By: Debbie Herbers, President/COO, Projetech.
If your company received a letter from IBM today saying that you have been selected for a Maximo® Software License Review – what would be your first reaction?
- I am not worried because we are fully prepared.
- My heart might start to race a little…
- N/A because I am a Projetech Maximo as a Service customer that opts to use their licenses, so I know ‘that letter’ isn’t something I ever have to worry about. NOTE: If this is the case, you can skip the rest of this blog and go have a cup of coffee. 😊
I hope you confidently answered ‘A’ because you have proactively put serious time & energy into making sure you stay completely compliant (it isn’t a check it once a year type of thing). While some people think that sounds simple (# of users = number of licenses, right?) those ‘in the know’ appreciate that is not necessarily the case. Maximo licensing is complex. There are many one-off rules and very specific security restrictions that can come back to haunt (and cost) you. You know that unless you have specialized tooling in place (the Maximo license manager is helpful, but NOT enough) or a person that is a Maximo licensing expert continually monitoring your system, you may have cause for concern.
Projetech has put in the work and are proud to be able to answer ‘A’. We also know all too well how it feels to get ‘the letter’. It came in January 2018, and we are happy to report that the official ‘Close Letter’ was received (without penalties and/or reinstatement fees) in December 2018. It was a very thorough 11-month process that required significant time & energy from at least nine members of our team, but it could have been MUCH worse if we hadn’t been prepared.
Projetech is entitled to thousands of Maximo licenses, and we are responsible for hundreds of Maximo instances in our cloud. Out of necessity, we have had to develop the expertise, and our own proprietary tooling to be able to manage license compliance. Also, we know that license compliance is fluid, (specific license types come to end of support, trade-ups occur, security groups change, etc.), so it isn’t a one & done task. It is something that requires constant care and feeding, and thankfully, we had implemented those controls.
While we were confident going into the audit, we did learn a few things, so it helped us improve upon what we had already built. And while I’d be lying if I said I didn’t do a happy dance when it ended, I do honestly believe it pushed us to take things to another level, which ultimately benefits each of our customers & partners, and positions us for growth. Fully understanding Maximo licensing is a unique and rare skill set and having gone through this experience has given me even more confidence that our team is the best of the best.
Now – while I hope no one answered ‘B’, (especially if you are the person whose neck would on the line in the case of an audit), maybe this will be a reminder that it is much more comfortable to be proactive than unprepared. Make 2019 the year you change your answer to ‘A’, either by conducting an internal audit/reorg (see below for our tips on this) or by deciding to use a Maximo Managed Service solution that includes license compliance. After all, the letter probably will come…
Here is a Top 10 list that our team suggests to help you get started with an Internal Maximo License Audit:
- Know your licenses terms, restrictions, special exceptions or negotiated items, etc. Many long-term IBM customers have difficulty locating their agreements and even more often, IT departments are never even made aware of these items. We have multiple customers that have negotiated special considerations for licensing, but that tribal knowledge gets forgotten as employees leave. It’s up to you to notice if initial audit results are based on overlooked special terms and conditions. Keeping close tabs on documentation and regularly sharing your active agreements with your Sys Admins can reduce the risk of you getting dinged for something you shouldn’t.
- Is your security set up according to Maximo licensing rules and re-inspected for compliance after all changes? Examples: You may have a Limited user that only actively uses 3 modules, so you think you comply. However, if he/she isn’t restricted by security rules from accessing other modules, it would be calculated as Authorized user.
- Do you have multiple Maximo instances? If so, did you know that some licenses are ‘install’ or ‘server’ types, so a license is required for each & every instance? NOTE: These are usually EXPENSIVE licenses.
- Do you have documented procedures for how/when you acquire licenses? Do your have your POE’s (Proof of Entitlement) records organized and always verify that dates & quantities are correct? The auditing firm may ask that you share your methodology & documentation (in writing and via interviews with key personnel), so an audit will be much smoother if you can show you’ve been diligent. Thankfully, we had done a thorough internal audit a few years prior to get our documentation filed properly, and implemented an automated system for tracking, which helped us quickly and easily respond to questions (with proof) from the auditors.
- Do you pay close attention to S&S renewal dates, and does your Maximo system administrator verify that license entitlements and deployments match up every year? For many companies, S&S paperwork goes to a Contracts department and gets rubber-stamped if the numbers match what was on the previous year’s report. It is imperative that someone actually checks the paperwork against current usage. After all, how many organizations have no changes in personnel in 365 days?
- Are your license ratios (i.e. Authorized to Limited to Express) in line with current IBM mandates? Is this monitored regularly? This should be considered every time a user is added, or security changes are made.
- Have you completely reviewed the licensing rules and exceptions for every Maximo license type that you have, and verified your configuration is compliant? This is especially important for Maximo Industry Solutions, Service Provider licenses, Add-on licenses (Calibration, Spatial, etc.) and Concurrent licenses. Find the guide at: http://www-01.ibm.com/support/docview.wss?uid=ibm10737309
- Are you using any technical mechanism (including 3rd party mobile solutions) that accesses, uses, or manipulates data in any manner outside of Maximo’s user interface? This could require additional licenses.
- Be cautious with LDAP/Active Directory Sync.
- Many user accounts may be created that will never access the Maximo system
- Just because a user hasn’t logged in & won’t utilize the system doesn’t mean they don’t need a license
- If the account can login (status is not INACTIVE) and your licensing isn’t utilizing concurrent licensing, then they need a license.
- Group changes impact permissions which can change license requirements for a user even if they never utilize the functionality to which they’re entitled.
- Many user accounts may be created that will never access the Maximo system
- Watch out for Administrative Modules
- Limited users cannot have access to apps inside Administrative Modules (beyond Express rights)
- This includes some common apps that bump users from Limited to Authorized (People & Labor in particular)
Finally, if/when you do get the letter, remember to pay attention to the scope of the audit. Typically, a time frame will be specified at the beginning of the process, so if you get requests from the auditing firm for data outside of that range, or for something you have concerns about sharing (in our case, it was the names of our customers, as we have NDA’s in place with them), you may want to seek legal advice before responding. It was my experience that our auditing firm was fair & reasonable in that area.
Projetech, a Gold IBM Business Partner, offers IBM Maximo: the global standard in software for Enterprise Asset Management and maintenance. Projetech is the #1 provider of Maximo as a Service (MaaS) in the world. Our software as a Service (SaaS) solution provides customers with a secure, dedicated, and supported Maximo application via the cloud. Projetech takes threats to the availability, integrity, and confidentiality of its clients’ information seriously. As such, Projetech is an ISO/IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization. By leveraging our Projetech Authorized Reseller [PAR] network and specialties of our resellers, clients are getting the best solution for their industry and their needs.
For more information on Maximo as a Service visit our website: https://www.projetech.com/maas/maximo-as-a-service-maas