BSA Comments

[BSATheSoftwareAlliance]

BSA | The Software Alliance (BSA) welcomes the opportunity to provide comments on the draft memorandum on Category Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing (“Draft Memorandum”).

As providers of software products and services that help advance the Federal Government’s mission, BSA members support the Office of Management and Budget (OMB)’s goals to improve the acquisition and management of software products and services through the adoption of best-in-class practices across the Federal Government. BSA, therefore, offers these comments to assist with your efforts.

Technology Neutrality

We applaud the Draft Memorandum reference to development of processes and guidelines to procure software products and services that “include alternatives analyses in a technology neutral manner that is merit-based, and considers such factors as performance, total cost of ownership, security, interoperability, ability to share or re-use, and availability of quality support.”

Indeed, it is very important that procurement practices adopted by Federal Agencies maintain a technology neutral approach. Procurement practices that mandate the use of specific technologies tend to freeze innovation, as well as force users to procure products that might not suit their needs and that are less secure and less cost effective.

We recommend that the Draft Memorandum further highlight the importance of technology neutrality, making reference to this principle in the body of the text rather than in a footnote. In addition, we recommend a specific reference be made to the memorandum sent by the U.S. Chief Information Office, the Administrator for Federal Procurement Policy, and the U.S. Intellectual Property Coordinator to all Chief Information Officers and Senior Procurement Executives on January 7, 2011 reminding that the Federal Government’s policy of selecting and acquiring information technology that best fits the needs of the Federal Government should be technology and vendor neutral.

Finally, it is also important that, while promoting procurement practices that are technology neutral, OMB considers the importance of appropriately relying on well-established standards, including open standards that are global, voluntary, and developed through industry-led multi-stakeholder processes.

Terms and Conditions Transparency

The Draft Memorandum reminds Agencies that they shall not agree to terms and conditions that prohibit the sharing of all prices, terms, and conditions with other Government entities (including posting pricing to the Acquisition Gateway). Although transparency is important, it is critical that vendors maintain their ability to offer pricing models tailored to best meet the specific Agency’s needs, including software customization, volume negotiated, and other elements.

BSA respectfully requests that the Draft Memorandum address this issue by clarifying that pricing should not be considered in isolation from other factors and that Agencies and vendors should have the latitude to conclude terms that best meet the Agency’s specific needs in the context of a procurement decision.

Government-wide Enterprise Software Agreements

According to the Draft Memorandum, the Category Management Leadership Council’s Enterprise Software Category Team (ESCT) will develop new government-wide enterprise software agreements for mandatory Federal Agency use. In addition, Agencies will need to justify and obtain high-level agency approval for the pursuit of new agreements that overlap with the ESCT mandated agreements.

The way customers, including Government Agencies, acquire and use software is changing rapidly. BSA members increasingly provide a wide array of data services, analytics, security solutions, connectivity, and much more. This is in addition to a full array of software solutions that are increasingly offered online as subscription based services, allowing customers to tailor their software needs in real time.

The Draft Memorandum directs Federal Agencies to develop repeatable processes to aggregate software requirements and associated funding, as appropriate, for commercial enterprise software acquisitions. If this mandate were to create a single approach to be followed by all Agencies in every case, this could prevent Agencies from procuring the solutions that are most suitable and cost-effective to address their specific needs. A “one-size fits all” solution may not always be the best approach. BSA requests OMB clarify this requirement to ensure there is enough flexibility to accommodate specific Agency needs.

Federal Agencies must be able to procure cutting edge technology and although government-wide agreements will be developed, requirements that are too strict may prevent Agencies from benefiting from innovative technologies, services, and business models. It is very important that these agreements remain flexible to allow for efficient procurement of ever-evolving software offerings.

Finally, it is important to clarify what will be considered “best-in-class” software licensing agreements for the purpose of the Draft Memorandum, as well as which situations might fall outside the scope of the mandatory use of government-wide enterprise software agreements.

Commercial Terms

In order for the Federal Government to fully leverage and procure rapidly developing innovative commercial information technology (IT), including software, computer hardware, and cloud services, it is imperative that these products and services are procured based on commercial terms. Indeed, FAR 12.212 directs the Federal Government to acquire commercial software through commercial license terms. Yet, despite this mandate, Government Agencies routinely attempt to impose numerous FAR and agency supplemental terms that are inconsistent with commercial standard terms and practices. This deviation completely undermines the goals of leveraging commercial terms and best practices and streamlining procurement.

As OMB itself has recognized in a memorandum addressed to Chief Acquisition Officers and Senior Procurement Executives dated December 4, 2014, “greater attention must be paid to regulations related to procurements of commercial products and services, as the Government is typically not a market driver in these cases and the burden of Government-unique practices and reporting requirements can be particularly problematic, especially for small businesses”.

In this regard, BSA respectfully recommends the use of government-wide acquisition contracts based on commercial terms and the elimination of government contracts that impose burdensome government-unique requirements.

Further, it is very important that the Draft Memorandum make clear that government-wide enterprise software agreements should not mandate commercial software products and services be tailored for Federal Government use. Many commercial terms and conditions are inextricable parts of commercial offerings and should remain undisturbed.

Terms and conditions that effectively customize commercial items, including license metrics and deployment restrictions, should not be added to government-wide enterprise software agreements. Such terms would increase software costs by forcing contractors to charge higher prices for customized products and services and reducing competition as commercial software vendors could exit the marketplace, thereby preventing Agencies from fully benefiting from innovative commercial software. These terms would also run counter to Federal Government guidelines directing that commercial off-the-shelf (COTS) software should be leveraged as much as possible.

Procurement of customized software products and services should only be considered, if at all, on exceptional case-by-case basis, and certainly should not be instituted by government-wide enterprise agreements.

Finally, BSA urges that ESCT establish an ongoing dialogue with industry to inform the development of plans for moving to government-wide licensing agreement models, particularly for cloud-based solutions, before such models are finalized and implemented.

Use of Licensed and Supported Software by Federal Agencies and Contractors

Ensuring that Agencies are only using properly licensed software has long been a US government priority. Executive Order (EO) 13103 was issued in 1998 to further this objective. In May 2014, a report issued by the Government Accountability Office (GAO) confirmed that US Federal Agencies do not have adequate polices for managing software usage. GAO recommended that OMB issue a Directive to help Agencies improve their software license management practices. Proper software asset management would reduce the use of unlicensed or under licensed software, which would likely reduce contractual disputes and result in considerable cost savings. In addition, the use of unlicensed and/or unsupported software exposes Agencies engaged in such activity to higher risks of downtime, malware infections and other security vulnerabilities.

This Draft Memorandum is a step in the right direction and OMB should ensure that the recommendation to maintain inventories of software is fully implemented (Draft Memorandum page 3, item 2) and that such inventories include all software products and services acquired and deployed. When maintaining such inventories and managing their software asset management, Federal Agencies should refer to international best practices such as the ones established by voluntary, market-led standards. This approach to software asset management is likely to generate better results and increase efficiencies (please refer to next section for further details).

It is also important to point out that the use of unlicensed, under licensed, and/or unsupported software by government contractors in the performance of activities related to federal contracts is also a concern and, as mentioned before, could put government systems at risk of downtime, malware, and cybersecurity incidents. OMB’s engagement in helping address this issue would be extremely welcome. Federal Agencies should require their contractors to only use properly licensed software according to the license terms and conditions, and backed by expert technical support from a reputable vendor.

With respect to open source software, OMB should require Federal Agencies to (i) identify all open source software deployments as part of the newly established software inventory process and (ii) evaluate the costs and benefits of purchasing support and maintenance from a vendor expert in the operation of the applicable open source software.

Finally, BSA recommends that not only personnel involved in software license management but all Federal employees, including CIOs, Contracting Officers, and agency attorneys, be educated on the risks and contractual liabilities associated with the use of unlicensed software. We, therefore, suggest that specific reference be made to this issue when relevant training is mentioned on page 3, third paragraph, of the Draft Memorandum.

Software Asset Management

BSA applauds OMB’s recommendation that agencies should maintain inventories of acquired and deployed software and strongly suggests that those inventories be expansive in scope and based on the use of international standards such as ISO 19770-1:2012 for software asset management. We also recommend that such inventories fully consider license requirements for virtualization technologies.

For full visibility and transparency, BSA believes that the required software inventory and reports to OMB must expressly cover Software-as-a-Service (SaaS) and open source software deployments as well as all evaluation and test use of commercial software even if there is no direct cost involved in such use. Use of “free-of-charge” software, be it a free SaaS product, open source software, or an evaluation copy of proprietary software, can give rise to material financial, operational, and security risks and should not be overlooked in the new inventory process. By requiring an expansive software inventory, OMB can ensure that the applicable Federal Agency CIOs and CAOs have comprehensive knowledge of current software usage as well as insight into future requirements.

Transparent and verifiable software asset management (SAM) practices identify situations where entities are using unlicensed software as well as situation where the licenses they have far exceed the number of users. Under licensing creates legal liability, while over licensing creates inefficiencies. BSA has developed the Verafirm Certification program aligned with the global ISO 19770-1:2012 standard to help entities manage their software, remain compliant and secure, and increase efficiencies.

The lack of proper SAM practices can contribute to the use of software that is unlicensed, under licensed, or unsupported because IT managers may not have full visibility of the software deployed within their organizations. Federal Agencies should lead by example and adopt SAM practices based on international standards for their own procurement and software asset management, which can send a powerful example to enterprises in the United States and abroad while increasing efficiencies.

Conclusion

In light of our shared interests in the effective procurement and management of software products and services, BSA and its members appreciate the opportunity to submit these comments and we look forward to answering any questions and to continuing to work with you.

Sincerely,