A month ago I received a letter from Microsoft Hong Kong offering free Software Asset Management (SAM) consultancy services to their invaluable customers like us. It said a Microsoft Partner would contact us shortly to discuss the details. Through this service they will help us ensure that we will be protected against legal risks arising from inadvertent copyright infringement.
This is fine as CPTTM has proper licenses to our software. But I was concerned that some other organizations in Macau might not be ready to use such a "service". So I contacted Microsoft Macau and they assured me that that letter had been sent to us by mistake and they had absolutely no plan to offer this to any Macau organizations.
So, this is not happening right now. But I don't know if it will happen some day in the future. I'm sure that we all respect others Intellectual Properties, but having a willingness is not enough and will not prevent us from under-licensing software; A process to track and audit licenses is required. So, if you haven't had such a process (formal or informal), I'd strongly recommend that you consider setting one up. It is much better to do it by yourself than by others.
What if you do find under-licensing software? Obviously you should either buy more licenses or switch to open source alternatives. For example, the entire CPTTM has switched to OpenOffice without affecting our productivity or service level, while saving us MOP120,000 every three years. The added benefit is that there is practically nothing to do to keep track of the licenses to open source software.
Isn't it risky to use open source software? In addition to CPTTM, a
large organization in Macau is currently investigating the feasiblity
of using OpenOffice for their staff. It is definitely a viable
alternative to MS Office.
The Massachusetts state gov proposes to mandate the use of the OASIS Open Document Format (as supported by OpenOffice, KOffice, IBM Workplace) as the default office document format starting from Jan. 2007. Other open formats such as PDF are also allowed. The departments will have to migrate their applications before then.
For details, see http://news.com.com/Massachusetts+to+adopt+open+desktop/2100-1012_3-5845451.html?tag=nefd.top.
Security can't be ensured by technologies alone. People and processes must be in place. Expensive firewalls or anti-virus programs won't help if the firewall policies allow users more privileges than they need or servers are not patched in a timely fashion. Only proper processes can prevent and correct such problems. Such processes are collectively referred to as an Information Security Management System (ISMS).
How to setup an ISMS using international best practices? ISO17799 (BS7799) is an international standard for this. If you'd like to learn more about it, we will have a training course in Nov (http://www2.cpttm.org.mo/training/sdb/showCourse.do?courseCode=CM217-11-2005-C).
Inside an ISMS, an audit process is a must. To train your internal auditors, you may look into an internationally recognized certification called CISA (Certified Information Security Auditor). CPTTM will have a training course on CISA in Oct (http://www2.cpttm.org.mo/training/sdb/showCourse.do?courseCode=CM197-10-2005-C).
Any ideas or questions? If so, please contact us at 781313 or kent at cpttm dot org dot mo.
Until next time,
Kent Tong