On this page

Software Asset Management

Software asset management controls the acquisition, deployment, maintenance, and retirement of software licences to ensure compliance with licence agreements while minimising cost. This task establishes procedures for maintaining an accurate licence inventory, reconciling entitlements against actual deployments, identifying compliance gaps, and preparing for vendor audits.

Entitlement: The contractual right to use software, as documented in licence agreements, purchase orders, or subscription confirmations. Entitlements define what you are permitted to deploy.
Deployment: Software actually installed or accessible within the environment. Deployments represent what you have deployed, regardless of whether entitlements exist.
Effective Licence Position (ELP): The calculated difference between entitlements and deployments. A positive ELP indicates surplus licences; a negative ELP indicates a compliance gap requiring remediation.
Licence metric: The unit by which software usage is measured and licensed. Common metrics include per-user, per-device, per-core, per-instance, and consumption-based measures.
True-up: The contractual process of reconciling actual usage against entitlements and purchasing additional licences to cover any shortfall, typically performed annually for enterprise agreements.

Prerequisites

Before beginning software asset management activities, verify the following requirements are in place.

Access requirements

You need read access to all systems where software is deployed, including servers, workstations, and cloud environments. For discovery tools, this requires local administrator credentials on Windows systems and root or sudo access on Linux systems. Cloud environments require read access to subscription and resource inventories through Azure Portal Reader role, AWS IAM ReadOnlyAccess policy, or equivalent GCP permissions.

You need access to procurement and finance systems to retrieve purchase orders, invoices, and contract documentation. For organisations using enterprise agreements, you need portal access to Microsoft Volume Licensing Service Center (VLSC), Adobe Admin Console, or equivalent vendor portals.

Tool requirements

Deploy a software discovery tool capable of scanning all endpoints and servers. Open source options include OCS Inventory NG (version 2.9 or later) and GLPI (version 10.0 or later). Commercial options with nonprofit programmes include Lansweeper, Snow Software, and Flexera. The discovery tool must support agent-based scanning for endpoints outside the network perimeter and agentless scanning for servers.

Verify the discovery tool database contains current data by checking the last scan date:

-- OCS Inventory: Check last inventory date
SELECT COUNT(*) as total_devices,
       COUNT(CASE WHEN LASTDATE > DATE_SUB(NOW(), INTERVAL 7 DAY) THEN 1 END) as scanned_last_week,
       COUNT(CASE WHEN LASTDATE > DATE_SUB(NOW(), INTERVAL 30 DAY) THEN 1 END) as scanned_last_month
FROM hardware
WHERE DEVICEID != '_SYSTEMGROUP_';

Expected output shows at least 90% of devices scanned within the last 30 days. If coverage falls below this threshold, resolve discovery gaps before proceeding with reconciliation.

Documentation requirements

Gather all licence documentation including purchase orders, licence agreements, enterprise agreement enrolments, subscription confirmations, and renewal notices. Locate any existing software asset register, even if incomplete or outdated. Identify vendor contacts for licence queries and audit communications.

For organisations with nonprofit technology programmes, collect programme enrolment confirmations from TechSoup, Microsoft for Nonprofits, Google for Nonprofits, and similar programmes. These confirmations document entitlements that do not appear in standard procurement records.

Procedure

Establishing the software inventory

Export the current software discovery data to establish your deployment baseline. The export should include software name, version, publisher, installation date, and the device or user associated with each installation.
For OCS Inventory, generate the software export:

   mysql -u ocsuser -p ocsweb -e "
   SELECT h.NAME as device_name,
          s.NAME as software_name,
          s.VERSION as version,
          s.PUBLISHER as publisher,
          h.LASTDATE as last_seen
   FROM hardware h
   JOIN softwares s ON h.ID = s.HARDWARE_ID
   WHERE h.LASTDATE > DATE_SUB(NOW(), INTERVAL 30 DAY)
   ORDER BY s.PUBLISHER, s.NAME;" > software_inventory.csv

Normalise software names to account for variations in how discovery tools report the same product. Adobe Acrobat may appear as “Adobe Acrobat DC”, “Acrobat Reader DC”, “Adobe Acrobat Reader DC (64-bit)”, or “Adobe Acrobat Pro DC” depending on version and installation method. Create a normalisation mapping that groups these variations under canonical product names.
Maintain the normalisation mapping in a reference table:

   Discovered Name                      | Canonical Name           | Product Family
   -------------------------------------|--------------------------|----------------
   Adobe Acrobat DC                     | Adobe Acrobat Pro        | Adobe Acrobat
   Adobe Acrobat Pro DC                 | Adobe Acrobat Pro        | Adobe Acrobat
   Adobe Acrobat Reader DC              | Adobe Acrobat Reader     | Adobe Acrobat
   Adobe Acrobat Reader DC (64-bit)     | Adobe Acrobat Reader     | Adobe Acrobat
   Microsoft 365 Apps for enterprise    | Microsoft 365 Apps       | Microsoft 365
   Microsoft Office 365 ProPlus         | Microsoft 365 Apps       | Microsoft 365

Categorise software into management tiers based on cost, compliance risk, and strategic importance. This categorisation determines the rigour of tracking and reconciliation applied to each product.
Tier 1 (full tracking): Commercial software with licence costs exceeding £1,000 annually or products with complex licence metrics (per-core, per-processor). Includes Microsoft, Oracle, Adobe, VMware, SAP, and similar enterprise software.
Tier 2 (standard tracking): Commercial software with annual costs between £100 and £1,000 or products included in volume agreements. Includes productivity tools, security software, and specialist applications.
Tier 3 (register only): Free commercial software, freeware, and low-cost applications under £100 annually. Track for security and supportability but do not perform licence reconciliation.
Open source: Software distributed under open source licences. Track for licence compliance obligations (copyleft, attribution) rather than entitlement counts.
Create or update the software asset register with the normalised, categorised inventory. The register serves as the authoritative record linking deployments to entitlements.
The register must contain, at minimum:

   +-------------------------------------------------------------------+
   |                    SOFTWARE ASSET REGISTER                        |
   +-------------------------------------------------------------------+
   | Field                | Description                                |
   |----------------------|--------------------------------------------|
   | Product ID           | Unique identifier for the product          |
   | Canonical name       | Normalised product name                    |
   | Publisher            | Software vendor                            |
   | Version              | Currently deployed version(s)              |
   | Licence metric       | Per-user, per-device, per-core, etc.       |
   | Entitlement count    | Number of licences owned                   |
   | Deployment count     | Number of installations detected           |
   | ELP                  | Entitlement minus deployment               |
   | Agreement reference  | Contract or PO number                      |
   | Expiry date          | Licence or subscription end date           |
   | Owner                | Business owner responsible                 |
   | Tier                 | Management tier (1, 2, 3, or OSS)          |
   +-------------------------------------------------------------------+

Documenting licence entitlements

Collect all licence documentation for Tier 1 and Tier 2 software. Sources include purchase orders, invoices, licence certificates, enterprise agreement enrolments, subscription confirmations, and email confirmations from vendors or resellers.
For each product, document:
- Agreement type (perpetual, subscription, enterprise agreement)
- Licence metric as defined in the agreement
- Quantity purchased
- Maintenance or support status
- Renewal or expiry date
- Upgrade rights and downgrade rights
- Licence transferability restrictions
Register entitlements in vendor licensing portals where available. Microsoft licences appear in the Microsoft 365 Admin Center for cloud subscriptions and VLSC for volume licences. Adobe licences appear in the Adobe Admin Console. VMware licences appear in the My VMware portal.
Extract entitlement summaries from vendor portals:

   +------------------------------------------------------------------+
   |              ENTITLEMENT DOCUMENTATION CHECKLIST                 |
   +------------------------------------------------------------------+
   |                                                                  |
   |  [ ] Microsoft Volume Licensing Service Center export            |
   |  [ ] Microsoft 365 Admin Center subscription summary             |
   |  [ ] Adobe Admin Console licence export                          |
   |  [ ] VMware My VMware portal product list                        |
   |  [ ] AWS Marketplace subscriptions                               |
   |  [ ] Purchase orders from past 3 years                           |
   |  [ ] Nonprofit programme confirmations                           |
   |  [ ] Maintenance renewal documentation                           |
   |                                                                  |
   +------------------------------------------------------------------+

Reconcile historical purchases to establish the complete entitlement position. For perpetual licences, trace back through purchase history to the original acquisition. Organisations that have undergone mergers, acquisitions, or office closures often have orphaned entitlements that remain valid but are not tracked.

Document licence metrics precisely, as these determine how compliance is calculated. A Microsoft 365 E3 licence permits one user to install on up to five devices, while a per-device Windows licence permits unlimited users on one device. Per-core Oracle licences require counting physical cores with specific multipliers for processor type. Per-instance licences for virtualised environments may have specific virtualisation rights that affect counting.

Common licence metrics and their counting rules:

Metric	Counting rule	Verification method
Per-user (named)	Count users assigned in directory or portal	Directory export, portal assignment report
Per-user (concurrent)	Peak simultaneous users	Application logs, licence server reports
Per-device	Count devices with software installed	Discovery tool export
Per-core	Physical cores × processor factor	Hardware inventory, processor documentation
Per-instance	Virtual machines running the software	Hypervisor inventory
Per-processor	Physical processor sockets	Hardware inventory
Subscription	Active subscriptions in billing period	Subscription management portal

Reconciling entitlements against deployments

The reconciliation process compares what you are entitled to deploy (entitlements) against what is actually deployed (installations) to calculate your Effective Licence Position for each product.

Extract deployment counts from the software inventory for each Tier 1 and Tier 2 product. Apply the licence metric to convert raw installation counts into licensable units.
For per-device metrics, the deployment count equals the number of devices with the software installed. For per-user metrics, the deployment count equals the number of unique users with access to or installations of the software. For per-core metrics, sum the physical cores on all servers running the software, applying the vendor’s processor core factor.
Calculate the Effective Licence Position for each product:

   ELP = Entitlement Count - Deployment Count

   Example: Microsoft Visio Professional

   Entitlement: 45 licences (purchased via volume agreement)
   Deployment:  52 installations (detected by discovery)

   ELP = 45 - 52 = -7

   Result: Compliance gap of 7 licences requiring remediation

Investigate deployment counts that exceed entitlements. Common causes include unauthorised installations, test or development deployments that were not decommissioned, inherited installations from previous staff, and discovery tool misidentification (counting trial versions or components as full products).
Document the reconciliation results in the software asset register and flag products with negative ELP for remediation.

   +------------------------------------------------------------------+
   |                RECONCILIATION SUMMARY EXAMPLE                    |
   +------------------------------------------------------------------+
   |                                                                  |
   |  Product: Adobe Creative Cloud (All Apps)                        |
   |  Licence metric: Per-user (named)                                |
   |  Agreement: Adobe VIP (Nonprofit)                                |
   |  Agreement reference: VIP-12345678                               |
   |                                                                  |
   |  Entitlements:                                                   |
   |    VIP Subscription: 25 seats                                    |
   |    TechSoup donation: 10 seats                                   |
   |    Total entitlement: 35 seats                                   |
   |                                                                  |
   |  Deployments:                                                    |
   |    Admin Console assigned: 38 users                              |
   |    Discovery detected: 41 installations                          |
   |    Licensable units: 38 (per-user metric)                        |
   |                                                                  |
   |  Effective Licence Position: 35 - 38 = -3                        |
   |                                                                  |
   |  Status: NON-COMPLIANT                                           |
   |  Required action: Procure 3 additional licences or               |
   |                   remove access from 3 users                     |
   |                                                                  |
   +------------------------------------------------------------------+

Identify products with significant positive ELP (surplus licences). Surplus entitlements represent sunk cost and may indicate opportunities for licence harvesting, consolidation, or avoiding renewal of unused subscriptions.

Remediating compliance gaps

Prioritise compliance gaps by financial exposure and audit risk. Calculate the potential liability for each gap by multiplying the shortfall by the per-unit licence cost. Vendors with active audit programmes (Oracle, Microsoft, Adobe, SAP) warrant higher priority.

   Financial exposure calculation:

   Product: Microsoft Project Professional
   Licence shortfall: 12 units
   Retail licence cost: £1,200 per licence
   Potential liability: 12 × £1,200 = £14,400

   Note: Audit settlements often include penalties of 1.5× to 3×
   retail cost plus backdated maintenance fees.

Evaluate remediation options for each gap:
Remove excess deployments: Uninstall software from devices or revoke user access where the software is not required. This option has no cost but requires business approval to remove capability.
Reallocate existing licences: Transfer licences from users or devices with low utilisation. Per-user licences assigned to departed staff or per-device licences on decommissioned hardware can often be reclaimed.
Procure additional licences: Purchase licences to cover the shortfall. For subscription products, this incurs ongoing cost. For perpetual products, evaluate whether subscription conversion offers better value.
Substitute alternative products: Replace commercial software with lower-cost alternatives. LibreOffice can substitute for Microsoft Office in many use cases; GIMP or Photopea can substitute for Adobe Photoshop for basic image editing.
Execute the selected remediation and document the action taken. Update the software asset register to reflect the new entitlement or deployment count.
Verify the remediation by re-running the reconciliation after changes have propagated to the discovery tool and vendor portals. Allow 7 days for discovery tools to detect uninstallations and 24-48 hours for portal assignment changes.

Managing licence renewals

The renewal management process ensures licences and subscriptions are renewed before expiry while providing opportunity to optimise quantities and negotiate terms.

+------------------------------------------------------------------+
|                   RENEWAL TIMELINE                               |
+------------------------------------------------------------------+
|                                                                  |
|  Days before expiry    Action required                           |
|  -------------------   ----------------------------------------- |
|  180 days              Identify renewals in next 6 months        |
|  120 days              Review utilisation and right-size         |
|  90 days               Obtain renewal quote from vendor          |
|  60 days               Complete procurement approval             |
|  30 days               Execute renewal order                     |
|  14 days               Verify renewal processed                  |
|  0 days                Confirm continued access                  |
|                                                                  |
+------------------------------------------------------------------+

Generate a renewal forecast report listing all subscriptions and maintenance agreements expiring in the next 180 days. Include the current quantity, annual cost, and renewal contact.

   -- Query software asset register for upcoming renewals
   SELECT canonical_name,
          agreement_reference,
          entitlement_count,
          annual_cost,
          expiry_date,
          DATEDIFF(expiry_date, CURDATE()) as days_until_expiry,
          owner_contact
   FROM software_assets
   WHERE expiry_date BETWEEN CURDATE() AND DATE_ADD(CURDATE(), INTERVAL 180 DAY)
   ORDER BY expiry_date;

Review utilisation data to determine whether the current licence quantity remains appropriate. For subscription products, compare assigned licences against active users. For perpetual licences with maintenance, evaluate whether maintenance renewal is justified by the support requirements and upgrade value.
Utilisation analysis for right-sizing:

   Product: Microsoft 365 E3
   Licences assigned: 150
   Active users (logged in within 30 days): 142
   Inactive users (no login in 90+ days): 8

   Recommendation: Reduce to 145 licences at renewal
   Annual saving: 5 × £264 = £1,320

Obtain renewal quotes 90 days before expiry. For enterprise agreements and volume licensing, request quotes from both the incumbent reseller and alternative resellers to ensure competitive pricing. For nonprofit programmes, verify continued eligibility and check whether donation or discount allocations have been refreshed.
Complete the procurement approval process according to organisational thresholds. Renewals exceeding budget must follow the standard budget variance process.
Execute the renewal order and retain confirmation documentation. Update the software asset register with the new expiry date and any quantity changes.

Managing open source licence compliance

Open source software does not require entitlement tracking but does require compliance with licence obligations. Copyleft licences (GPL, AGPL, LGPL) impose specific requirements when distributing software or providing network services. Permissive licences (MIT, BSD, Apache) require attribution in documentation and licence notices.

Identify open source software in use by reviewing the software inventory for known open source products and by examining application dependencies. Modern applications often include dozens of open source libraries.
For web applications, extract dependency information:

   # Node.js applications
   npm list --all --json > dependencies.json

   # Python applications
   pip freeze > requirements.txt
   pip-licenses --format=csv > licences.csv

   # Java applications (Maven)
   mvn license:aggregate-third-party-report

Categorise open source components by licence family:

Licence family	Key obligations	Risk level
Permissive (MIT, BSD, Apache)	Attribution in notices	Low
Weak copyleft (LGPL, MPL)	Modifications to library must be shared	Medium
Strong copyleft (GPL, AGPL)	Derivative works must use same licence	High
Public domain (Unlicense, CC0)	None	None

Verify compliance with licence obligations for each category. Permissive licences require licence text and attribution in application documentation or about screens. Copyleft licences require source code availability for modifications. AGPL requires source availability even for network services.
Maintain a software bill of materials (SBOM) documenting open source components, their versions, and their licences. Update the SBOM when dependencies change.

Preparing for and responding to vendor audits

Software vendors conduct licence audits to verify compliance with licence agreements. Enterprise agreements typically include audit rights clauses permitting the vendor to request compliance verification with 30 days notice.

Maintain continuous audit readiness by keeping the software asset register current with monthly reconciliation for Tier 1 products and quarterly reconciliation for Tier 2 products. Organisations with current, accurate records resolve audits faster and with lower settlements than those assembling data reactively.
Upon receiving an audit notification, immediately escalate to IT leadership, legal counsel, and procurement. Do not respond to the auditor until internal review is complete. Review the audit clause in the relevant agreement to understand scope, timeline, and your obligations.
Appoint a single point of contact for all audit communications. Do not permit auditors to communicate directly with technical staff who may inadvertently disclose information beyond the audit scope.
Prepare audit response data by extracting the current software asset register for products in scope. Provide only the information contractually required. If the agreement specifies self-reporting based on internal records, provide your register data. If the agreement permits auditor-conducted scans, negotiate the scope and timing of scanning activity.
Review auditor findings before accepting any compliance gap. Auditor tools frequently overcount deployments by including trial versions, runtime components, and products licensed differently from the audit scope. Challenge any findings that do not align with your reconciliation data.
Negotiate any settlement to account for factors the auditor’s analysis may not reflect: licences purchased but not yet recorded in vendor systems, products covered by different agreements, and deployments that have since been removed. Request extended payment terms if the settlement exceeds available budget.

Verification

After completing software asset management activities, verify the outcomes through these checks.

Confirm the software asset register accurately reflects the current state by sampling 10 products across tiers and validating that register data matches source system data:

# Sample validation query comparing register to discovery
# Run for each sampled product

# 1. Get deployment count from discovery tool
DISCOVERY_COUNT=$(mysql -u ocsuser -p ocsweb -N -e "
  SELECT COUNT(DISTINCT h.ID)
  FROM hardware h
  JOIN softwares s ON h.ID = s.HARDWARE_ID
  WHERE s.NAME LIKE '%Microsoft Project%'
  AND h.LASTDATE > DATE_SUB(NOW(), INTERVAL 30 DAY);")

# 2. Get deployment count from register
REGISTER_COUNT=$(cat software_register.csv | grep "Microsoft Project" | cut -d',' -f6)

# 3. Compare
echo "Discovery: $DISCOVERY_COUNT | Register: $REGISTER_COUNT"
# Expected: Counts match within 5% tolerance

Verify entitlement documentation exists for all Tier 1 products by checking that each register entry has a corresponding agreement reference that resolves to an actual document.

Confirm compliance gaps have been remediated by re-running reconciliation for any product that previously showed negative ELP:

Verification checklist:
[ ] ELP recalculated after remediation
[ ] ELP is zero or positive
[ ] Remediation documented in register
[ ] Procurement records updated (if licences purchased)
[ ] Vendor portal reflects current entitlements

Confirm renewal forecast is current by validating that all subscriptions with expiry dates in the next 180 days appear on the renewal report and have assigned owners.

Troubleshooting

Symptom	Cause	Resolution
Discovery tool reports zero software for some devices	Agent not installed or not reporting; firewall blocking agent communication	Verify agent installation on affected devices with `sc query OCSInventory` (Windows) or `systemctl status ocsinventory-agent` (Linux). Check firewall permits outbound connection to discovery server on port 443.
Same software appears multiple times with different names	Discovery tool captures registry strings verbatim without normalisation	Create normalisation mappings to group variations. Update discovery tool configuration to apply normalisation at scan time where supported.
Vendor portal shows different entitlement count than purchase records	Licences from multiple agreements; donations not reflected in portal; transfers not processed	Request licence summary statement from vendor. Cross-reference all agreement numbers. For nonprofit donations, verify TechSoup allocation processed successfully.
Deployment count exceeds entitlements but business reports adequate licences	Licence metric mismatch; counting installations instead of users for per-user licence; counting all cores instead of licensed cores	Review licence agreement to confirm correct metric. Recalculate using correct metric. For per-user licences, count from directory or assignment portal rather than discovery.
Discovery shows software on decommissioned devices	Devices not scanned recently; devices not removed from discovery database	Run forced scan or remove stale records. Configure discovery tool to auto-archive devices not seen for 90+ days.
Open source licence scan reports hundreds of components	Modern applications include extensive dependency trees	Focus compliance review on direct dependencies and any component used in distributed or network-facing code. Accept risk for deeply nested transitive dependencies in internal applications.
Vendor audit claims more deployments than register shows	Auditor tool configuration differs from licence metric; auditor counting components or trials	Request detailed auditor methodology. Compare auditor device list against your inventory. Challenge counting methodology that contradicts licence agreement.
Renewal quote significantly higher than current cost	Price increase; quantity tier change; promotional pricing expired	Request breakdown of increase. Negotiate multi-year terms for price protection. Evaluate alternative products if increase exceeds 15%.
Cannot determine licence owner for legacy software	Installed before asset management; original purchaser departed	Assign ownership to current primary user or department head. Document assignment decision for audit trail.
Maintenance renewal processed but support portal shows expired	Renewal not applied to correct agreement; vendor processing delay	Contact vendor support with renewal confirmation. Allow 10 business days for processing before escalating.
Nonprofit programme allocation exhausted before need	Annual allocation already consumed; allocation reduced from previous year	Request additional allocation through programme portal. Some programmes permit mid-year allocation requests with justification. If denied, budget for commercial purchase at nonprofit discount rate.
Subscription cancelled but software continues working	Subscription has grace period; offline activation not yet expired; cached credentials	Software will cease functioning when grace period ends or next online validation occurs. Plan transition to alternative before hard cutoff.