One of the top ten questions asked by my clients is “How long does the SIIA self-audit process take from start to finish?” Of course I give the standard lawyer answer: it depends. Here are the steps to a typical SIIA audit.
Preparation of Audit Materials (3 to 6 months)
A SIIA audit is a request, under threat of litigation, to compile a listing of all SIIA member software products installed on the audited entity’s computer network as of the Audit Effective Date. The Audit Effective Date is the date on the SIIA initial letter requesting an audit. The first step in preparing this information is conducting an automated inventory of the software products installed on all computers owned or leased by the target company. Once an accurate inventory of the SIIA member software products is completed, the next step is to reconcile the software inventory information with proofs of purchase dated prior to the audit effective date. While there are various ways to prove ownership of a software license, typically an invoice is considered the best evidence of ownership in a SIIA audit. In the typical case, the inventory and reconciliation process takes three to six months.
Secure a Confidentiality and Federal Rule of Evidence 408 Agreement (1 week)
With very limited exceptions, we advise the targets of SIIA audits to cooperate with the self-audit process but to do so in a way that does not compromise their position in the event that an out of court settlement is not possible. We do not disclose any information to the SIIA until it signs an agreement regarding the confidentiality of the information disclosed and specifically limiting the SIIA’s ability to introduce the information as evidence in court. In the typical case, the SIIA will sign our standard agreement within one week.
SIIA Analyzes Self-Audit Materials and Makes a Settlement Demand (3 to 6 months)
After the self-audit materials are submitted by the target of a SIIA audit, the Software & Information Industry Association typically takes three to six months to respond. The SIIA’s response provides its interpretation of the self-audit materials and applies a formula for its initial settlement proposal. The SIIA’s formula for calculating fines is generally three times the unbundled full retail price of the software products installed on the target’s computers plus $3,500 for SIIA’s attorney’s fees. In many instances, the SIIA’s settlement proposal is substantially more than the target may have expected due to differences of opinion regarding what constitutes valid proof of ownership. In our experience, the SIIA usually takes three to six months to make substantive response following the submission of the self-audit materials.
Negotiation of Monetary and Non-Monetary Terms of Settlement (6 to 24 months)
After the SIIA makes its initial settlement demand, there are various monetary and non-monetary terms that need to be negotiated. The obvious material term in every SIIA audit negotiation is the amount of any monetary amount to be paid to the SIIA for alleged past infringement. The most significant non-monetary issue is whether the SIIA will agree to a confidentiality provision. Such provisions require the SIIA to keep the existence and details of the audit confidential and preclude the SIIA from issuing a press release. Other non-monetary provisions include future obligations such as certifications of compliance, adoption of a software code of ethics, and production of additional proofs of purchase to the SIIA for purchases made after the audit effective date. The length of the negotiation process differs from case to case but generally lasts between six months and two years.
Scott & Scott, LLP is not affiliated in any way with the SIIA.
About the author
Rob Scott:
As the managing partner of Scott & Scott, LLP, Robert has built a global practice representing clients on issues where technology, media and the law intersect. A boutique firm with international reach, Robert ensures that Scott & Scott is committed to legal excellence, unparalleled customer service, and cost-effective strategies that deliver positive results. Representative clients range from multinational corporations to local mid-market businesses spanning all industries. Robert has become a trusted resource on data privacy and network security, intellectual property, copyrights and trademarks, and internet and media claims related to domain names, keywords, meta tags, and pay-per-click advertising. He is regularly called upon by his peers to speak about these topics. His personal speaking engagements include various web seminars, continuing legal education seminars, and media appearances. Biography Summary License State License status Year acquired Texas Eligible To Practice In Texas 1999 Education School Major Degree Graduated Hofstra University School of Law Law Juris Doctorate 1996 Austin College Economics and Philosophy BA - Bachelor of Arts 1992 Affiliations Position Association Name Member Dallas Bar Association, Computer Law Section Board Member Managed Service Providers Alliance Member Metroplex Technology Business Council Member Council on Litigation Management Committee Member State Bar of Texas Data Security and Privacy Member Tarrant County Bar Association, Intellectual Property Section Member IAITAM Practitioner Certified ISO 19770 Certification Microsoft Software Asset Management Admissions Courts All Texas State Courts United States Court of Appeals for the Fifth Circuit United States Court of Appeals for the Eighth Circuit United States District Court for the Northern, Western and Eastern Districts of Texas United States District Court for the District of Colorado Community Special Olympics Texas Area 10, DFW Leadership Committee Chairman Special Olympics Texas, Presidents Advisory Committee Member Vice President Westlake Academy Foundation Board Dallas Association of Young Lawyers, Freedom Run Board Member Presentations Date Presentation February 2012     MSPWorld Conference & Expo: Preparing Your Managed Services Business for Sale November 2011     SecureWorld Dallas: Privacy & Security Risks in Cloud Computing September 2011     MSPAlliance MSP World Conference & Expo: Cloud Contracting for MSPs September 2011     MSP Alliance Webinar:  Cloud Contracting: Strategies for Minimizing Risks as a Cloud Provider March 2011     Council on Litigation Management:  How to Wade the Murky Water of Alternative Fee Arrangements December 2010     DataCenterDynamics:  The Cloud and the Law November 2010     SecureWorld Dallas: Data Privacy and Security in the Cloud October 2010     Storage Networking World:  The Cloud and the Law October 2010     MSPAlliance World Expo: The Cloud and the Law August 2010     Dallas, TX CLE: Selecting the Best Alternative Fee Arrangement with Outside Counsel July 2010     Dallas, TX CLE: Hot Topics in Privacy & Security Law June 2010     2010 Forth Worth CPA Fee CPE: Successfully Defending Software Audits June 2010     IGNITE Dallas 2: How to Grow and Manage Your Online Reputation April 2010     Dallas, TX CLE: Hot Topics in Privacy & Security Law November 2009     MSP Alliance: Preparing Your Managed Services Practice for Sale November 2009     Secure World Dallas: Legal Developments in Network Security and Data Privacy July 2009     Red River Yardi User Group Inaugural Meeting: Hot Legal Topics Affecting IT Executives June 2009 Brighttalk Webinar:  Successfully Defending Software Audits May 2009 Real Estate Executive IT Forum:  Hot Legal Topics Affecting IT Executives May 2009 Miro Consulting Webinar:  Negotiating License Agreements with Oracle and Microsoft May 2009 MSP Alliance Webinar:  Mergers & Acquisitions for Managed Service Providers April 2009 MSP Alliance:  Mergers & Acquisitions for Managed Service Providers April 2009 Portland, Oregon CLE:  Successfully Defending Software Audits April 2009 SaaS & SLAM 2009:  Negotiating Software License Disputes March 2009 SecureWorld Boston:  Legal Developments in Network Security and Data Privacy January 2009 ISSA Meeting:  Investigating & Preserving Evidence in Data Security Incidents November 2008 FTC:  Network Security & Data Privacy Workshop November 2008 SecureWorld Dallas:  Legal Developments in Network Security and Data Privacy October 2008 IAITAM 2008 Annual Conference & Exhibition:  Hot Topics in Open Source Licensing October 2008 Soft Summit 2008:  Negotiating Software License Disputes September 2008 MSP Alliance:  Protecting Your Managed Services Practice: Are you at Risk? September 2008 AMGA:  Privacy and Security Laws for Health Care Organizations June 2008 SAM Summit 2008:  Negotiating Software License Disputes May 2008 MSP Alliance:  Understanding Managed Services Professional Liability Insurance April 2008 DFWSEM Association:  Hot Topics in Internet Law April 2008 Dallas CLE:  Ethical Issues in Network Security Incidents April 2008 Webinar:  Hot Topics in Open Source Licensing: Getting Comfortable with Copy left February 2008 Aggie Bar Association 9th Annual Conference:  Internet Marketing and the Law February 2008 Southern California Linux Conference:  Hot Topics in Open Source Licensing February 2008 University of Texas at Dallas:  Intellectual Property Protection in Virtual Media November 2007 SecureWorld Dallas:  Network Security & Privacy Injury Liability; e-Discovery Roundtable November 2007 IAITAM 2007 Annual Conference & Exhibition:  Managing Software License Disputes: Cooperation or Litigation October 2007 Audio Conference:  Latest Development in Data and Privacy Security for Financial Institutions October 2007 Storage Networking World:  Important Lessons to Mitigate Risk October 2007 Webinar:  How Can Attorney-Client & Work-Product Privileges Help to Protect Your Business During a Data Breach September 2007 Webinar:  Data Breach: National Survey Results & Risk Mitigation Strategies August 2007 Webinar:  Managing Software License Disputes July 2007 Houston CLE:  Internet Marketing and the Law July 2007 Greater Dallas Chamber of Commerce:  CIO/CTO Roundtable: Disaster Recovery July 2007 Austin CLE:  Internet Marketing & the Law June 2007 Webinar:  Lessons Learned Fighting the Software Industry June 2007 MSP Alliance:  Webinar: How to Select a Managed Service Provider June 2007 Dallas CLE:  Internet Marketing & the Law June 2007 NACUA:  Privacy, Network Security & the Law May 2007 SAM Summit ‘07 Chicago:  The Changing Face of Compliance and Enforcement May 2007 ITEC Conference:  How to Select a Managed Services Provider May 2007 MSP Alliance Spring Managed Services Conference:  Managed Compliance Services May 2007 Fort Worth CLE:  Managing Software License Disputes: Cooperation or Litigation April 2007 DFW Search Engine Marketing Association:  Internet Marketing & the Law March 2007 Texas Lawyer:  IP Roundtable March 2007 Houston CLE:  Managing Software License Disputes: Cooperation or Litigation March 2007 Austin CLE:  Managing Software License Disputes: Cooperation or Litigation February 2007   Fort Worth CLE:  Privacy, Network Security & the Law January 2007 Dallas CLE:  Managing Software License Disputes: Cooperation or Litigation July 2006 San Antonio CLE:  Successfully Defending Software Audits July 2006 Dallas CLE:  Successfully Defending Software Audits June 2006 Gartner Small Business Vision Conference:  The Path to Managed Services May 2006 SAM Summit 2006:  Software Audits and Enforcement ProgramsRoundtable; Software Audits and SAM Standards Roundtable May 2006 Tarrant County Bar Association:  Successfully Defending Software Audits April 2006 Houston Bar Association:  Successfully Defending Software Audits April 2006 TPEN Webcast:  Successfully Defending Software Audits April 2006 San Fernando Valley Bar Association:  Successfully Defending Software Audits March 2006 Alexandria Bar Association:  Successfully Defending Software Audits March 2006 MSP Alliance Conference:  Recent Developments in Privacy and Security Law February 2006 IQPC Software Asset Management and Software Licensing:  Successfully Defending Software Audits November 2005 IAITAM Annual Conference and Exhibition:  Avoiding Legal Liability Arising from Mergers and Acquisitions November 2005 MSP Alliance Annual Conference:  Network Security Breaches: Who is Responsible and Regulatory Compliance and Managed Services. October 2005 Austin Bar Association:  Successfully Defending Software Audits August 2005 Dallas Bar Association:  Successfully Defending Software Audits May 2005 ECP Software Asset Management Summit:  Software Asset Management and the Law – Everything You Wanted to Know About a Software Audit But Were Afraid to Ask March 2005 ECP Web Seminar:  Software Compliance Audits Publications Publication Article Westlaw Journal Intellectual Property How to Defend Against Software Audits Successfully Headnotes Drafting Contracts for the Cloud Enterprise Features 7 Software Audit Secrets World Trademark Review Time for trademark practitioners to get their heads in the clouds Corp! Magazine Taking the Risk Out of Cloud Computing Texas Lawyer Litigating Copyright Infringement Claims Related to Competing Software Applications Headnotes Software Police Target Dallas The Advocate Beware of the Software License Police ITAK Hot Topics in Open Source Software Licensing The SciTech Lawyer Successfully Defending Software Audits Texas Lawyer Managing Software License Disputes: Cooperation or Litigation Northwestern Journal of Technology and Intellectual Property Ethical Considerations for Attorneys Responding to a Data Breach Texas Lawyer Complying with the GLBA Privacy and Safeguards Rules IT Compliance Institute Journal Laptop Data Breach: Mitigating Risks through Encryption & Liability Insurance Journal of Legal Technology Risk Management Privacy, Network Security and the Law MSPAlliance.com A Legal Guide to Managed Services Law Technology News Are Mobile Devices a Portable Security Threat Law.com Beware of the Software License Police Yahoo! Finance Software Police Increase Enforcement Efforts Texas Lawyer Constitutional Law Year in Review Supreme Court Watch List Preview of United States Supreme Court’s 2001 Term National Law Journal Is a Service Guarantee a Client’s Joy or Just a Ploy? California Litigation The “Ins & Outs” of Outsourcing Texas Lawyer Don’t Get Caught Without Appeal Protection Sarbanes-Oxley Compliance Journal Understanding the Connection Between Software Compliance and Sarbanes-Oxley Media Coverage Publication Topic CIO Update How to Avoid SLA 'Gotchas' in the Cloud E-Commerce Times ISPs Agree to Mete Out Punishment for Illegal File-Sharing BusinessInsurance.com Sony grapples with data loss eChannelLine Should BSA anti-piracy study walk the plank? TechWorld Lawsuit: Trial version of CAD software includes spyware Business Insurance Data breach at Epsilon underscores key cyber risk Bloomberg Businessweek Marriott, Hilton Hit by Breach to Client E-mail Information Treasury & Risk Cloud Containment WTR Time for trademark practitioners to get their heads in the clouds MacNewsWorld Microsoft Scraps With Apple Over Silly Trademark Tricks Computerworld With WikiLeaks, Amazon shows its power over customers ChannelPro The 411 on SLAs Bloomberg EchoStar's `Egregious' Acts in Destroying E-Mail Threaten Court Defense The New York Times Chasing Pirates: Inside Microsoft’s War Room Computerworld IT shifts to the cloud, anecdote by anecdote Processor.com Cloud Security & Control The Atlanta Post Trademarks and The Business of Securing an Artist's Brand Name Hospital Compliance Watch To Notify or Not to Notify? HITECH Rule Leaves Room for Confusion Entrepreneur The Hard Truth About Software Licensing SearchITChannel.com How to Write an IT Service-Level Agreement Baseline What to Do When You Receive a BSA Audit Letter The Privacy and Data Security Law Journal Latest Developments in Privacy and Data Security for Financial Institutions Associated Press Small Business in Cross Hairs of Software Industry Group’s Aggressive Piracy Crackdown Computer World Software Audits: Not a Case of If, But When LexisNexis BSA Targets Law Firm Software Pirates CIO Oracle-SAP Suit Exposes Contract Weaknesses Tech News World Spying in the Workplace: Big Money? Financial Week Worker E-mail and Blog Misuse Seen as Growing Risk for Companies Financial Times Digital Business: External Audits: Fair Play on Both Sides? eWeek Channel Insider Growing Data Breaches Mean Opportunity for VARs IT Business Edge Encryption Can Save Data – And a Company’s Rep Financial Week Data Breach Getting Costly eWeek Using Managed Services for License Compliance Dallas Business Journal Scott & Scott Doubling Its Presence at Chase Tower Turtle Creek People Who’s Uptown? CRM Buyer How to Respond to a Data Breach: Part 1 CRM Buyer How to Respond to a Data Breach: Part 2 Bloomberg.com MoneyGram Says Hackers Had Access to 79,000 Accounts NetworkWorld SAM Stinks
Get in touch: rjscott@scottandscottllp.com | 800.596.6176