APPS-9 Open-Source Licensing

What is this control really about?

This control is about making sure that your organization is keeping track of all the licenses in use and has a formal way to track them.

The use of openly developed component software has only increased and developers around the world use open-source tools to make their lives easier and accelerate the pace of innovation.

Open-source license management is critical in safeguarding your code, software, and applications, as well as reducing financial and legal risk for your organization.

Software license management gives you transparency into your enterprise’s software assets, usage, licenses, and contracts so that you can understand what software is being used, how much, where and by whom.

The way to track is not mandatory, it can be formal (tool) or informal (excel).

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them. 

Available templates

• N/A template for this section

What is required to implement this control?

Tracking your organization’s open source licenses can be formal via a tool or informal.

At a minimum, the below should be included in the tracking software or document:

• List all the vendors and the system owner
• List out any license certificates and licenses usages purchased
• Document the agreement dates

Once the inventory is in place, keep the list updated

What evidence is the auditor looking for?

• Provide the Open Source licensing inventory export from tool or excel document.

An example of what an artifact can look like

1. Provide the Open Source licensing inventory export from tool or excel document.

source