state of connecticut

Chapter 7

SOFTWARE INVENTORY CONTROL POLICY AND PROCEDURES


Questions regarding this chapter should be directed to the following:
Asset and Inventory Mailbox osc.assets@ct.gov
Elizabeth Daly, CPPA (860) 702-3436 elizabeth.l.daly@ct.gov 
Carol Hagstrom, CPPA (860) 702-3437 carol.hagstrom@ct.gov

Purpose - These accounting procedures are established to set agency standards for governing the use of approved and/or licensed software by State agencies, to maintain inventory control of software and to establish a uniform policy for the prevention of software copyright infringement.

All software either purchased or leased by the State of Connecticut will be registered with the State of Connecticut named as the license holder (preferred) or its subdivision if required by the terms of the license agreement (for example, to qualify for an educational discount). Under no circumstances will an individual be named as the license holder of any software bought, leased or owned by the State of Connecticut, or purchased with non-State funds for use by the State.

Oversight Responsibility - The Office of the State Comptroller is responsible for defining and disseminating procedures for the establishment of software inventory databases for use by agencies of the State. This inventory may also be used to provide source documentation to verify an agency's compliance with the Copyright Act, United States (U.S.) Code - Title 17. The Department of Information Technology will provide the administrative oversight and support and monitor changes in technology that might necessitate revisions to this policy.

Policy

  1. Software is protected by the Copyright Act, U.S. code - Title 17. This act gives the owner of the copyright the exclusive rights to reproduce, sell, and distribute the copyrighted work. The agencies of the State of Connecticut will comply with all provisions of this law.
     
  2. An agency that purchases/licenses a copy of software has the right to use it in accordance with the terms of the software license, including installing the software on home PCs if the software license agreement provides for it.
     
  3. Agency heads are responsible for ensuring that the agency is abiding by the terms of all software licenses.
     
  4. The State of Connecticut will provide legally acquired software to meet its legitimate needs in a timely fashion and in sufficient quantities to satisfy those needs. The use of this software is restricted to conducting the state's business.
     
  5. Only state agency authorized software shall be installed or used on state-owned or leased hardware. The use of unlicensed software copies (software used in violation of the software license), personally owned software, and unauthorized bulletin board or shareware software is strictly forbidden.
     
  6. The State of Connecticut will enforce internal controls to prevent the making or using of unauthorized software copies, including measures to verify compliance with these standards and appropriate disciplinary actions for violations of these standards.
     
  7. Agencies are to maintain a software inventory as described in this chapter.
     
  8. Agencies will develop and implement a plan to protect its data against infection by computer viruses.
     
  9. Use of Internet Service Providers, Browser and/or FTP software must be approved prior to utilization on state hardware.
     
  10. Any software purchased with state or federal funds for installation on state-owned or leased hardware for use in conducting state business shall be licensed in the name of the State of Connecticut, or, failing that, licensed in the name of the agency making the purchase.

Agency Responsibilities

  1. The agency head, or designee, is responsible for overseeing agency compliance with Federal copyright statutes and the Software Management Policy.
     
  2. The agency head, or designee, shall maintain positive control of software, including compliance with the State Comptroller's software inventory procedures, and shall establish accounting procedures that document purchases of all software.
A software inventory (or inventories) must be established by all agencies to track and control all of their software media, licenses or end user license agreements, certificates of authenticity (where applicable), documentation and related items. Agencies may decide in what manner they are to accomplish this - whether by agency, division, bureau, geographical area or other means that relates to their own internal organizational structure. However, there must be at least a central inventory covering all software components. This inventory will include software acquired with State funds (including external funding sources) and installed by the agency or its funding units. This library, or libraries, must be located in a secure area or maintained in a secure manner. The library will include all copies of media and at least one copy of the manual and other documentation.
 
Exception - Media required for access to on-line manuals, tutorials or supplemental materials (for example, clip art or templates) may be retained by the user in his/her workplace. However, this must be done in a secure manner and with the knowledge and consent of the library administrator. This information will also be recorded in the software inventory.
  1. Each agency is to designate a responsible party to establish and monitor the implementation of a software inventory.
     
  2. Each agency is to designate one or more individuals to serve as a library administrator who will be responsible for the physical security and distribution of the software media and manuals.
     
  3. The agency head, or designee, shall maintain records of all software installations including secondary external installations allowed by certain software license agreements and software licenses.
     
  4. Each agency will produce a software inventory report on an annual basis. These reports will be available to the Auditors of Public Accounts.
     
  5. A physical inventory of the software library, or libraries, will be undertaken by all agencies at the end of each fiscal year and compared to the annual software inventory report. This comparison will be retained by the agency for audit purposes.
     
  6. An agency may choose to have an external entity maintain the software inventory for the agency as part of a purchase or lease agreement. If the agency selects this option, the inventory and its management must meet the minimal requirements established in this section.
     
  7. The agency head shall certify in writing its compliance with this policy when requested by the Department of Information Technology, or its designee.
     
  8. Each agency shall participate in a statewide employee software information program which:
    1. Explains this Software Management Policy.
    2. Provides the resources to effectively inform employees on their responsibilities for the use of state-owned software and the prevention of software piracy and software viruses.
    3. Reinforces the agency's commitment to comply with the Copyright Act.
       
  9. The agency head, or designee, shall incorporate, by reference, the State's Software Management Policy into the bi-annual agency technology plan.
     
  10. The agency head shall adopt the State of Connecticut Software Code of Ethics.

Software Code of Ethics - This is the State of Connecticut policy concerning software duplication. Under this code, all employees shall use software only in accordance with its license agreement. Unless otherwise provided in the license, any duplication of copyrighted software, except for backup and archival purposes, is a violation of the Copyright Act, which is found in Title 17 of the U. S. Code. Any unauthorized duplication of copyrighted computer software not only violates federal law and is contrary to the State's standards of conduct, but also is also considered computer crime under Section 53-451(b)(e) of the Connecticut General Statutes. The following principles are to be followed to comply with software license agreements.

  1. All software will be used in accordance with their license agreements.
     
  2. Unauthorized copies of any software may not be made or used on state agency computer hardware.
     
  3. Illegal copying of software is not allowed under any circumstance. Making, using, or otherwise acquiring unauthorized software, while employed as a state employee, will subject you to appropriate disciplinary measures.
     
  4. Software licensed to the State of Connecticut, its agencies, departments, commissions or sub-divisions is not to be loaned or given to anyone.
     
  5. Software licensed to the State of Connecticut, its agencies, departments, commissions or sub-divisions is to be used only in the conduct of the state's business.

Audits of Software - Application programs installed on any individual stand alone computer(s) or on a LAN environment may be audited. The results will be reconciled to the registered license agreements and the corresponding purchase documents.

It is up to each agency to make sure that this information is readily available for management and audit purposes and is maintained with a high degree of accuracy. Original registration cards and certificates of authenticity (or equivalents), where applicable, may be maintained on site but a duplicate record must be kept at a central agency designated location.

Software Control Record - Agency developed software which the state has ownership to and is capitalized and reportable on the CO-59 and classified under the software category must be recorded within the Asset Management Module of Core-CT. The following format may be used for purchased software not owned by the state included within the agency software inventory. Software licenses are not owned assets, but must be included in the software inventory.

The property control record must contain the following minimum data:

  1. Assigned Identification Number
  2. Title of Software
  3. Description - software name or functional application
  4. Version
  5. Manufacturer
  6. Software Serial/Registration Number (if available)
  7. Acquisition Type - purchased, leased, or donated (gift)
  8. Acquisition Detail - purchase order number, donation source or gift source
  9. Initial Installation Date
  10. Location and ID# of CPU device
  11. Cost - the cost of the purchased software
  12. Disposal - upgraded (list new serial number), transferred, sold or destroyed

An agency may choose to expand upon the reporting requirements stated herein. LAN applications need only to reference the file server and not individual computers if the agency has only installed a central copy of the software.

Information for Developing an Agency Plan - The following information is provided as a resource for developing an agency plan for implementing the State's Software Management Policy.

United States Copyright Law - Software is automatically protected by federal copyright law from the moment of its creation. The rights granted to the owner of a copyright are clearly stated in the Copyright Act, which is found at Title 17 of the US Code. The Act gives the owner of the copyright "the exclusive rights" to "reproduce the copyrighted work" and "to distribute copies of the copyrighted work" (Section 106). It also states that "anyone who violates any of the exclusive rights of the copyright owner is an infringer of the copyright" (Section 501), and sets forth several penalties for such conduct. Persons who purchase a copy of software have no right to make additional copies without the permission of the copyright owner, except for the rights to (i) copy the software as an essential step in the utilization of the computer program and to (ii) make "another copy for archival purposes only," which are specifically provided in the Copyright Act (Section 117).

Software creates unique problems for copyright owners because it is so easy to duplicate, and the copy is usually as good as the original. This fact, however, does not make it legal to violate the rights of the copyright owner. Although software is a medium of intellectual property, its protection is grounded in the long-established copyright rules that govern more familiar media, such as records, books, and films. The unauthorized duplication of software constitutes copyright infringement whether it is done for sale, for free distribution, or for the copier's own use. Moreover, individuals who copy are liable for the resulting copyright infringement whether or not they knew their conduct violated federal law. Penalties include liability for damages suffered by the copyright owner plus any profits of the infringer that are attributable to the copying, or statutory damages of up to $100,000 for each work infringed. The unauthorized duplication of software is also a Federal crime if done "willfully and for purposes of commercial advantage or private financial gain." Criminal penalties include fines of as much as $250,000 and jail terms of up to five years.

To Summarize the United States copyright Law: A "Software Package" may be used on any compatible computer, but only on one computer at a time unless otherwise specified by the licensee. Each user is authorized to make archival copies of the software for the sole purpose of making a backup diskette to protect his/her investment from loss. Software purchased for Local Area Networks (LANS) will be available only to the maximum number of simultaneous operators as specified by the license. Each package must be evaluated individually, based upon how the manufacturer has designed it to operate in a network environment. In any case, a single package cannot be installed on multiple stand-alone networks. The rule for making LAN-based software backups is the same as that for stand-alone PC software (one back-up copy for each LAN application). Under no circumstances is a state employee allowed to download an application from the LAN server to a local hard drive as this will be in violation of the licensing agreement. This would result in two copies per one LAN licensed copy.

Self Audit - Objective: Each agency may conduct its own audit to determine whether they are complying with applicable software license agreements. Software compliance is a legal responsibility for state agencies and non-compliance can impact an agency as they may be held financially liable for unlicensed copies. Agencies may be advised to pursue this course of action as a prelude to an audit by the Auditors of Public Accounts.

The purpose of a self-audit is:

a) to provide a reference point for agencies establishing software inventory,
b) to determine what application software is installed on networks and stand-alone computer systems,
c) to remove and replace any unauthorized software found, and
d) to evaluate the current state of agency compliance.

Pre-audit procedures:

a) Collect and review all software purchase records.
b) Collect and review all software license agreements.
c) Select a date for the audit.
d) Decide whether employees will be notified in advance.
e) Use auditing software to search networks and stand-alone hard drives and portable computers.

Post-audit procedures:

a) Compare audit results with records of authorized software.
b) Address use of state-owned software on home computers as determined by the software license and agency policy.
c) Either remove or destroy unauthorized software or purchase a license for it, as appropriate.
d) Analyze results to determine future software purchasing needs.

Usage Standards by License Type

The license agreement is a contract between the software publisher and the user. The precise wording of the license agreement varies with each software vendor and each vendor has a policy governing the use of its product. The purchaser/licensee of software is only purchasing the right to use a particular application from a software publisher. Software publishers vary in terms and types of their licensing agreements. These variations do not preclude any agency from ignoring the terms under which a purchase of software is made. If a user is not sure, he/she should ask his/her agency representative or call the software publisher to clarify the issue. Do not make assumptions or interpretations of legal language. A confirming letter should back up all telephone conversations with the publisher. Do not put the agency or any individuals in jeopardy.

License agreements generally fall into the following categories:

a) Individual and Machine/PC Licenses,
b) Concurrent License,
c) Network License,
d) Site/Enterprise License,
e) Font License,
f) Bundled Software,
g) Shareware, Demonstration Software,
h) Freeware or Bulletin Board Software,
i) Personal Software
j) Secondary Installation of Software

a) . Individual and Machine/PC Licenses - Individual licenses apply to single users or to specific computers. An example would be a word processing program designed to operate on a single workstation. An individual license is exactly as the name implies: a license for one user, or for use only on one machine.
 
  License Per Individual - Software can be licensed to a particular individual, meaning that a specific person can only use it. This method of licensing is most suitable for software that will be used only by one person and at other times is idle. For example, the organization's accountant might be the only person who needs to run a tax preparation program. While this method makes it clear what can run the software, it also raises other issues: i.e., can the licensed individual use the package both at work and at home?
 
  Individually licensed software is licensed to one user for use on one workstation. Loading software onto another machine (even if owned by the same user) may constitute a violation of copyright. However, some software manufacturers allow the user of the software to make additional copies. Again, where permitted, this may allow the licensed individual, under the terms of the license, to make a copy of the software for a home PC and/or lap top computer as well as an office workstation.
  The idea here is that the user cannot be in more than one place at a time; therefore, the software can only be used at one place at a time. Users wishing to run one copy of software on multiple machines should read their license agreements carefully and contact the publisher with any questions.
 
  LAN managers report that tracking licensed individuals on a network is time-consuming and complicated. In organizations with considerable employee movement and turnover, monitoring software use under individual license is nearly impossible. This method is least popular with LAN managers.
 
  License Per Machine - Software licensed per machine requires that customers purchase a license for each PC that might use the software. For example, if the agency has an environment with 100 PC's, the agency would need to buy 100 licenses. Many software managers purchase software in this manner because it almost guarantees they won't violate the license agreement or the copyright law. Common examples of this type of license include operating system software, such as DOS, screen savers, or software that is explicitly tied to the workstation's hardware.
 
  Duplicate Media - Some publishers put both 3-1/2" disks and CD-ROM in the same box, but there is still only one license. These disks should be considered as the same license. Both copies have been provided simply for ease of installation. The agency cannot give the unused set of disks to any one else.
 
  Software Suites - A suite is a group of applications sold together. Though a suite contains different applications, it contains only one license. Different applications within the suite cannot be used concurrently by two separate people. For example, if the agency purchases "Word Perfect Office" (containing the products Word Perfect, Quattro Pro, and Presentations), the agency is not permitted to install "Quattro Pro" on one workstation, and install "WordPerfect" on another. All applications in the suite must be installed on the same PC.
  Upgrades/Updates - An upgrade, sometimes called an update, is an improvement to the original version of the software. The software publisher may have added additional features in the program, or made other substantive improvements. When a software publisher offers version 5.0 of a product, and subsequently releases version 6.0, the 6.0 version is an improvement to version 5.0.
 
  For the software user using version 5.0 of the product, the following two scenarios can take place when considering upgrading to the new version:
 
A.  If the agency is using version 5.0 and decides to upgrade to version 6.0, the agency only has one license for both versions. Remember that the upgrade is an improvement to the original. It does not create a second license and there can only be one hardware installation of this software product under the original terms. In order to obtain the upgrade, the agency will have to demonstrate ownership of version 5.0. Ownership may be proved with the first page of the manual or original disks. The prior version becomes a back-up copy and cannot be passed to another employee within the organization, nor can it be resold.
 
B.  If the agency is using version 5.0 and decides to purchase version 6.0 without utilizing the publishers upgrade program, the agency is then permitted to re-sell the prior version, if permitted in the license, or give version 5.0 to an associate. In this example, the agency would be paying the normal retail price for version 6.0 and would not have to demonstrate ownership of version 5.0. As the agency purchased version 6.0, the agency then has two licenses-one for version 5.0 and one for version 6.0.
 
  It is extremely important for the software manager to keep an accurate accounting of upgrades and new product purchases. Some software managers that go with option A, above, mark the disks, manuals and purchase records with a "U", signifying an upgrade from a prior version.
 
C.  Competitive Upgrades are used by many software companies as a means to gain market share. A competitive upgrade is nothing more than a special offer to the agency from a software publisher.
 
  For example, the agency is currently using Lotus 1-2-3, and Microsoft would like the agency to start using their spreadsheet, Excel, instead. Microsoft will sell the agency a license for Excel at a deeply discounted price in order to get the agency to become a registered user. Since the competitive upgrade is a special sales offer, acceptance of the offer does not obligate the agency to cease use of the older product. In the above example, the user's license to continue to use a previously purchased copy of Lotus 1-2-3 may not be revoked by Microsoft. The agency has two valid licenses. For purposes of showing authorized software, the software manager will still need to retain roof of ownership for both pieces of software.

 

Individual License Violations

With an individual license, software cannot be loaned to a friend, even if the software was delivered in both CD-ROM and 3-1/2" formats. It is a violation of copyright to keep one set of disks and lend or give away the other set.

Another very common misuse of an individual license is loading the software onto a file server (LAN) and configuring it in such a way that it can be used by multiple users. In addition, it would be a violation to take the same copy of software and install it on multiple PC's without having the appropriate number of corresponding licenses.


b) . Concurrent License - A concurrent license allows a limited number of users to connect simultaneously to a software application. The number of users may be limited to 5, 10, 25, 100 or more, depending on the publisher. Concurrent licenses are becoming more popular due to the increased use of LAN environments.
 
  For example, if the agency has 25 users, but only 10 use a spreadsheet at any given time, then the agency would only need to purchase 10 copies of the program. Concurrent licensing is a potentially money-saving and attractive option because the agency can purchase only the amount of software needed. It is an ideal solution for those applications in which the peak usage rate is less than the total number of potential users. However, the agency needs a method to estimate this peak period. Some software vendors design their software to lock out any extra users beyond the number authorized. Some do not. If the publisher does not install this feature into its product, the responsibility is then with the software manager to ensure its legal use. Many software managers will install metering software to count the number of concurrent users, and also lock out unauthorized users.
 
  Each organization using software with a concurrent license has the responsibility to conform to the license agreement regardless of whether or not the software locks out the extra user trying to access the software.
 
  Self-metering, concurrently licensed software often comes in a special file server edition. The software includes a network setup disk with a counter utility and a LAN pack. Vendors frequently sell LAN packs in increments of five or more users. If more than five users need to access the software, the agency must purchase additional LAN packs. Vendors usually offer these packs at discounted rates compared with the cost of the five stand-alone copies. Many software publishers have adopted concurrent use licensing for their application software, but not for operating systems.
 

Concurrent License Violations

When more users are using the software at one time than the license allows, they are in violation of the license agreement. For example, if the agency put a five-user software application on the network, but 50 people are using it, 45 of these users are violating the license agreement.


c) . Network License - How the agency defines a network and how a publisher defines a network may be very different. Read the network license very carefully to determine the publisher's definition.
 
  A network license is generally limited to a Local Area Network (LAN) or individual file server. The network license is different from the concurrent license in that every member of the network is allowed to access the program. Also, the software is installed on only one server on the network (rather than on each computer, as is the case in the concurrent licensing).
 
  The number of users is limited to the number of connections the network operating system (NOS) allows to the file server. Software limited to a file server is often coded so it cannot be loaded on to another file server, and the license agreement generally prohibits the agency from installing the software on multiple file servers. Therefore, it is the responsibility of the organization to monitor software usage.
 
  File server licenses are an excellent choice for system software programs and network management tools because they don't require accurate user or PC counts. Because the agency only installs a single copy, the software is easier to install, administer and upgrade.
 
  Selling software in this manner allows the vendor to present a cost-effective solution to organizations with large networks.

Network License Violations

Copyrights are violated when the licensed software is loaded on more than one file server at a time.


d) . Site/Enterprise License - For purposes of software licensing, "site" has multiple definitions, including:
 
 
  • A single geographic area (Example: New York offices of XYZ Corporation).
  • One organization in many areas (Example: New York, Los Angeles, and Hong Kong offices of XYZ Corporation).
  • A corporate division on separate floors of an office building (Example: Accounting Department of the Department of Education).
  • Corporate offices and home PC's of all employees.
 
 
 
  When organizations purchase many software licenses, vendors sometimes offer a volume discount or a site license. The discount can be applied to all forms of software licensing. Organizations with 100 file servers may receive a discount on software licensed by file server, while organizations with 100 PC's may get a discount on software licensed by machine. A site license may consist of a discounted price on multiple copies of software or it may allow unlimited copies of a single disk. The vendor may adjust the price based on the number of nodes on the network or the number of file servers. Obtaining a site license is generally less expensive than purchasing individual copies for each user. Generally, when acquiring a license such as this, the organization interested in the site license must deal directly with the publisher.
 
  Enterprise-wide license, also known as a "Gold Disk," is an unlimited use license, but it has a set term of use that the agency must generally renew annually. This type of license is usually more suitable for a large organization with a large number of computers with multiple site locations.
 

Site/Enterprise License Violations

Piracy occurs when this software is loaded at one or more additional sites without purchasing another site license agreement. Another copyright violation of the site license occurs when users download the software for home use, even if it is used for business-related purposes. The license may allow this. It is the responsibility of the software manager to determine if this is an allowed use per the license agreement.
 


e) . Font License - There are two fundamental models for the licensing of font software, so called printer-based and CPU-based licensing.
 
  "Printer-based licensing" licenses the font software to an output device, and to any computers connected to that output device. For example, if there were ten computers connected to one printer, one licensed copy of the font software would allow the licensee to use the fonts on all ten computers connected to the printer. If another printer were to be connected to the computers, an additional license for the font software would be required.
 
  "CPU-based licensing" licenses the font software to computers, not output devices. In the example above, with ten computers connected to one printer, ten licenses are required under a CPU-based licensing model if the licensee desires to use the font software on all ten computers. However, no additional licenses are required if additional output devices are connected to the computers.
 

Font License Violations

The type of output device used and what type of license has been purchased determines violations. Printer-based violations occur when a single output license is purchased but multiple printers are used. Computer-based violations occur when a single computer is licensed for the font but it is used on multiple computers.

 
f) . Bundled Software - When a computer is purchased with "bundled" software (sold as part of the unit), even though this software is part of the purchase price, the software must be inventoried at this point. This fact must be documented on an invoice or substantiated by other documentation. When upgrades of the computer's "bundled" software are purchased, the new upgraded version will become part of the software inventory. Any upgrade of software must be installed on the computer with the original version. Under no circumstances may any upgrade be separately installed on another computer as this violates copyright law. The original version and the upgrade are joined together under one license agreement. The old version's back-up copy is to be destroyed and an upgrade copy retained in its place.
 
g) . Shareware/Demonstration Software - This is software that is marketed by freely distributing a limited or full version of the software through trade shows, bulletin boards, World Wide Web sites, File Transfer Protocol sites, Internet sites, E-mail, or by handing it from one user to another.
 
  Potential users are encouraged to copy the program for "preview" purposes to determine whether or not they want to purchase it. The rule with Shareware is if the user likes the program and keeps it, the user sends the developer payment for it. If the user keeps it but does not pay for it, the user is in violation of the copyright. Almost all Shareware includes a "read me" file or an opening menu stating that the program is Shareware and how and where to send the payment. Use of this type of software must be approved in writing from the administrator designated to oversee the software inventory.
 
  If a state employee desires to install his or her own purchased program as demonstration software for a possible future agency purchase, the agency must develop written procedures and a form to document this type of installation. The administrator may authorize an installation of this type only if the owner can show proof of original ownership and that the use of this software will benefit the State. At a minimum, this must include a. verification that the program has been checked by an agency approved virus program; b. verification that the program is legally licensed to the employee: c. the test is limited to a defined time frame.
 
  Note - Any software that cannot be confirmed as a legally licensed copy may not be brought into an agency and evaluated for any reason.
 
h) . Freeware or Bulletin Board Software - Freeware, also known as "public domain software," is software distributed for general use with no restrictions placed on it by the developer. It is usually distributed in much the same way as Shareware, but no payment is required from the end user.
 
  Upgrade drivers or patches distributed by software vendors are also classified as freeware.
 
  While the terms of the Copyright Act automatically protect all software from the moment of creation, the developers of Freeware voluntarily waive their rights to the software when they choose to distribute it free of charge, and a statement to that effect is usually found in a "read me" file or an opening menu. In some instances, Freeware may be modified by the end user without authorization from the developer.
 
  Because of its nature, the individual may use and share Freeware without fear of copyright violation. However, any installation on state-owned hardware must have prior written approval as this type of software falls under the same guidelines as "Shareware/Demonstration Software." Extreme caution should be exercised to maintain virus control.
 
  Note - Agencies may elect to prohibit installation of any shareware, freeware, or demonstration software by their employees or limit the installation to specific individual circumstances.
 
i) . Personal Software - Personal software is software that is not licensed to the State of Connecticut or its subdivisions. Personal software may not be installed on any computer owned or leased by the State or the Federal Government or purchased with Federal Funds for use by the State, except in those specific instances covered in ”License Agreements” in this chapter. Any installation of personal software may compromise the integrity of the State's compliance with copyright laws and may expose the stand-alone computer or network file server to the introduction of computer viruses.
 
j) . Secondary Installation of Software - An installation of state owned software on a home or field office computer must be permitted by that software product's license agreement. Agencies are responsible for establishing written procedures to document this installation as permitted by the license agreement and as necessary for the efficient operation of an agency's functions.
 
  These procedures need to identify the software installed, the installer, location, date of installation, hardware, and subsequent date of the un-install/removal of the software.
 
  An agency provided with uninstall software program will document the removal of this secondary installation when it becomes necessary.

Employee Education Program - Many State employees are generally uninformed with regard to how software is impacted by the Copyright Act. In most instances of copyright license violations, it is ignorance of the law rather than intentional abuse, that is the root of the problem. For this reason it is important for agencies to institute an employee education program with the commencement of this Software Management Policy.

It is crucial that all State employees understand their responsibilities with regard to the software programs that they access and use in their daily work environment. To accomplish this, information must be disseminated that addresses: types of software licenses; code of software ethics; copyright laws; agency software policy; and annual software audits.

Agency heads will be provided with an employee information pamphlet that will be developed for all state agencies. However, it is the agency's responsibility to educate its employees regarding this Software Management Policy.

Copyright Protection for State Developmental Software
The State of Connecticut is responsible for ensuring compliance with software manufacturers' licensing requirements.

However, the State must also ensure that it protects its own interests when contracting with vendors to develop custom software. While a proposal is being examined, the State's right to the copyright or waiver of rights, with respect to future commercial applications in the public or private sector should be documented.

If the State decides to retain the copyright to the software (agencies should be aware that this right may increase the cost of the contract so the cost-benefit aspect of this decision must be weighed), specific contract language may be incorporated into the contract. Check with the respective agency Attorney General liaison. See Appendix D for specific contract language.

Computer Viruses
A computer virus may manifest itself as a self-replicating segment of computer code designed to spread to other computers by sharing "infected" software. Viruses may be "benign" or "malignant." Benign viruses replicate, but do no malicious damage. For example, they may beep or display messages on the screen, but they do no intentional damage. Malignant viruses attempt to damage computer resources such as erasing a hard drive.

Some symptoms of computer viruses are: system crash; slower than normal program operation: change in file size; loss or change of data; and unusual and frequent error messages.

Agencies must develop procedures for system protection by designing, installing, and using virus detection software. These procedures must also incorporate the downloading of information from communications links such as America On-Line, Internet, World Wide Web sites, File Transfer Protocol sites, etc.

Disposal of Software - The procedures for the disposal of surplus software are outlined in chapter 8 “Disposition of Surplus Property” in this manual.

Return to Table of Contents
Return to Index of Comptroller's Manuals
Return to Comptroller's Home Page