legal claims if an employee breaches the policy.

6.3 Make your software policy part of a wider IT policy designed to safeguard the security of your systems and data and protect you against a range of legal risks.

This should:

• State what you consider to be acceptable and unacceptable use of your IT system.
• Set out who is responsible for administering and repairing systems and enforcing your policy.
• Regulate internet and email use.
• Protect your intellectual property rights.

  Employees can use the internet and email to copy and pass on your intellectual property or other confidential material, perhaps unwittingly.

7.1 The Business Software Alliance offers free tools and resources on its website .

• These include a guide to managing your software assets, auditing tools and a list of asset resource management services.

  You can also find tips on what to look for and what to avoid when buying software.

7.2 Individual software publishers have their own systems for checking whether software is pirated.

• For example, you can find lots of information on the Microsoft website explaining how to spot genuine software and what to do to ensure you act within the law.