Where to start?
Despite this being a difficult question to answer without specific knowledge of your precise circumstances, there are definite do's and don'ts depending on a number of key factors.

We are going to assume that you are reading this as a result of one of the following reasons:

1) SAM drivers
You would like to:
  • Reduce your software purchasing costs.
  • Mitigate risk in all areas of SAM.
  • Develop cost effective controls so that the information required to make all of the above happen efficiently is available all of the time.
2) Following a particular event
For example:
  • A publisher or compliance authority has requested (read demanded) information about a licence compliance position.
  • Your organisation is being merged or acquired or software assets are being divested.
  • There is a major upgrade (software or hardware) about to happen and you need to know what licences you have.

For all SAM drivers, this is the route that you should follow:
Go straight to our next page - What you should do - and then the relevant 'To Do' list for the size of your organisation.

We would always recommend starting with Reducing software costs and Mitigating risks as these are simple and can be implemented immediately by your purchasing people and (SAM) management.

Then move on to Controlling SAM costs.

These will take longer and probably require a more formal project to be put in place especially if you need to involve other departments and get assistance to rationalise software or create a standard software list, but the benefits of implementing these controls are significant, see below.

For all other drivers - see the relevant section within Implementing SAM

Please note
- There is one truth in SAM that many people do not realise, or they ignore.

More control = less cost, less risk and less SAM required.

Every customer we have worked with that had a decent level of control in place over their software estate, had a lower degree of non-compliance and spent less on software purchasing and management.

The level of control we are talking about is easy to implement and should exist in every organisation as an integral part of IT and Security management anyway.  We discuss the controls relevant to SAM in detail in:

If you are serious about reducing purchasing costs, mitigating non-compliance risks and controlling SAM costs, then get these controls in place as soon as possible.  The rest, quite literally, will then be easy.

Before we look specifically at what you should be doing, we now take a quick look at Conventional advice and how it differs from SAMsource advice...