This Livingstone Group client is a large life sciences organization. Headquartered in North America, it also operates across Central and South America, EMEA and APAC, with tens of thousands of employees working across a wide variety of departments and facilities, from laboratories to hospitals.
Mitigating risk with an internal audit
When the client received an audit letter from IBM, they knew it would be necessary to prepare internally beforehand to mitigate significant compliance and costs risks. With the audit postponed several months due to the effects of COVID-19, the client had additional time to prepare but knew that they would need external, expert advice to be able to truly reduce their risk exposure. Being risk-adverse, mitigating any issues was of paramount importance to this client.
Having previously worked with Livingstone and seeing the benefits of ITAM, the organization reached out to the Livingstone IBM experts to help them through an internal self-audit. Livingstone started by conducting a thorough analysis of the organization’s IBM estate, looking at what was deployed as well as entitlements, product usage and licensing.
Several challenges were revealed from the findings of this analysis. Firstly, the client had no defined product owners across their IBM estate, making data collection on licensing, entitlements, usage and deployment difficult to track and optimize. As a result, the client had limited knowledge and understanding of their current IBM position and how to not only mitigate risk but also optimize their licensing position.
Livingstone’s analysis also revealed that a significant number of updates and upgrades were required in order to meet IBM’s compliance standards. For example, the organization did not have their IBM License Metric Tool (ILMT) up-to-date with the latest version, nor was it deployed to full capacity with some servers not reporting into the tool. This meant the client contractually did not have the right to use IBM sub-capacity licensing and they had not produced the quarterly position reports contractually required by IBM.
These challenges all significantly increased the client’s risk profile – from a cost and compliance perspective – while also leaving the client little room to maneuver when it came to the audit point.
Creating a remediation roadmap
Thanks to the input of team members from Infrastructure, Asset Management, Finance, Procurement, and Development, Livingstone gained a clear picture of the client’s IBM requirements needed to keep operations running smoothly across different departments, facilities and countries. This information, along with a clear understanding of the client’s current IBM estate, enabled Livingstone to put together an Effective License Position (ELP) for the client.
The ELP roadmap laid out recommendations and remediation tasks of how the client could most effectively mitigate their current risk exposure and come away from the audit in a successful position. Additionally, one of the outcomes of the service were suggestions for long-term optimization of their IBM estate.
Livingstone’s recommendations included upgrading the client’s ILMT to the current version of the tool, as well as upgrading their VMWare environment and outdated Windows operating systems, both of which were posing a significant security and compliance risk.
Ongoing risk mitigation and audit defense
The client quickly upgraded their ILMT. As a result, they were able to significantly reduce their risk exposure, achieving a multi-million-dollar cost avoidance. Livingstone will continue to support this client through their managed services to remain in control of their IBM estate and any future audits.