Lili Logo
Logout
Lili Logo

GLOSSARY

In this license glossary, we explain technical terms and buzzwords that are used in different areas of the License Library and that you may encounter in your daily work in your software asset management projects.
AJAX progress indicator

  • a

  • The abbreviation AES stands for "Advanced Encryption Standard", a worldwide standard for the encryption of data. The number 256 refers to the key length of 256 bits. The longer the key, the higher the number of possible keys.
  • Items, things, or entities that have potential or actual value to an organization.
  • Coordinated activity of an organization to realize value from assets.
  • Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria have been met. An audit can be an internal audit or an external audit (second or third party), and it can be a combined or integrated audit (combination of two or more disciplines). An internal audit is performed by the organization itself or by an external party on its behalf. See also Software Audit.
  • In the audit, the software manufacturer checks the compliant use of the applications it provides. This is based on standard terms of use - see EULA - or individual contractual agreements that specify how an acquired right of use is to be documented and how the application may be used. For efficient audit processing, proof of compliant use and risk assessment, appropriate records must be kept in accordance with the applicable terms and conditions of the software manufacturers. See also documented information.

  • b

  • The blacklist contains software that is not or no longer included in the scope of the software portfolio and whose use in the company is not desired or not permitted. See Software Portfolio.
  • Business Process as a Service, or BPaaS for short, is the outsourcing of business processes.
  • Bring Your Own License (BYOL) is the ability to use your own licenses in other environments, such as a public cloud. Often, the licenses can also be managed and monitored on a separate platform.

  • c

  • A Client Access License that gives a user or a device the right to access the services of a server. CALs are used primarily for Microsoft Server products with a server/client licensing model.
  • The California Consumer Privacy Act (CCPA) is a California state privacy law that governs how companies around the world may handle the personal information of California residents.
  • Adding, modifying, or removing an item that could have a direct or indirect impact on Software and Services.
  • The Cloud Computing Compliance Criteria Catalogue (C5) specifies minimum requirements for secure cloud computing and is primarily aimed at professional cloud providers, their auditors and customers.
  • See license inventory.
  • See License Compliance.
  • Container virtualization is a method of allowing multiple instances of an operating system to use the kernel of a host system in isolation from each other. This method of virtualization is therefore considered to be particularly resource-efficient.
  • The STAR Registry (Security, Trust, Assurance, and Risk) is a publicly available registry that documents the security and privacy controls of common cloud computing offerings. It is managed and published by the CSA (Cloud Security Alliance).

  • d

  • IT asset that is expressed electronically in a digital format. Digital assets include software assets and digital information content assets.
  • A discovery tool (also inventory tool) identifies the software used on a device and provides support through automatic discovery. The tool establishes a connection to the individual devices to be monitored. It can be executed locally and also externally.
  • Information controlled and maintained by an organization and the medium on which it is contained. Documented information can be in any format and medium and from any source. Documented information may refer to: The management system, including associated procedures; Information created for the organization's operations (documentation); Evidence of results achieved (e.g., records, key performance indicators).
  • The U.S. Department of Defense (DoD) has specific information protection requirements that go beyond the general requirements of the Federal Risk and Authorization Management Program (FedRAMP). Based on the FedRAMP requirements, the U.S. Department of Defense has defined additional security and compliance requirements for cloud computing in its DoD Cloud Computing Security Requirements Guide (SRG). Cloud service providers (CSPs) supporting US DoD customers must comply with these requirements.
  • A downgrade right allows a software product to be installed in a previous/older version even though a license for the most current version of the software has been purchased.

  • e

  • The Export Control Classification Number (ECCN) is used to regulate export goods of U.S. origin, as not every such good may be exported to every country in the world.
  • ECLASS is a cross-industry product data standard for the classification and description of products that is widely used in ERP systems as a standardized basis for a product group structure in Germany.
  • An End User License Agreement, or EULA for short, contains guidelines that prescribe the standard use of a software. In some cases, the guidelines of an EULA are extended or restricted by individual contracts. The EULA is often displayed during the installation of a software, which must be agreed to in order for installation to be possible at all.
  • The European Union Trust List (EUTL) is a publicly available list of over 200 active and legacy trust service providers (TSPs) with official accreditation for the most comprehensive compliance with the EU's eIDAS regulation on electronic signatures. These service providers offer certificate-based digital IDs for individuals, digital seals for enterprises, and timestamp services that can be used to create Qualified Electronic Signatures (QES) based on digital signature technology.

  • f

  • Federal Risk and Authorization Management Program (FedRAMP) is a United States government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
  • FERPA (Family Educational Rights and Privacy Act) is a U.S. federal law that protects the privacy of student education records, including personally identifiable information and directory information.
  • The Financial Industry Regulatory Authority (FINRA), as a licensing authority in the U.S., is primarily responsible for the supervision of persons involved in the securities industry.
  • Various software manufacturers offer framework or individual agreements or commit to such. Framework agreements (also volume license agreements) grant, among other things, extended rights of use during the term compared to the EULA and open up more favorable procurement or management options.
  • Freeware refers to complete and functional software for which no license fees are charged for private use. For use in the commercial sector, license fees may be charged as specified in the respective EULA, so that a license-related assessment should be carried out in accordance with the planned usage scenario before use.

  • g

  • The General Data Protection Regulation is a European Union regulation that unifies the rules governing the processing of personal data by most controllers, both private and public, across the EU.
  • Also known as the Financial Services Modernisation Act, the Gramm Leach Bliley Act (GLBA) applies to U.S financial institutions and governs the secure handling of non-public personal information including financial records and other personal information.

  • h

  • Hardware includes physical devices used to process, store, or transmit computer programs or data.
  • HIPAA stands for Health Insurance Portability and Accountability Act. This 1996 U.S. law regulates the security and privacy of protected health information (PHI) and patient access to medical records.
  • Hyperscalers are computing networks for achieving massive scaling in the area of cloud computing and big data. The infrastructure of hyperscalers is designed in such a way that horizontal scalability is possible. Accordingly, hyperscalers provide a very high level of performance and throughput as well as redundancy.

  • i

  • Infrastructure as a Service (IaaS) provides the hardware for cloud services, including servers, networking and data storage.
  • The International Auditing and Assurance Standards Board, usually abbreviated as IAASB, is an international private sector body in the field of auditing that acts as a standard setter and, in particular, develops and publishes the International Standards on Auditing and International Standards for Assurance Engagements.
  • You must use the IBM License Metric Tool (ILMT) to inventory IBM software if you have opted for sub-capacity licensing. This tool is provided by IBM free of charge.
  • Indirect use is when software is not directly operated by a human user, but computing operations are triggered by other computer programs.
  • Internet Protocol Security is a protocol suite designed to enable secure communications over potentially insecure IP networks such as the Internet.
  • The International Standard on Assurance Engagements 3402, usually abbreviated as ISAE 3402, is an international auditing standard published by the International Federation of Accountants (IFAC), which regulates the audit of an internal control system at a service company including reporting by an auditor. It is particularly relevant for the audit of service companies that take over tasks for other companies in the course of outsourcing and the corresponding commissioning companies. The subject of an ISAE 3402 audit is the description to be prepared by the service provider of the service-related accounting-relevant internal control system.
  • ISO 9001 is a standard for quality management systems and specifies the requirements for such systems.
  • ISO/IEC 19770-1 defines the requirements for an IT asset management system in the context of the organization. It specifies the general asset management requirements of the ISO/IEC 55000 series.
  • ISO/IEC 27001 is the leading international standard for information security management systems (ISMS) and therefore the most important cyber security certification. It provides organizations of all sizes with clear guidelines for planning, implementing, monitoring and improving their information security.
  • ISO/IEC 27002 is an international standard that contains recommendations for various control mechanisms for information security. The focus is on security against attacks.
  • ISO/IEC 27017 is a security standard designed for cloud service providers and users to create a more secure cloud-based environment and reduce the risk of security issues.
  • ISO/IEC 27018 is a security standard that is part of the ISO/IEC 27000 family of standards. It was the first international standard for data protection in cloud computing services to be promoted by the industry.
  • An IT asset is an item, thing, or entity that can be used to acquire, process, store, and distribute digital information and has potential or actual value to an organization. IT assets include: Software;Media (physical and digital);IT equipment (physical and virtual);Licenses (including proof of license);Contracts; andITAM system management resources (including ITAM systems and tools and the metadata required to manage all IT assets). Services to meet IT asset management requirements, typically provided externally, can also be considered IT assets, e.g., "software-as-a-service," hardware maintenance, software support, and training.
  • IT Asset Management (ITAM) is the coordinated activity of an organization to realize value from IT assets. IT Asset Management is a subordinate practice of Asset Management, specifically aimed at managing the lifecycles and total cost of IT equipment and infrastructure. ITAM can include hardware asset management, software asset management, and information asset management. The purpose is to plan and manage the full lifecycle of all IT assets to assist the organization in the following: Maximize valuesControl costsManage risksSupport decision making regarding purchase, reuse, decommissioning and disposal of assets.Meet regulatory and contractual requirements When IT asset management interfaces well with other practices, including service configuration management, incident management, change enablement, and deployment management, asset status information can be maintained with less effort.
  • IT service management (ITSM) refers to the totality of measures and methods required to achieve the best possible support of business processes by the IT organization. In this respect, ITSM describes the transformation of information technology to customer and service orientation.

  • l

  • The Lightweight Directory Access Protocol (LDAP) is a standardized access protocol that is used for queries and changes in directory services. It is considered the de facto industry standard for applications that need to handle user data.
  • In SAM, the term license is understood exclusively as a software license. A license covers the right to use software. The purchase of a software license does not mean the purchase of the software itself, but only the right to use the software product. The owner of the license thus acquires the right to use the software product in compliance with the conditions defined by the software manufacturer in the EULA or individual contract. In general, the software license is a combination of a detailed description of the software usage rights in the End User License Agreement (so-called EULA) and a license certificate proving the ownership of the software license. The software license can be provided in a variety of ways on physical paper or, more commonly, as a digital copy via email or PDF. These documents may also include a software license key to activate the software product and links to software media such as the installation file.
  • The license balance sheet is a cut-off date reconciliation of license inventory and software inventory. See also License Compliance.
  • License compliance is only fulfilled if all conditions defined by the manufacturer in the form of contracts and terms of use are fulfilled at all times or if this fulfillment can be verified and proven at any time upon request. Condition in which neither a surplus nor a shortage of the required usage rights prevails.
  • Compliance or conformity with the requirements from the terms of use of the respective software manufacturer.
  • The license inventory contains all rights of use for a product version at a specific point in time. The basis of the license inventory is formed by the usage rights of the individual licenses. These rights consist of the total number of licenses and contracts per product version and the regulations on permitted use. These usage rights also include, for example, update and downgrade rights, special usage rights resulting from maintenance agreements or framework agreements (e.g. scope). Licenses that are time-limited and have lost their validity are not counted in the license inventory.
  • See Software Asset Management.
  • The license metric (metric) is a unit of measure for licenses that is used to count software usage and thus license requirements. Software usage and the license inventory required to support it must be counted based on the same metric. Examples of license metrics: Count per installation, per named user, per concurrent user, or per CPU/core.
  • The license requirement for a software product results from the software usage and minimum licensing requirements from the respective EULA. An example of this is the minimum licensing requirement for Microsoft SQL Server Standard 2019.
  • In computer science, load balancing is used to distribute extensive calculations or large quantities of queries among several systems working in parallel with the aim of making their overall processing more efficient.

  • m

  • A major release is a software product that requires its own license (full license or update license). Usually, software versions without a decimal place are major releases (for example, version 1 or 4). In a few cases, software versions with one decimal place are also understood as major releases (for example, version 1.5 or 4.5).
  • MDM (Mobile Device Management) is an industry-specific term for the management of mobile devices such as smartphones, tablet computers, and laptops.
  • See License Metric
  • Minor releases are software versions that do not require their own license. Minor releases always refer to the license of the corresponding major release. Examples are patches or hotfixes that fix program errors. Minor releases are counted with the first or more decimal places (example version 1.5.2 or 4.1).
  • Multi-factor authentication (MFA) is a generalization of two-factor authentication in which access authorization is verified by multiple independent characteristics (factors).

  • n

  • NIST Cybersecurity Framework is a set of guidelines for mitigating enterprise cybersecurity risks published by the U.S. National Institute of Standards and Technology based on existing standards, policies and practices
  • Non-fulfillment or deviation from license compliance. I.e. the sum of the requirements from contracts and terms of use is not met. This can refer to both quantities and content. Failure to comply with the terms of use results in copyright infringement and may result in non-compliance and a violation of civil or criminal law.

  • o

  • OAuth 2.0 is the industry standard protocol for authorization.
  • Open Source Software, or OSS for short. Refers to software products that are offered free of charge either by developer communities online or by distributors. No licenses are purchased or rented. Nevertheless, these software products are subject to certain restrictions and have their own terms of use. Examples include AGPL, Apache and GLP, each of which prescribe different publication obligations or handling of the copyleft. The source code of software products under open source is freely available and can be changed. Differentiation: Software that is subject to one or more licenses that meet the Open Source Initiative's (OSI) definition requirements for open source and are recognized by OSI as open source licenses.

  • p

  • PaaS (Platform-as-a-Service) is a form of cloud computing in which the hardware and an application software platform are provided by a third-party provider. The solution, which is primarily intended for developers and programmers, enables users to develop, run and manage their own apps without having to build and manage the infrastructure usually required for the process.
  • The Payment Card Industry Data Security Standard, usually abbreviated to PCI or PCI-DSS, is a set of rules in payment transactions that relates to the processing of credit card transactions and is supported by all major credit card organizations.
  • The EU–US Privacy Shield was a legal framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. One of its purposes was to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens.
  • Cloud services offered over the Internet or private internal networks that are available only to defined users (not to the public).
  • Proprietary software is characterized by the fact that its distribution is restricted for reasons of patent or licensing law. By definition, the term "proprietary software" covers all software whose copyright is held by a private individual or a company and whose source code is not published under a free license.
  • Cloud services offered via the Internet that are available to everyone (possibly for a fee).

  • r

  • A reinstatement generally refers to the subsequent resumption of a maintenance contract. This reinstatement usually incurs additional costs.
  • A (software) release is the step after development with which the software is published.
  • RSA is an asymmetric cryptographic method that can be used for both encryption and digital signing.

  • s

  • Software as a Service (SaaS) is a software distribution model in which a cloud provider hosts applications and makes them available to end users over the Internet. In this model, an independent software vendor (ISV) can contract a cloud provider to host the application. For larger companies, such as Microsoft, the cloud provider may also be the software vendor.
  • Security Assertion Markup Language (SAML) is a standardized way to tell external applications and services that a user is who they say they are. SAML makes single sign-on (SSO) technology possible because it can be used to authenticate a user once and then communicate that authentication to multiple applications.
  • The SAP License Administration Workbench (LAW) is a system survey that must be performed once a year. This involves checking which licenses are used per SAP system. The LAW only describes the procedure in which different tools are used to measure the existing licenses.
  • A second use right typically allows the additional use of the purchased license on a second (often mobile) device in addition to the actual use, without having to purchase another license for this use case. In most cases, however, both installations may not be used simultaneously.
  • Single sign-on means that after a one-time authentication at a workstation, a user can access all computers and services for which he is locally authorized from the same workstation without having to additionally log on to the individual services each time.
  • SOC 1 is divided into Type 1 and Type 2 reports. Type 1 reports on how adequate a service organization's controls are at a particular time or date, while Type 2 provides a statement on the effectiveness of the controls over a longer period of time.
  • SOC 2 (System and Organization Controls) reports are independent investigative reports that document how a company or organization implements essential compliance measures and objectives.
  • Software means any or all programs that process or support the processing of digital information. For the purposes of this definition, software excludes assets with digital information content such as documents, audio and video recordings, graphics, and databases. There is both executable and non-executable software. The purpose of non-executable software is to control or support executable software and includes, for example, configuration information, fonts, and spell-check dictionaries. Digital information managed by executable software (e.g., the contents of documents and databases) is not considered software for the purposes of this definition, even though program execution may depend on data values.
  • Software that has potential or actual value to an organization. Software can be a collection of software components, e.g., a software product can be a collection of thousands of software files.
  • Software Asset Management (SAM) is the coordinated activity of an organization to realize value from software assets. Software Asset Management is a specialization of IT Asset Management that focuses specifically on software assets. Management of software assets may or may not include management of non-software assets. For reference, the relevant industry definition: "the overall infrastructure and processes required to effectively manage, control, and protect software assets within an organization at all stages of its lifecycle." SAM specifically focuses on the management of acquisition, development, release, deployment, maintenance, and ultimately retirement of software assets. SAM processes enable software assets to be effectively managed, controlled and protected. The goal of SAM processes is to ensure that required data and information about licenses, associated entitlements, and usage are accurately recorded throughout the lifecycle; that compliance assessments between requirements and actual usage versus permitted usage are regularly performed and assessed; and verified. When digital information content is included in scope and subject to license terms, it is also covered by these requirements.
  • In a software audit, the software manufacturer verifies the compliant use of the applications it provides for an entire group/company or individual companies. A distinction is made between two types of audit: internal and external. An internal audit, for example, is performed by an internal auditor to identify potential savings or license compliance risks. An external audit of a software manufacturer is focused exclusively on the manufacturer's products. The software vendor evaluates the information provided by the company and verifies the license compliance situation. To ensure the sustainability of license compliance, the relevant processes are usually reviewed in addition to the relevant data as part of an audit.
  • The software inventory comprises the software usage data as of a key date or a specific point in time. This data is structured and summarized at the individual product level. The individual product level records different versions and editions of a software product as individual software products.
  • Pooling in Software Asset Management (SAM) refers to the consideration of software compliance at the overall company level. In this case, the licenses that may be used throughout the company according to the software manufacturer's approach are also allocated in this way in SAM. This means that internal allocation regulations are partially overridden and licenses are "assigned" from cost area A to area B in order to compensate for a shortfall there with licenses that are not used in area A. This is done in the SAM. A strict relationship between asset and license is dissolved in order to distribute the total available licenses among the installations that actually exist when the installation metric is present. Unused licenses in an area flow into the pool so that new licenses are only procured if no compliant license is available in the license pool.
  • The software portfolio comprises the applications in the scope of the organization. It contains applications of the various software classes that have undergone a functional, technical, data/security, and licensing review and have been released.
  • Software usage describes the consumption of software. Determining the amount of software usage depends on the license metric. Information on software usage is often aggregated from different data sources. The extent of software usage is recorded in the software inventory. Failure to comply with the terms of use results in copyright infringement and may result in non-compliance and a violation of civil or criminal law.
  • Software usage rights are part of the software license and describe how the software is to be used and which rights are granted to the licensee by the software manufacturer. The rights to use the software are usually defined in the software contract and the agreed End User License Agreement (EULA). See also License.
  • Sourcing refers to the drastic reduction of process costs and the economic use of software and cloud services.
  • Strategic spend is the term used to describe strategically shaped procurements, especially of software, IT services, and cloud services that are considered business-critical in companies.

  • t

  • Tail spend generally refers to the portion of procurements that do not appear to be strategic, large, or particularly critical. This applies above all to the procurement of software, IT services and cloud services.
  • Transport Layer Security, also known by its predecessor name Secure Sockets Layer, is an encryption protocol for secure data transmission on the Internet.
  • As part of an Enterprise Agreement, Microsoft enables the customer to determine and report the change in inventory of licenses retroactively once a year for the past contract year. At the beginning of the last period, the demand was estimated and is corrected upwards at the end by the true up, or downwards by a true down. If no change has taken place, zero usage can be reported.
  • Companies displaying the TRUSTe 'Privacy Verified' seal have demonstrated that their privacy programs, policies, and practices meet the requirements of the EU-US Privacy Shield and/or the Swiss-US Privacy Shield.
  • See Multi-factor authentication

  • u

  • The United Nations Standard Products and Services Code (UNSPSC) is an internationally used commodity classification system.

  • v

  • In the first step, virtualization right describes in general terms whether software may be used in a virtualized environment. In further consideration, finer differences may come into play here (depending on the manufacturer), e.g. whether the software may only be virtualized locally or in the data center, which technology may be used for virtualization, etc.
Cookie Consent with Real Cookie Banner