COPYRIGHT SECURITY PROCEDURES
I. PURPOSE:
All SAO employees are required to protect government and public
interests as they perform their duties. This includes assuring that
government-acquired software protected under the Copyright Act is used in
accordance with the law and the software licensing agreement.
II. GENERAL PROVISIONS:
a. It is the responsibility of all SAO staff to ensure that copyrighted
software is licensed properly before being installed on SAO equipment.
Title 17, United States Code, Section 106, gives copyright owners
exclusive rights to reproduce and distribute their material; Section 504
states that copyright infringers can be held liable for damages to the
copyright owner. Title 18, United States Code provides felony penalties
for software copyright infringement. This policy does not apply to
software developed by the Department or for use by the Department under a
Department wide license.
b. Special purpose software shall be used to perform a software audit
which will inventory and document software on each PC in the organization.
Such software may be a commercial product or may be acquired free from the
Software Publishers Association (SPA) through the organization's
Information Security Officer (ISO).
c. Individual employees may not install privately-owned software on
government equipment unless it is in the best interest of the SAO.
Authorization and justification for the installation of privately-owned
software must be approved, in writing, by the SAO employee's facility or
organization management. Prior to authorization, the employee's management
should require the employee to provide the software license and give
assurance that copyright infringement will not result from the
installation, in addition to other local management requirements.
Individuals not following these procedures may be held personally liable
for any violations of the copyright law and subject to the penalties
specified in Titles 17 and 18 of the United States Code.
d. The Computer Software Rental Amendments Act of 1990 (Title VIII
Public Law 101-650) prohibits the rental, leasing, or lending of original
copies of any computer program for the purposes of direct or indirect
commercial advantage without express permission of the copyright owner.
e. Old versions of software that have been upgraded shall be disposed
of in accordance with the licensing agreement and may have to be returned
to the manufacturer or destroyed, depending on the software licensing
agreement terms. The new upgrade is usually intended to replace the old
software, resulting in a single copy license. It may be a violation of
copyright to continue to operate old versions after the upgrade has been
installed. SAO facility management shall ensure that software licensing
agreements permit old versions of software that have been upgraded, to be
loaned or taken home by SAO employees. This practice will avoid violating
the copyright law.
III. RESPONSIBILITIES:
a. The CIO is responsible for ensuring that software copyright
procedures are included in the IR security program and are complied with.
b. Managers and immediate supervisors are responsible for ensuring that
employees are trained in and follow the established procedures and
acceptable practices allowed under software copyright laws and SAO
facility policy and procedures.
c. The remote office Chief implements the facility's IR security
program and its components, and ensures the facility security program is
in compliance with software copyright laws and SAO policies.
d. All SAO employees, contractors, and other individuals using IRM
technology resources, shall adhere to software copyright laws and SAO
facility security policy and procedures.
IV. PROCEDURES:
The following practices and procedures will be adhered to by all
employees. SAO managers and supervisors will be held accountable for
conducting periodic audits to ensure compliance:
a. Install on SAO systems only commercial software, including
shareware, that has been purchased through the government procurement
process. An exception to this rule is when privately-owned software is
authorized to be installed on government equipment by SAO facility or
organization management.
b. Follow all provisions of the licensing agreements issued with the
software and register organizational ownership.
c. Make only authorized copies of copyrighted software. Normally, the
license will allow a single copy to be made for archival purposes. If the
license is for multiple users, the authorized number of copies shall not
be exceeded.
d. At least annually, inventory and maintain written records of all
software on each individual PC. This inventory shall be compared with the
organization's licensing agreement records to ensure licensing compliance.
e. Maintain written records of software installed on each machine and
ensure that a license or other proof of ownership is on file for each
piece of software.
f. Store licenses, software manuals and procurement documentation in a
secure location (e.g., locked file cabinet, etc.).
g. When an upgrade to software is purchased, dispose of the old version
in accordance with the licensing agreement. Upgraded software is
considered a continuation of the original license, not an additional one.
The continual use or redistribution of old versions (that have been
upgraded) may be a violation of copyright law.
h. Some government-owned software licenses allow employees to take
copies home for use on their privately-owned computers under specific
circumstances (e.g., for government work, but not personal business).
Unless the license allows this specifically, doing so is in violation of
the copyright law, and the individual may be held liable.
i. All unauthorized copies of software, identified during audits or
compliance reviews, shall be removed immediately.
REFERENCES:
a. P.L. 102-561, Amendment to Title 18, Criminal Penalties for Copyright
Infringement.
b. P.L. 101-650, The Computer Software Rental Amendments Act of 1990.
c. Title 17, U.S.C, Copyright Act.
|