If a software company audits you and finds unlicensed copies of their products, you can face heavy fines—Microsoft, Adobe, and Autodesk regularly pursue Indian businesses for this. Beyond fines, it's a criminal liability under the Copyright Act. A manufacturing MSME in Bangalore was fined ₹50 lakhs after BSA found 200+ unlicensed CAD licenses; the business had to stop work for weeks. Excessive or undocumented usage can also block you from enterprise deals—many large customers (especially government or banks) now ask for proof of license compliance before awarding contracts.
Find where your organisation is today. Be honest — the self-assessment is only useful if it reflects reality.
Absent
You have no idea how many copies of software are running on your machines or whether licenses exist for them. Your IT person (if you have one) installs what seems useful without keeping any record.
Initial
You have a rough list of software names written down somewhere, but it's outdated and not checked regularly. You know some licenses exist but haven't verified counts or expiry dates against actual usage.
Developing
You maintain a spreadsheet listing software names, license counts, and purchase dates; it's updated quarterly. You spot-check a few machines to see if the list matches reality, but the process isn't systematic.
Defined
You use a basic inventory tool or script to scan all computers monthly and list installed software; results match your license records closely. Someone reviews the scan results against license documentation each quarter and documents what they find.
Managed
You run automated weekly scans that flag unlicensed or over-licensed software; results feed into a dashboard reviewed by your IT team. License renewals are tracked in a calendar and flagged 60 days before expiry; annual audits confirm compliance.
Optimised
You use a dedicated asset management platform that tracks all software in real-time across all devices, cross-references against an automated license database, and alerts you immediately to any mismatch. Compliance reports are generated monthly and reviewed by management; annual third-party audits confirm zero non-compliance.
| Step | What to Do | Who | Effort |
|---|---|---|---|
| 0 → 1 | Gather all software license documents (emails, invoices, license keys, download receipts) into one folder; create a simple spreadsheet with software name, number of licenses, purchase date, and vendor contact. Walk around and make a list of software on 3-5 machines. | Business owner or IT person | 2-3 days |
| 1 → 2 | Expand the spreadsheet to all machines; manually check 30% of installed software against the license list each month. Add columns for expiry date, cost, and renewal status. Update the list every quarter after a physical or remote spot-check. | IT person or designated employee | 1 week setup + 2 hours per quarter |
| 2 → 3 | Set up a free or low-cost inventory script (PowerShell on Windows or command-line tools on Linux) to scan all machines monthly; save results to a shared folder. Cross-check scan results against the license spreadsheet and document findings in a monthly log. | IT person with technical skills | 2-3 weeks (script setup, testing, staff training) |
| 3 → 4 | Implement a basic asset management tool (free tier of SoftwareOne, Lansweeper, or similar) that auto-scans devices and produces compliance reports. Create a documented process: scan → review → remediate (uninstall, purchase, or document exception) → sign off quarterly. | IT manager or designated compliance owner | 4-6 weeks (tool evaluation, setup, staff training, first full cycle) |
| 4 → 5 | Upgrade to an enterprise-grade license management platform (Flexera, Snow, or similar); integrate with your HR and procurement systems so new hires automatically get licenses. Establish automated alerts, monthly compliance dashboards, and annual third-party audit reporting. | IT manager + Finance | Ongoing (3-4 months for full rollout, then monthly maintenance) |
Documents and records that prove your maturity level.
- A dated software inventory list or report showing all software installed, license count, license holder, and expiry dates, updated within the last 90 days
- Scanned copies or photographs of all software license documents, including product keys, license agreements, maintenance certificates, and purchase invoices
- A log or record showing when the last software audit or scan was performed, what was checked, and any findings or remediation actions taken
- A calendar or tracking sheet showing license renewal due dates and evidence that renewals were purchased before expiry (emails, invoices, confirmation from vendor)
- A written policy or procedure document describing how software is approved, purchased, installed, and monitored (even if it's one page)
Prepare for these questions from customers or third-party reviewers.
- "Can you show me a current list of all software installed across your organization and proof of valid licenses for each title?"
- "How often do you check whether the software actually installed on machines matches the licenses you've purchased?"
- "What happens if someone wants to install new software—is there an approval process, and how do you ensure you buy a license before they use it?"
- "When was your last software audit, and were any unlicensed products found? If yes, what did you do about it?"
- "How do you track license expiry dates and ensure renewals are purchased on time?"
| Purpose | Free Option | Paid Option |
|---|---|---|
| Scan computers to discover what software is actually installed | Lansweeper free tier (up to 100 devices), Spiceworks Inventory (free version with limited features) | Lansweeper full (₹25,000–50,000/year), SoftwareOne (custom quote) |
| Create and maintain a central database of licenses and track usage against it | Google Sheets or Excel with manual data entry and formulas (limited but functional) | Microsoft Excel (included in Microsoft 365 at ₹8,800–15,000/year), Smartsheet (₹15,000+/year) |
| Automate scanning across all machines on a schedule and generate compliance reports | Open-source tools like OWASP Dependency-Check or custom PowerShell scripts (requires IT skills) | Flexera (custom quote, ₹3–5 lakhs+/year for small businesses), Snow (custom quote), Aspera (custom quote) |
- Assuming 'we bought it once, so we own it forever'—most commercial software (Microsoft Office, Adobe, Autodesk) requires annual renewal; ignoring this leads to accidental non-compliance and audit fines
- Letting employees install software without approval, then losing track of licenses—one employee downloads a ₹2 lakh CAD tool and uses it for a year; the business then owes a massive back-license fee when discovered
- Keeping license records scattered across emails and paper invoices instead of one central list—when audited, you can't prove what you own, even if you do own licenses, and auditors assume non-compliance
- Not checking open-source license obligations—many free tools have 'copyleft' licenses (like GPL) that require you to disclose your own code; non-compliance can force you to open-source your entire product
- Ignoring cloud and SaaS subscriptions—treating them as 'not real software'—they still need to be tracked, counted against users/devices, and budgeted; overspend sneaks up unnoticed
| Standard | Relevant Section |
|---|---|
| DPDP Act 2023 | Section 8 (accountability and governance) – organizations must maintain records of processing activities, including software tools used to handle personal data |
| CERT-In Guidelines 2022 | Secure Software Development and Deployment practice – use only licensed and updated software; maintain documentation of software inventory |
| ISO 27001:2022 | Annex A 5.23 (Information security for supplier relationships) and A 8.1 (asset management) – inventory and manage all software assets |
| NIST CSF 2.0 | Govern (GV) function – GV.SC-8 (supply chain risk management) and Protect (PR) function – PR.DS-1 (data security governance) – track and manage software inventory |
Ready to assess your organisation?
Answer all 191 questions and get your NIRMATA maturity score across all 12 pillars.
Start Free Self-Assessment →