I've Just Received an AUDIT notification From a Vendor - what should i do?
Get yourself primed - prompt and organised action is required ... Firstly, if you don't know the state of your deployments vs entitlements work that out quickly. Run your discovery to capture the current state and collate all of the backing material if you don't have it at hand (contracts, licenses, amendments, orders etc). Reconcile what you find to what you're entitled to, and where there are overages you'll need a plan as to how you'll address either prior or with the vendor. If your records aren't up to scratch it's a good time to consider a tool to help out next time - check out ComplianceWare and start lodging those artefacts so you're primed and ready next time!
I don't have my licensing ENTITLEMENTS or proof of purchase records
If you're unable to trawl through historic purchasing records (even emails) there's only one option unfortunately - you need to approach your vendors. Do this tactfully though - you don't want to raise any signals that you might not be in a great compliance state. Consider requesting on the basis of an internal review process you're running and you just want to validate your records with theirs. Or you suspect there has been record loss internally that you're trying to rectify. Just don't volunteer yourself by telegraphing 'hey we don't seem to have any records of anything at all - can you help?' - that's simply a direct invitation for an audit.
how do i start my compliance program?
If you're asking that question, the good news is ... you already have. It all starts with awareness, then, like everything else, requires an organised program of work. Check out our brief video on the '5 Steps to Software Compliance' that will give you the fundamental pointers on how to get up and running.