To establish a Software Management Policy governing the use of approved and/or licensed software by State agencies and to establish a uniform policy for the prevention of software copyright infringement.


This policy applies to all branches of state government.


The following words and terms, whenever used or referred to in this manual, shall have the following respective meanings:

1) "Access" means to instruct, communicate with, store data in, or retrieve data from a computer, computer system or computer network.

2) "Agency" means any executive, administrative, judicial, or legislative office of the State of Connecticut, including any department, institution, bureau, board, or commission.

3) "Authorized software" means computer software developed, approved, purchased or licensed by an agency.

4) "Computer" means an electronic, magnetic, optical, organic, or other processing device or system that performs logical, arithmetic, memory, or storage functions. It includes any data storage facility, or communications facility that is directly related to or operated in conjunction with that device or system.

5) "Computer Network" means (A) a set of related devices connected to a computer by a communications facilities, or (B) a complex of two or more computers, including related devices, connected by communications facilities.

6) "Computer Software" means one or more computer programs, existing in any form, instructions, manuals, associated operational procedures, or other documentation. Software provides the instructions and controls through symbolic languages of the operation of all computers including stand-alone and LAN (local area network) personal computers and related equipment as well as mainframe computers.

7) "Computer System" means one or more connected or unconnected computers, peripheral devices, software, data, programs communications facilities, and computer networks.

8) "Copyright" means the rights granted to the owner of software by the Copyright Act.

9) "LAN" means local area network or a system served by a single file server.

10) "License Agreement" means a contract between the software publisher and the user.

11) "Person" means a natural person, corporation, trust, incorporated or unincorporated association and any other legal entity or governmental entity, including any state or municipal entity or public official.

12) " Computer Virus" means a software executable code segment which is covertly incorporated into the executable program code files (ie.EXE,BIN,BAT,SYS,COM,DLL, etc.) or data files of a computer or computer network and is activated when the host program executes. It can cause system crashes, changes of data or complete erasure of hard drives.

PC Software, as used here, is purchased from licensed and copyrighted vendors to be used for a specific application, job or procedure. The programs are stored on machine readable media such as 3.5" diskettes, CD-ROM, magnetic tape etc. and usually include a manual of instructions and procedures. Also included is a USER WARRANTY REGISTRATION CARD which is considered to be part of each software package.


The Office of the State Comptroller, Office of Policy and Management, and Department of Administrative Services are responsible for the establishment and implementation of a statewide software policy for the prevention of software copyright infringement. The Office of the State Comptroller is responsible for promulgating procedures for the establishment of software inventory data bases for use by agencies of the State. These procedures are contained in Chapter 8 in the Property Control Manual. This inventory may also be used to provide source documentation to verify an agency's compliance with the Copyright Act, US code, Title 17. The Department of Administrative Services and Office of Policy and Management will provide the administrative oversight and support and monitor changes in technology that might necessitate revisions to this policy.


1) Software is protected by the Copyright Act, US code, Title 17. This act gives the owner of the copyright the exclusive rights to reproduce, sell, and distribute the copyrighted work. The agencies of the State of Connecticut will comply with all provisions of this law.

2) An agency that purchases/licenses a copy of software has the right to use it in accordance with the terms of the software license, including installing the software on home PCs if the software license agreement provides for it.

3) Agency heads are responsible for ensuring that the agency is abiding by the terms of all software licenses.

4) The State of Connecticut will provide legally acquired software to meet its legitimate needs in a timely fashion and in sufficient quantities to satisfy those needs. The use of this software is restricted to conducting the state's business.

5) Only state agency authorized software shall be installed or used on state-owned or leased hardware. The use of unlicensed software copies (software used in violation of the software license), personally-owned software, and unauthorized bulletin board or shareware software is strictly forbidden.

6) The State of Connecticut will enforce internal controls to prevent the making or using of unauthorized software copies, including measures to verify compliance with these standards and appropriate disciplinary actions for violations of these standards.

7) Agencies are to maintain a software inventory as described in Chapter 8 of the Comptroller's Property Control Manual.

8) Agencies will develop and implement a plan to protect its data against infection by computer viruses.

9) Use of Internet Services Providers, Browser and/or FTP software must be approved prior to utilization on state hardware.

10) Any software purchased with state or federal funds for installation on state-owned or leased hardware for use in conducting state business shall be licensed in the name of the State of Connecticut, or, failing that, licensed in the name of the agency making the purchase.



1) The agency head, or designee, is responsible for overseeing agency compliance with Federal copyright statutes and this Software Management Policy.

2) The agency head, or designee, shall maintain positive control of software, including compliance with the State Comptroller's software inventory procedures, and shall establish accounting procedures that document purchases of all software.

3) The agency head, or designee, shall maintain records of all software installations including secondary external installations allowed by certain software license agreements and software licenses.

4) The agency head shall adopt the State of Connecticut Software Code of Ethics (See

Appendix II).

5) The agency head shall certify in writing its compliance with this policy when requested by the Department of Information Technology, or its designee.

6) Each agency shall participate in a statewide employee software information program which:

1) Explains this Software Management Policy.

2) Provides the resources to effectively inform employees on their responsibilities for the use of state-owned software and the prevention of software piracy and software viruses.

3) Reinforces the agency's commitment to comply with the Copyright Act.

7) The agency head, or designee, shall incorporate, by reference, the State's Software

Management Policy into the annual agency technology plan.

8) Agencies shall develop an action plan to implement the State Software Management Policy.


The following information is provided as a resource for developing an agency plan for implementing the State's Software Management Policy.

(1) United States Copyright Law

(2) Self Audit

(3) Usage Standards by License Type

(4) Employee Education Program


Software is automatically protected by federal copyright law from the moment of its creation. The rights granted to the owner of a copyright are clearly stated in the Copyright Act, which is found at Title 17 of the US Code. The Act gives the owner of the copyright "the exclusive rights" to "reproduce the copyrighted work" and "to distribute copies ... of the copyrighted work" (Section 106). It also states that "anyone who violates any of the exclusive rights of the copyright owner ... is an infringer of the copyright" (Section 501), and sets forth several penalties for such conduct. Persons who purchase a copy of software have no right to make additional copies without the permission of the copyright owner, except for the rights to (i) copy the software onto a single computer and to (ii) make "another copy for archival purposes only," which are specifically provided in the Copyright Act (Section 117).

Software creates unique problems for copyright owners because it is so easy to duplicate, and the copy is usually as good as the original. This fact, however, does not make it legal to violate the rights of the copyright owner. Although software is a new medium of intellectual property, its protection is grounded in the long-established copyright rules that govern more familiar media, such as records, books, and films. The unauthorized duplication of software constitutes copyright infringement whether it is done for sale, for free distribution, or for the copier's own use. Moreover, individuals who copy are liable for the resulting copyright infringement whether or not they knew their conduct violated federal law. Penalties include liability for damages suffered by the copyright owner plus any profits of the infringer that are attributable to the copying, or statutory damages of up to $100,000 for each work infringed. The unauthorized duplication of software is also a Federal crime if done "willfully and for purposes of commercial advantage or private financial gain." Criminal penalties include fines of as much as $250,000 and jail terms of up to five years.


A "Software Package" may be used on any compatible computer, but only on ONE COMPUTER AT A TIME unless otherwise specified by the licensee. Each user is authorized to make archival copies of the software for the sole purpose of making a backup diskette to protect his/her investment from loss. Software purchased for Local Area Networks (LANS) will be available only to the maximum number of simultaneous operators as specified by the license. Each package must be evaluated individually, based upon how the manufacturer has designed it to operate in a network environment. In any case, a single package cannot be installed on multiple stand-alone networks. The rule for making LAN-based software backups is the same as that for stand-alone PC software (one back-up copy for each LAN application). Under no circumstances is a state employee allowed to download an application from the LAN server to a local hard drive as this will be in violation of the licensing agreement. This would result in two copies per one LAN licensed copy.


OBJECTIVE - Each agency may conduct it's own audit to determine whether they are complying with applicable software license agreements. Software compliance is a legal responsibility for state agencies and non-compliance can impact an agency as they may be held financially liable for unlicensed copies. Agencies may be advised to pursue this course of action as a prelude to an audit by the Auditors of Public Accounts.

The purpose of a self audit is:

1) to provide a reference point for agencies establishing a software inventory,

2) to determine what application software is installed on networks and stand-alone computer systems,

3) to remove and replace any unauthorized software found, and

4) to evaluate the current state of agency compliance.

Pre-audit procedures:

1) Collect and review all software purchase records.

2) Collect and review all software license agreements.

3) Select a date for the audit.

4) Decide whether employees will be notified in advance.

5) Use auditing software to search networks and stand-alone hard drives and portable computers.

Post-audit procedures:

1) Compare audit results with records of authorized software.

2) Address use of state-owned software on home computers as determined by the software license and agency policy.

3) Either remove or destroy unauthorized software or purchase a license for it, as appropriate.

4) Analyze results to determine future software purchasing needs.


The license agreement is a contract between the software publisher and the user. The precise wording of the license agreement varies with each software vendor and each vendor has a policy governing the use of its product. The purchaser/licensee of software is only purchasing the right to use a particular application from a software publisher. Software publishers vary in terms and types of their licensing agreements. These variations do not preclude any agency from ignoring the terms under which a purchase of software is made. If a user is not sure, he/she should ask his/her agency representative or call the software publisher to clarify the issue. Do not make assumptions or interpretations of legal language. All telephone conversations with the publisher should be backed up by a confirming letter. Do not put the agency or any individuals in jeopardy.

License agreements generally fall into the following categories:

(a) Individual and Machine/PC Licenses,
(b) Concurrent License,
(c) Network License,
(d) Site/Enterprise License,
(e) Font License,
(f) Bundled Software.

This section also covers Shareware, Freeware, Personal Software and Demonstration Software. Shareware, Freeware and Demonstration software operate under a somewhat different concept, but are still governed by copyright laws. Personally owned software may not be installed on state-owned hardware, except if such installation has been approved for test or demonstration purposes by the agency.


Individual licenses apply to single users or to specific computers. An example would be a word processing program designed to operate on a single workstation. An individual license is exactly as the name implies: a license for one user, or for use only on one machine.

License Per Individual

Software can be licensed to a particular individual, meaning that it can only be used by a specific person. This method of licensing is most suitable for software that will be used only by one person and at other times is idle. For example, the organization's accountant might be the only person who needs to run a tax preparation program. While this method makes it clear who can run the software, it also raises other issues: i.e., can the licensed individual use the package both at work and at home?

Individually licensed software is licensed to one user for use on one workstation. Loading software onto another machine (even if owned by the same user), may constitute a violation of copyright. However, some software manufacturers allow the user of the software to make additional copies. Again, where permitted, this may allow the licensed individual, under the terms of the license, to make a copy of the software for a home PC and/or lap top computer as well as an office workstation. The idea here is that the user cannot be in more than one place at a time, therefore, the software can only be used at one place at a time. Users wishing to run one copy of software on multiple machines should read their license agreements carefully and contact the publisher with any questions.

LAN managers report that tracking licensed individuals on a network is time-consuming and complicated. In organizations with considerable employee movement and turnover, monitoring software use under individual license is nearly impossible. This method is least popular with LAN managers.

License Per Machine

Software licensed per machine requires that customers purchase a license for each PC that might use the software. For example, if the agency has an environment with 100 PC's, the agency would need to buy 100 licenses. Many software managers purchase software in this manner because it almost guarantees they won't violate the license agreement or the copyright law. Common examples of this type of license includes operating system software, such as DOS, screen savers, or software that is explicitly tied to the workstation's hardware.

Duplicate Media

Some publishers put both 3-1/2" disks and CD-ROM in the same box, but there is still only one license. These disks should be considered as the same license. Both copies have been provided simply for ease of installation. The agency cannot give the unused set of disks to any one else.

Software Suites

A suite is a group of applications sold together. Though a suite contains different applications, it contains only one license. Different applications within the suite cannot be used concurrently by two separate people. For example, if the agency purchases "Corel Perfect Office" (containing the products Word Perfect, Quattro Pro, and Paradox), the agency is not permitted to install "Quattro Pro" on one workstation, and install "WordPerfect" on another. All applications in the suite must be installed on the same PC.


An upgrade, sometimes called an update, is an improvement to the original version of the software. The software publisher may have added additional features in the program, or made other substantive improvements. When a software publisher offers version 5.0 of a product, and subsequently releases version 6.0, the 6.0 version is an improvement to version 5.0.

For the software user using version 5.0 of the product, the following two scenarios can take place when considering upgrading to the new version. They are:

A. If the agency is using version 5.0 and decides to upgrade to version 6.0, the agency only has one license for both versions. Remember, the upgrade is an improvement to the original. It does not create a second license and there can only be one hardware installation of this software product under the original terms. In order to obtain the upgrade, the agency will have to demonstrate ownership of version 5.0. Ownership may be proved with the first page of the manual or original disks. The prior version becomes a back-up copy and cannot be passed to another employee within the organization, nor can it be resold.

B. If the agency is using version 5.0 and decide to purchase version 6.0 without utilizing the publishers upgrade program, the agency is then permitted to re-sell the prior version, if permitted in the license, or give version 5.0 to an associate. In this example, the agency would be paying the normal retail price for version 6.0 and would not have to demonstrate ownership of version 5.0. As the agency purchased version 6.0, the agency then has two licenses-one for version 5.0 and one for version 6.0.

It is extremely important for the software manager to keep an accurate accounting of upgrades and new product purchases. Some software managers that go with option A, above, mark the disks, manuals and purchase records with a "U", signifying an upgrade from a prior version.

C. Competitive Upgrades are used by many software companies as a means to gain market share. A competitive upgrade is nothing more than a special offer to the agency from a software publisher. For example, the agency is currently using Lotus 1-2-3, and Microsoft would like the agency to start using their spreadsheet, Excel, instead. Microsoft will sell the agency a license for Excel at a deeply discounted price in order to get the agency to become a registered user.

Since the competitive upgrade is a special sales offer, acceptance of the offer does not obligate the agency to cease use of the older product. In the above example, the user's license to continue to use a previously purchased copy of Lotus 1-2-3 may not be revoked by Microsoft. The agency has two valid licenses. For purposes of showing authorized software, the software manager will still need to retain proof of ownership for both pieces of software.


With an individual license, software cannot be loaned to a friend, even if the software was delivered in both CD-ROM and 3-1/2" formats. It is a violation of copyright to keep one set of disks and lend or give away the other set.

Another very common misuse of an individual license is loading the software onto a file server (LAN) and configuring it in such a way that it can be used by multiple users. In addition, it would be a violation to take the same copy of software and install it on multiple PC's without having the appropriate number of corresponding licenses.


A concurrent license allows a limited number of users to connect simultaneously to a software application. The number of users may be limited to 5, 10, 25, 100 or more, depending on the publisher. Concurrent licenses are becoming more popular due to the increased use of LAN environments.

For example, if the agency has 25 users, but only 10 use a spreadsheet at any given time, then the agency would only need to purchase 10 copies of the program. Concurrent licensing is a potentially money-saving and attractive option because the agency can purchase only the amount of software needed. It is an ideal solution for those applications in which the peak usage rate is less than the total number of potential users. However, the agency needs a method to estimate this peak period. Some software vendors design their software to lock out any extra users beyond the number authorized. Some do not. If the publisher does not install this feature into its product, the responsibility is then with the software manager to ensure its legal use. Many software managers will install metering software to count the number of concurrent users, and also lock out unauthorized users. Each organization using software with a concurrent license has the responsibility to conform to the license agreement regardless of whether or not the software locks out the extra user trying to access the software.

Self-metering, concurrently licensed software often comes in a special file server edition. The software includes a network setup disk with a counter utility and a LAN pack. Vendors frequently sell LAN packs in increments of five or more users. If more than five users need to access the software, the agency must purchase additional LAN packs. Vendors usually offer these packs at discounted rates compared with the cost of the five stand-alone copies. Many software publishers have adopted concurrent use licensing for their application software, but not for operating systems.


When more users are using the software at one time than the license allows, they are in violation of the license agreement. For example, if the agency put a five-user software application on the network, but 50 people are using it, 45 of these users are violating the license agreement.


How the agency defines a network and how a publisher defines a network may be very different. Read the network license very carefully to determine the publisher's definition.

A network license is generally limited to a LAN or individual file server. The network license is different from the concurrent license in that every member of the network is allowed to access the program. Also, the software is installed on only one server on the network (rather than on each computer, as is the case in the concurrent licensing).

The number of users is limited to the number of connections the network operating system (NOS) allows to the file server.

Software limited to a file server is often coded so it cannot be loaded on to another file server, and the license agreement generally prohibits the agency from installing the software on multiple file servers. Therefore, it is the responsibility of the organization to monitor software usage.

File server licenses are an excellent choice for system software programs and network management tools because they don't require accurate user or PC counts. Because the agency only installs a single copy, the software is easier to install, administer and upgrade. Selling software in this manner allows the vendor to present a cost-effective solution to organizations with large networks.


Copyrights are violated when the licensed software is loaded on more than one file server at a time.


For purposes of software licensing, "site" has multiple definitions, including:

When organizations purchase many software licenses, vendors sometimes offer a volume discount or a site license. The discount can be applied to all forms of software licensing. Organizations with 100 file servers may receive a discount on software licensed by file server, while organizations with 100 PC's may get a discount on software licensed by machine. A site license may consist of a discounted price on multiple copies of software or it may allow unlimited copies of a single disk. The vendor may adjust the price based on the number of nodes on the network or the number of file servers. Obtaining a site license is generally less expensive than purchasing individual copies for each user. Generally, when acquiring a license such as this, the organization interested in the site license must deal directly with the publisher.

Enterprise-wide license, also known as a "Gold Disk," is an unlimited use license, but it has a set term of use which the agency must generally renew annually. This type of license is usually more suitable for a large organization with a large number of computers with multiple site locations.


Piracy occurs when this software is loaded at one or more additional sites without purchasing another site license agreement. Another copyright violation of the site license occurs when users download the software for home use, even if it is used for business-related purposes. The license may allow this. It is the responsibility of the software manager to determine if this is an allowed use per the license agreement.


There are two fundamental models for the licensing of font software, so called printer-based and CPU-based licensing.

"Printer-based licensing" licenses the font software to an output device, and to any computers connected to that output device. For example, if there are ten computers connected to one printer, one licensed copy of the font software would allow the licensee to use the fonts on all ten computers connected to the printer. If another printer were to be connected to the computers, an additional license for the font software would be required.

"CPU-based licensing" licenses the font software to computers, not output devices. In the example above, with ten computers connected to one printer, ten licenses are required under a CPU-based licensing model if the licensee desires to use the font software on all ten computers. However, no additional licenses are required if additional output devices are connected to the computers.


Violations are determined by the type of output device used and what type of license has been purchased. Printer-based violations occur when a single output license is purchased but multiple printers are used. Computer-based violations occur when a single computer is licensed for the font but it is used on multiple computers.


Many State employees are generally uninformed with regard to how software is impacted by the Copyright Act. In most instances of copyright license violations, it is ignorance of the law rather than intentional maleficence that is the root of the problem. For this reason it is important for agencies to institute an employee education program with the commencement of this Software Management Policy.

It is crucial that all State employees understand their responsibilities with regard to the software programs that they access and use in their daily work environment. To accomplish this, information must be disseminated that addresses: types of software licenses; code of software ethics; copyright laws; agency software policy; and annual software audits. Agency heads will be provided with an employee information pamphlet that will be developed for all state agencies. However, it is the agency's responsibility to educate its employees regarding this Software Management Policy.


When a computer is purchased with "bundled" software (sold as part of the unit), even though this software is part of the purchase price, the software must be inventoried at this point. This fact must be documented on an invoice or substantiated by other documentation. When upgrades of the computer's "bundled" software are purchased, the new upgraded version will become part of the software inventory. Any upgrade of software must be installed on the computer with the original version. Under no circumstances may any upgrade be separately installed on another computer as this violates copyright law. The original version and the upgrade are joined together under one license agreement. The old version's back-up copy is to be destroyed and an upgrade copy retained in its place.


Personal software is software which is not licensed to the State of Connecticut or its subdivisions. Personal software may not be installed on any computer owned or leased by the State or the Federal Government or purchased with Federal Funds for use by the State, except in those specific instances covered in Section 7-3 of this manual. (See Section 10, paragraph 3 for specific instructions regarding the administration of such exceptions.). Any installation of personal software may compromise the integrity of the State's compliance with copyright laws and may expose the stand-alone computer or network file server to the introduction of computer viruses.


This is software that is marketed by freely distributing a limited or full version of the software through trade shows, bulletin boards, World Wide Web sites, File Transfer Protocol sites, Internet sites, E-mail, or by handing it from one user to another.

Potential users are encouraged to copy the program for "preview" purposes to determine whether or not they want to purchase it. The rule with Shareware is if the user likes the program and keeps it, the user sends the developer payment for it. If the user keeps it but does not pay for it, the user is in violation of the copyright. Almost all Shareware includes a "read me" file or an opening menu stating that the program is Shareware and how and where to send the payment (See Appendix C for definitions written by the Association of Shareware Professionals). Use of this type of software must be approved in writing from the administrator designated to oversee the software inventory.

If a state employee desires to install his or her own purchased program as demonstration software for a possible future agency purchase, the agency must develop written procedures and a form to document this type of installation. The administrator may authorize an installation of this type only if the owner can show proof of original ownership and that the use of this software will benefit the State. At a minimum, this must include a) verification that the program has been checked by an agency approved virus program; b) verification that the program is legally licensed to the employee: c) the test is limited to a defined time frame.

NOTE - Any software that cannot be confirmed as a legally licensed copy may not be brought into an agency and evaluated for any reason.


Freeware, also known as "public domain software," is software distributed for general use with no restrictions placed on it by the developer. It is usually distributed in much the same way as Shareware, but no payment is required from the end user. Upgrade drivers or patches distributed by software vendors are also classified as freeware.

While the terms of the Copyright Act automatically protect all software from the moment of creation, the developers of Freeware voluntarily waive their rights to the software when they choose to distribute it free of charge, and a statement to that effect is usually found in a "read me" file or an opening menu. In some instances, Freeware may be modified by the end user without authorization from the developer.

Because of its nature, the individual may use and share Freeware without fear of copyright violation. However, any installation on state-owned hardware must have prior written approval as this type of software falls under the same guidelines as "Shareware/Demonstration Software." Extreme caution should be exercised to maintain virus control.

Note: Agencies may elect to prohibit installation of any shareware, freeware, or demonstration software by their employees or limit the installation to specific individual circumstances.


An installation of state owned software on a home or field office computer must be permitted by that software product's license agreement. Agencies are responsible for establishing written procedures to document this installation as permitted by the license agreement and as necessary for the efficient operation of an agency's functions.

These procedures need to identify the software installed, the installer, location, date of installation, hardware, and subsequent date of the uninstall/removal of the software.

An agency provided uninstall software program will document the removal of this secondary installation when it becomes necessary.


The procedures for the disposal of software are outlined in the State Comptroller's Property Control Manual Chapter 8.


The State of Connecticut is responsible for ensuring compliance with software manufacturers' licensing requirements.

However, the State must also ensure that it protects its own interests when contracting with vendors to develop custom software. While a proposal is being examined, the State's right to the copyright, or waiver of rights, with respect to future commercial applications in the public or private sector should be documented.

If the State decides to retain the copyright to the software (agencies should be aware that this right may increase the cost of the contract so the cost-benefit aspect of this decision must be weighed), specific contract language may be incorporated into the contract. Check with the respective agency Attorney General liaison.(See Appendix I for specific contract language.)


A computer virus may manifest itself as a self-replicating segment of computer code designed to spread to other computers by sharing "infected" software. Viruses may be "benign" or "malignant." Benign viruses replicate, but do no malicious damage. For example, they may beep or display messages on the screen, but they do no intentional damage. Malignant viruses attempt to damage computer resources such as erasing a hard drive.

Some symptoms of computer viruses are: system crash; slower than normal program operation: change in file size; loss or change of data; and unusual and frequent error messages.

Agencies must develop procedures for system protection by designing, installing, and using virus detection software. These procedures must also incorporate the downloading of information from communications links such as On-Line America, Internet, World Wide Web sites, File Transfer Protocol sites, etc.

Back to Comptroller's Home Page
Back to Table Of Contents