Gartner Report: Software disposal: Old software never dies
Takeaway: Minimize software licensing risk, while finding the most cost-effective way to dispose of obsolete PCs.
Ensure that no software is disposed of or transferred illegally.
Make certain that no proprietary enterprise or customer data remains on the PC.
To properly dispose of, donate, or reuse commercial software, enterprises must adhere to product licensing agreements to avoid potential fines and litigation. Learn Gartner's suggestions on how to do this properly.
Frances O'Brien and Alvin R. Park
Appropriate software licensing and compliance audit trails are essential for all enterprises. When reusing, donating, selling, or destroying software licenses, great care should be taken to ensure that enterprise licensing policies and processes are followed, controlled, and documented thoroughly. We recommend having software licenses reviewed by legal counsel for any limitations or potential liability.
Each year, millions of PCs reach the end of their useful lives and are retired or removed from service. Not only does this present a challenge to dispose of the hardware in an environmentally safe manner, but it also brings up issues regarding the software residing on those PCs. When disposing of old or unused versions of commercial software, it is essential to adhere to the policies outlined in the governing license agreement. Failure to comply and reusing the software illegally can result in a best-case scenario of getting a "slap on the wrist" and a worst-case scenario of being fined and facing criminal prosecution.
Unlike hardware, software is not owned by the enterprise. When purchased, a product's software license only gives the enterprise the right to use the software, but it does not transfer ownership rights to the enterprise. Thus, the rules of use are mandated by the vendor.
Disposing of PCs
When an enterprise decides to dispose of a surplus or obsolete PC, typically, they will sell it (either to a third party or an employee), donate it, destroy it, or outsource the disposal process to a service provider. Regardless of what option an enterprise chooses, IT managers must:
When PCs are being transferred outside of the enterprise, stringent policies and procedures must be followed to ensure that the aforementioned three goals are met. It is ultimately the responsibility of the enterprise to adhere to and enforce software licensing policies. Therefore, it is important to understand the terms and conditions of the governing license at the time of disposal, which will vary from vendor to vendor and from operating system (OS) to application software.
Don't forget about the operating system
Typically, the OS is tied to the PC hardware on which it was originally installed. Thus, when an enterprise donates a PC to charity or sells it to a third party, the OS also must be donated. If the PC has never been upgraded, then it is the original equipment manufacturer (OEM) version of the OS or the OS that came with the machine when it was purchased. The question then becomes what OS gets transferred if the software has been upgraded over time. Is it the OEM version that came with the machine or, if the specific machine was upgraded, do you transfer the upgraded license? Using Microsoft as an example (for a license purchased under Open License, Select License, Enterprise Agreement (EA), and EA Subscription license programs), not only is the OS tied to the specific machine, but if the machine was upgraded at any point, the upgraded license is then also tied to the specific machine and must be transferred as well.
In contrast, for enterprises that purchased Software Assurance (SA), the actual licenses they have rights to are not set until the end of the term of the SA. Therefore, because an enterprise does not "own" the upgrade license until the end of the SA term, it would not be able to transfer the upgrade and would have to strip off the upgrade and revert back to the last OS prior to applying the SA upgrade. In this case, that would be the OEM OS license. If the term of the SA had been completed, then the original OS and the upgrade must be transferred when the PC is disposed.
Needless to say, this area is very complex and one that should not be taken lightly to maintain software license compliance. As part of the transfer process, the donating or selling enterprise needs to document the transfer of licenses and must follow the software vendor's specific requirements for transfer. This may include providing the new owner with the original software media, software licenses, certificates of authenticity, and written agreement of sale/transfer from the software supplier.
Selling, donating, and outsourcing PCs
Some enterprises will elect to sell or give surplus PCs to their employees. However, there are some additional licensing issues to consider. Typically, the enterprise will only transfer the OS license as required; therefore, the employee receiving the PC will need software applications to use the purchased PC. Most employees will expect that software applications will be included with the purchased PC and, thus, do not wish to pay for such applications separately. Often, enterprises just give the surplus PC to the employee thinking that now the employee can "do work from home" and, as a result, will just leave the application software on the PC. Although this practice may be common, it is prohibited under most license agreements.
Outsourcing is also gaining in popularity as a means to dispose of surplus PCs and to handle the administrative and operational tasks of secure deletion of proprietary data and software licensing compliance. However, outsourcing is no panacea and does not absolve the enterprise of the responsibility for appropriate license compliance. It is essential that enterprises ensure that external service providers provide a detailed list of all destroyed, donated, or sold assets, including software.
Disposing of commercial software
For old software that is no longer used or licensed, follow these guidelines to dispose of unused commercial software:
Destroy the information on the original disks or CDs. This can be done by physically destroying the media or by bulk formatting/erasing and then recycling the media. This process is necessary to avoid having the old software removed from the garbage and used by an unlicensed party, thereby exposing the enterprise to copyright infringement.
Destroy the manuals.
Keep an inventory of serial numbers, dates of purchase, dates of destruction, and means of destruction. This will provide a complete audit trail in the event of a software audit.
When reusing, donating, selling, or destroying software licenses, enterprises need to:
Recognize that all software vendors and licenses are different and have different requirements regarding the transfer of software and usage rights. Have these rights reviewed by legal counsel and develop a process to track compliance.
Develop license contracts that use easily understood language and examples that will assist in articulating the intent of both parties.
Document all transactions for software dispositions per the licensing requirements to protect the enterprise in the event of a software license audit.
When reusing, donating, or disposing of old or unused software, have the software license reviewed by legal counsel for any reuse limitations or potential liability.
Gartner originally published this article on April 17, 2003.