DIN 77006 and Software License Management
The DIN standard 77006 (published in June 2020) complements the contents of DIN 9001 (DIN EN ISO 9001:2015-11) for the area of quality in IP management. The standard outlines how to apply IP management in companies and gives insights in the definition and application of quality in this regard. As digitalization progresses, managing software license rights becomes relevant for all companies and not only for those in the IT industry.
This article deals with how a company successfully manages software license management and how DIN 77006 is relevant here.
Software license management aims to protect a company from liabilities based on infringements of third-party rights through unauthorized use of software.
The DIN 77006 standard can be applied to software license management as guidance to adapt, develop and continuously improve company processes.
Let’s first look at the question what actually license management of software is. A company that wishes to use certain third-party software, whether for its own internal purposes or as part of its product delivery, has to obtain from the author(s) of such software appropriate usage rights (licenses) for the intended usage scenarios. Software license management has the goal to protect a company from liabilities based on infringements of third-party rights by unauthorized use of software. The use of software without having the corresponding use rights constitutes a copyright infringement. In addition, other intellectual property rights (i.e. patents, trademarks) might be affected. Depending on the scope of use and claim this can result in high damage amounts and costs.
To prevent such claims, quality management processes are required dealing with the purchase and management of software licenses. The definition and implementation of an appropriate process is preceded by a general status quo analysis. Within this analysis the different usage scenarios in the respective organization are evaluated. Here it is relevant to evaluate the actual use of software, what the supply chains are, identify employees that handle software, and which general company processes are affected. Like any other process in an organization, it is vital for a license management process to integrate seamlessly in the overall process landscape.
The status quo analysis is followed by a segmentation and categorization of the usage scenarios which is usually based on their respective risk exposure. For example, using software in the delivery of products to customers bears a higher risk potential in case of an infringement of third-party rights than the use of a software in-house as a development tool. Among other factors such as the costs for acquiring the appropriate rights or replacing the affected components, the distribution to a large number of users results potentially in higher damage claims than the mere in-house use. Thus, in any risk management process it is recommended to differentiate between the scenarios of in-house uses and use in product deliveries. In addition, the process steps and checks will be different depending on whether it is proprietary third-party software, Freeware or Open Source Software that is used.
Finally, after deciding on scope and structure of a license management process it has to be implemented in the company’s IP management system. The DIN 77006 standard deals not only with quality requirements in one area but sets forth requirements for a company-wide IP management system. Its quality standards and requirements can be applied to all forms of intellectual property in a company. Looking at the underlying goals the most obvious goal to use the standard is the protection and the value extraction from intellectual property created or owned by the organization. However, in a company-wide IP management system, the protection and value extraction from third-party intellectual property is an equally desirable goal. Applying the standard to software license management processes and with this consciously and strategically managing third-party licenses is one important aspect within a company-wide IP management system. Major parts of DIN 77006 can be applied to ensure quality in license management, especially those of IP administration, IP risk management and IP transactions.
As mentioned, the DIN standard not only deals with managing IP risks but also deals with value extraction. Here the goal of a company-wide IP management system is to enable a company to be active rather than reactive and apply strategy in action. By applying the standard, the initial gain is that a company gets an overview of its own assets as well as third-party IP in use. The IP management system then provides a company with the legal, business, and other requirements regarding such IP which results in being able to control and strategically use intellectual property.
A process that deals with license management should include, among other requirements, the following:
- a company-specific risk matrix reflecting the specific usage scenarios,
- an approval-matrix, respective procedures and stakeholders,
- a legal license check and the applied minimum requirements, as well as
- business case aspects (royalties, costs, resources).
In addition, certain quality criteria for the third-party software code may be defined and as a possibility a compliance scan of the code can be made mandatory in such process.
There is not one process that suits all but rather an individual process for each company tailored to its needs, risks and overall risk management. Therefore, the process steps and checks are company specific, reflecting however certain minimum requirements as to the goal of the process (e.g. compliance) and those of the IP management system.
With regard to license management, the primary goal is, of course, to establish a certain risk management in order to prevent third-party infringement claims and to prevent damages. However, deciding on the use of third-party software is also a strategic question. Before licensing third-party software, a company will always check whether to develop the software in-house or with services by a contractor. This decision-making process, often referred to as “make vs. buy”, should be based on financial/business aspects, the specific usage scenario and the company’s corporate strategy.
The use of third-party software may also impact a company’s own IP which needs to be considered. One example here is the use of Open Source Software licensed under a copyleft license which bears the risk that proprietary code has to be made available under the copyleft license, which includes the obligation to grant users source code access.
The DIN 77006 standard provides companies with guidance on establishing quality in IP management and is also a good starting point to adapt, develop, and continuously improve the company’s processes. The company-wide IP management system and its quality requirements as set forth by DIN 77006 therefore supports companies to administer and strategically approach the complexities that come with managing intellectual property.