IBM IASP: The Complete Guide

IBM IASP: The Complete Guide

Executive Summary: IBM’s Authorized SAM Provider (IASP) program is a unique alternative to surprise software audits.

It allows large enterprises to work with an IBM-approved license management partner for continuous compliance monitoring in exchange for audit relief.

This complete guide explains what IBM IASP is, how it works, its pros and cons, cost implications, and when it makes sense (or not) for global IT Asset Management (ITAM) teams.

It offers practical recommendations, a step-by-step checklist, and answers to common questions about the IASP program for enterprises.

What Is IBM IASP?

IBM IASP (IBM’s Authorized Software Asset Management Provider program) is essentially IBM’s “audit alternative” for enterprise software licensing.

Launched in 2019, this program was introduced to address customer frustrations with traditional IBM license audits.

Instead of facing periodic, disruptive audits by IBM’s compliance team, a company enrolled in IASP works with an IBM-authorized SAM provider who continuously monitors the company’s IBM software usage and license compliance.

In return, IBM agrees not to initiate formal audits of that customer as long as they remain in the program and meet its requirements.

Only select customers can join IASP – typically large enterprises with significant IBM software investments. Enrollment is by invitation from IBM or nomination by an authorized provider.

IBM limits the program to four accredited partners (currently KPMG, Deloitte, EY, and Anglepoint), so participants must engage one of these providers to oversee their IBM license compliance.

The IASP program is positioned as a more collaborative, proactive approach: IBM gains regular visibility into your license position, and you gain a structured way to stay compliant without the fear of surprise audits.

How the IASP Program Works

When a company enters the IBM IASP program, it signs agreements with IBM and the chosen SAM provider outlining each party’s responsibilities.

Here’s how it typically works:

• Initial Assessment: The authorized provider conducts a comprehensive baseline review of your IBM software deployments versus entitlements (licenses owned). This “Effective License Position” baseline identifies any compliance gaps. If shortfalls are found, a remediation period (typically around 90 days) is usually provided to correct them by either uninstalling software or purchasing additional licenses.
• Continuous Monitoring: After the baseline, the provider implements ongoing monitoring of your IBM environment. They may deploy IBM’s License Metric Tool (ILMT) or, in some cases, approved third-party tools (such as Flexera, Snow, or ServiceNow) to track usage, including sub-capacity usage in virtualized environments. The goal is to identify any new license consumption or compliance drift regularly.
• Quarterly Reporting: The SAM provider generates periodic compliance reports (often quarterly) summarizing your license usage versus entitlements for all IBM products. This report, effectively a continuous audit report, is shared with IBM. IBM thus receives an updated view every quarter of what software you have deployed and whether you are within your licensed limits.
• Remediation of Gaps: If the reports indicate any license overuse or compliance issues, you are expected to promptly address and remediate them. Typically, you’d have a defined window (e.g., 30-90 days) to address each issue either by adjusting deployments or procuring the necessary licenses. Crucially, no punitive penalties are applied as long as the issues are resolved. It’s treated as a normal true-up sale, not an audit violation.
• Audit Waiver: As long as you remain active in IASP and comply with its terms, IBM agrees not to conduct its formal software audits on your company. The quarterly compliance checks essentially replace IBM’s audit needs. (Do note: if you violate the IASP agreement or leave the program, IBM reserves the right to audit you, so the audit relief exists only during active participation.)

In essence, IASP trades off the “big bang” audit every few years for a steadier drumbeat of compliance checks. You get predictability and the chance to fix issues continuously, while IBM gets assurance that you’re staying in line with license terms.

The result is supposed to be a win-win: fewer audit surprises for you, and more reliable compliance (and revenue) for IBM.

Benefits of IBM IASP (Pros)

For enterprises struggling with IBM license management, the IASP program can offer several compelling benefits:

• No Surprise Audits: The most obvious benefit is freedom from sudden IBM audits. While in IASP, you won’t receive the dreaded audit notice that can upend your IT department for months. This reduces stress on teams and avoids the disruption and uncertainty of a full-blown audit process.
• Predictable Compliance & No Penalties: Compliance issues are handled through routine true-ups rather than punitive actions. If a shortfall is found, you simply purchase the necessary licenses at your standard discounted rates – without incurring one-time penalties or backdated support fees that typically accompany audit settlements. This transforms compliance maintenance into a regular business activity, rather than a potential legal/financial crisis.
• Sub-Capacity Flexibility: IBM IASP can be more forgiving with complex licensing rules. For example, under IASP, IBM often allows corrections for past lapses in running ILMT (used for sub-capacity licensing) without requiring you to switch to expensive full-capacity licensing. IBM may even permit the use of alternative license tracking tools you already have (Flexera, Snow, etc.) “with IBM’s blessing,” whereas outside IASP, IBM normally insists on its own ILMT tool. This flexibility can prevent worst-case scenarios and leverage your existing SAM investments.
• Access to Expert Guidance: By enrolling, you gain ongoing support from a top-tier IBM licensing expert (your authorized provider). These providers possess in-depth knowledge of IBM’s products, metrics (such as PVU, RVU, and user-based licensing), and compliance policies. They continuously analyze your environment and advise on license optimization. It’s like having an IBM licensing consultant on retainer – helping interpret rules, avoid pitfalls, and ensure you’re neither under-licensed nor over-paying.
• Optimized License Usage: The continuous reviews often lead to optimization opportunities. The provider might identify unused software instances that can be removed or licenses that can be re-harvested internally, saving costs. Over time, IASP can help trim waste (“shelfware”) and right-size your entitlements. You’re not only fixing overuse, but also spotting underuse – getting more value from what you’ve bought.
• Improved ITAM Processes: Participating in IASP tends to elevate your internal Software Asset Management discipline. Companies in the program establish regular processes for tracking deployments and reconciling licenses on a quarterly basis. This rigor can improve governance and accuracy, not just for IBM software, but also as a culture of compliance across other vendors. In short, it can significantly mature your SAM practice.
• Better IBM Relationship: With IASP, the tone of engagement with IBM often shifts. Because you proactively address compliance, IBM views you as a cooperative partner. You’ll have more collaborative conversations (possibly joint meetings with the provider and IBM) instead of only interacting during audits or renewal negotiations. This can build trust and may make future negotiations or support discussions with IBM more constructive, as you’re seen as a customer that “plays by the rules.”
• Fewer Fire Drills, More Focus: Ultimately, by avoiding emergency audit scenarios, your team can concentrate on strategic projects rather than defensive audit work. Compliance becomes a routine managed task in the background. CIOs often value this peace of mind – it’s a form of risk management. Knowing that compliance is under control, you can pursue new IBM technologies or cloud migrations with less fear of unknown exposure, because the SAM provider can advise on the licensing impact before changes are made.

In summary, IBM IASP provides predictability and expertise. It especially benefits large, complex IBM shops that have felt the pain of audits or find IBM licensing too intricate to manage alone. For those organizations, the program can turn a reactive firefight into a proactive partnership.

Drawbacks and Risks of IASP (Cons)

Despite its advantages, IBM IASP also comes with significant drawbacks and risks that ITAM professionals must weigh:

• “Perpetual Audit” Oversight: Enrolling in IASP means continuous scrutiny. Instead of a one-time audit every few years, you are effectively monitored on a quarterly basis. Some IT managers describe IASP as feeling like a constant audit. The provider will regularly comb through your deployments, and IBM will be routinely updated. This can create an atmosphere of ongoing oversight that some may find invasive or stressful, as there’s never a true respite from compliance checks.
• Loss of Control & Independence: You are outsourcing a core compliance function to an external IBM-aligned party. This can lead to dependence on the vendor. Your internal team might not build as much IBM licensing expertise since the provider handles it, potentially weakening your self-sufficiency. Moreover, because IBM accredits the provider, there’s an inherent conflict of interest – they must report accurate data to IBM, not to shield your organization. In practice, you are allowing IBM’s chosen auditor to continuously access your operations, which means relinquishing a degree of control over how compliance is managed.
• Risk of Over-Reporting: In a normal audit, companies carefully validate data and negotiate findings. Under IASP, data flows to IBM more frequently and directly, with less chance to contextualize or correct inaccuracies before IBM sees it. The SAM provider may err on the side of caution and report every installation or usage metric even if some could be optimized or interpreted differently. This conservative reporting could lead to an overestimation of usage, potentially pressuring you to purchase more licenses. Since the provider must ensure compliance (and their credibility with IBM), they might not argue ambiguous cases in your favor the way you might during an audit defense.
• Significant Ongoing Costs: IASP is not a free service – you pay the provider fees (often substantial, especially if using a Big Four firm) on an ongoing basis. You’ll also still pay for any license shortfalls identified (though without penalties). Over several years, these costs can add up to as much or more than the cost of handling an occasional audit. In a traditional audit, IBM bears the audit execution cost, and you only spend money if non-compliance is found (and even then, settlements can sometimes be negotiated). In IASP, you are paying every quarter regardless. If your organization had been mostly compliant anyway, you might be paying tens or hundreds of thousands for “insurance” you never truly needed.
• Internal Resource Burden: Paradoxically, joining IASP doesn’t mean you can relax on license management – you’ll still expend effort, just spread out. Your IT and asset management teams must now support quarterly data collection, meetings, and remediation tasks as part of a continuous cycle. This administrative overhead can be high. Teams may find themselves constantly preparing for the next report, fixing issues, updating ILMT, and so on, with little downtime. Smaller enterprises or understaffed teams could struggle with the relentless pace of compliance activities.
• Data Exposure & Reduced Leverage: By sharing detailed deployment data with IBM regularly, you provide IBM with unprecedented visibility into your IT environment. This transparency can reduce your negotiation leverage. IBM’s sales teams could use this knowledge to upsell or push new contracts, since they can see your usage trends and dependencies. Additionally, if you ever exit the program, IBM will have access to your exact compliance history, which could make any subsequent audit very targeted. Essentially, you’re trading away the informational advantage that customers sometimes have (where the vendor isn’t fully aware of your deployments until an audit).
• Limited Flexibility & Lock-In: The IASP program operates under standard IBM terms, leaving little room for custom conditions to be negotiated. You must use an approved provider and follow IBM’s process and timelines. If certain program rules don’t fit your business (for example, strict timelines or specific data-sharing requirements), you have minimal leverage to change them. Furthermore, once in IASP, it can be hard to exit without consequences. Leaving the program (or being removed for non-compliance with its terms) will likely trigger IBM to audit you immediately to “catch up” on what happened since the last report. You may also find that your team becomes reliant on the provider’s services after years in the program, making a transition back to fully in-house compliance challenging. In short, it’s a commitment that can be difficult to reverse.
• Not Universally Available or Necessary: It’s worth noting that IASP is not available to every IBM customer – it is primarily targeted at large enterprises. If you’re a smaller organization, IBM likely won’t offer it, and even if they did, the overhead may far outweigh any benefit. Similarly, if your IBM usage is modest or your compliance risk is low, IASP would be overkill. Some organizations with strong internal license management prefer to “take their chances” with occasional audits rather than subject themselves to constant oversight and associated costs. After all, IBM typically doesn’t audit the same customer more than once every few years, and many audits result in manageable findings or even clean bills of health.

In summary, the downsides of IBM IASP center on the loss of autonomy, continuous compliance effort, and increased costs. You must be comfortable with IBM effectively looking over your shoulder on a year-round basis. For some, that trade-off is simply not worth it, especially if they have confidence in their license management or if they value keeping the vendor at arm’s length until necessary.

Cost and Contract Considerations

When evaluating IBM’s IASP, ITAM leaders should pay close attention to the cost model and contractual terms, as these are crucial for building a business case:

• Provider Fees: You will be responsible for the cost of the SAM provider’s services throughout the IASP term. Fees can range widely based on environment size and provider rates – from smaller annual retainers to large consulting engagements for very complex deployments. It’s important to budget for these as a new operational expense. Many see it as paying a “subscription” for compliance assurance (or audit insurance). Compare this cost to the potential costs of an audit (both the hard dollar exposure and soft costs of staff time) to gauge ROI.
• True-Up Costs: Even in IASP, if you are found under-licensed for a product, you must purchase additional licenses or subscriptions. The difference is you’re doing it proactively and at standard pricing. IBM has indicated that IASP customers pay their normal discounted rates for any required licenses (no list-price penalty as might be imposed in an audit). However, note that unlike an audit negotiation, you likely won’t get special concessions or waivers beyond avoiding penalties – you’ll pay what you should have paid for the licenses in the first place. Over the long term, if you maintain good compliance, these true-up costs should be factored into planned IT spending, rather than unexpected expenses.
• No Audit, But No Audit Savings: A subtle point – when IBM audits and finds compliance gaps, those findings can sometimes be negotiated (for example, bundling the settlement into a new purchase agreement or getting some fees waived in a deal). With IASP, since there’s no audit “event,” there’s also no opportunity for negotiation theatrics; you simply buy what you need. Depending on your negotiation stance, some organizations feel they could manage an audit outcome to be less costly than the cumulative cost of IASP fees. It’s a gamble: IASP is upfront cost for certainty, versus no upfront cost but risk of a large penalty later.
• Contract Duration and Exit: IASP agreements are typically multi-year (often a 2-3 year term to start). The contract will stipulate what happens if you choose to leave. Generally, if you terminate the program (or choose not to renew at the end of the term), IBM may initiate a formal audit promptly to ensure that nothing was missed. This acts as a disincentive to drop out. Be aware of these clauses so you’re not caught off guard. Essentially, you should only sign up if you intend to stay for the agreed duration and are prepared for an audit if you ever exit.
• Compliance Obligations: The contract also specifies your responsibilities, including running approved discovery tools, providing data to the provider, and remediating shortfalls within a set timeframe, among others. Failure to meet these can void IBM’s audit moratorium. Treat IASP contractual duties as seriously as any regulatory compliance – missing a report or ignoring a provider’s findings could put you in breach and nullify the protections.
• Confidentiality and Data Use: Understand what data the provider will share with IBM and how it can be used. IBM typically gets raw compliance reports, but should keep details confidential. Still, your deployment information inevitably informs IBM’s sales strategies and contract talks. Some contracts may explicitly state that data is only for compliance purposes. It’s wise to have your legal team review data privacy and usage language, especially if you operate in regulated industries.

Below is a comparison of key aspects of IBM IASP versus a traditional IBM audit approach:

As the table highlights, IASP offers predictability and partnership at the cost of ongoing effort and transparency.

A traditional audit is infrequent and might never occur, but if it does, it can be high-impact and contentious.

Deciding between the two approaches comes down to your organization’s risk appetite, trust in your own SAM capabilities, and desire for certainty versus flexibility.

Is IBM IASP Right for Your Organization?

IASP is not a one-size-fits-all solution. The decision to join (or avoid) IBM’s IASP program should be based on your enterprise’s specific circumstances.

Consider these scenarios and factors:

• Large, Complex IBM Environments: If your organization spends millions on IBM software annually and runs a wide array of IBM products (especially across virtualized or cloud environments), you are a prime candidate. The more complex and sprawling your IBM footprint, the more value you may get from IASP’s structured oversight. Companies that have struggled in past audits or know they have compliance gaps are also inclined to benefit – IASP can prevent minor issues from compounding into major liabilities.
• Smaller or Low-Risk Setups: If you only use a handful of IBM products or your environment is relatively stable and well-managed, IASP could be overkill or not even available to you. A midsize firm running, say, a couple of IBM WebSphere servers and some DB2 databases might handle compliance with internal resources or a one-time consultant, rather than signing up for a long-term program. IBM generally doesn’t offer IASP to small businesses. In such cases, maintaining good internal SAM hygiene and addressing issues as they arise, rather than waiting for an audit, might be a more efficient approach.
• Strong Internal SAM Capability: Organizations that already have a mature software asset management practice for IBM (with tools like ILMT in place, accurate records, and licensing expertise on staff) might find that they don’t need IASP. If you’re confident that your internal team can manage compliance and you have a history of clean or minor findings in audits, you may prefer to retain control. In this scenario, IASP might only add cost and an extra layer of oversight without providing much incremental benefit.
• Audit History and Risk Tolerance: Think about your past interactions with IBM’s audit process. Have you faced a painful audit with hefty back-charges? If yes, your leadership might be eager for an alternative like IASP to avoid a repeat. On the other hand, if you’ve never been audited or if any findings were negligible, you might decide the audit risk is acceptable. Essentially, this is about risk tolerance: some companies treat IASP as insurance – they hate the uncertainty of a big audit, so they opt to pay for peace of mind. Others are comfortable with the “risk/reward” of not paying and possibly never being audited, or being able to negotiate if they are.
• Budget and Executive Buy-In: Gaining the benefits of IASP requires budget commitment (for provider fees and any true-ups). Some CFOs prefer the predictable cost of a managed service over the unpredictability of an audit penalty. If you pitch IASP as a risk mitigation investment (and perhaps compare it to the cost of one major audit event), you may get executive support. Conversely, if budgets are tight and leadership would rather take a chance, you need to align with that direction. Ensure all stakeholders understand the trade-offs: IASP costs money every year, whereas skipping it could cost nothing – or could cost a lot if an audit were to occur.
• Need for Vendor Independence: Many organizations philosophically prefer to maintain a certain distance from their vendors. If you are wary of giving IBM too much influence or insight into your IT operations, IASP will feel uncomfortable. There’s value in having independent third-party advisors (not tied to IBM) periodically check compliance on your terms. Those who highly value independence and confidentiality may choose to forego IASP and instead conduct internal compliance reviews or use independent SAM consultants, engaging with IBM only when necessary. This can preserve more negotiating power, albeit with less certainty.
• Future IT Roadmap: Consider where your IBM usage is heading. If you plan significant changes – for example, migrating to IBM Cloud Paks, SaaS offerings, or even moving away from IBM products – the nature of your compliance risk might change. You may opt to use IASP as a short-term measure during a period of license complexity, then exit once things simplify (though remember the risk of the exit audit). Alternatively, if your IBM footprint is expected to shrink over time, you might decide it’s not worth enrolling only to wind down usage. Align the decision with your 3-5 year technology roadmap.

In conclusion, IBM IASP is suitable for certain enterprises and scenarios, typically large IBM shops that seek a proactive, managed compliance regimen and are willing to incur continuous oversight and costs in exchange for audit immunity.

It is less suitable (or available) for smaller, simpler environments or organizations confident in their license management.

Weigh the pros and cons in the context of your business. Some CIOs ultimately find IASP to be a valuable safety net, while others decide that strengthening internal SAM and handling audit cases case-by-case is the better route.

The key is to make a conscious, informed choice rather than being swayed purely by IBM’s sales pitch or the fear of audits.

Recommendations

If you’re considering IBM’s IASP program or currently negotiating participation, keep these expert tips in mind:

• Conduct a Compliance Health Check First: Before committing, conduct an internal IBM license audit or engage an independent expert to assess your current compliance position. Understand your risk level – you might discover you’re in good shape (reducing the need for IASP) or that you have vulnerabilities (making IASP more attractive as a remedy).
• Consider if IASP Solves Your Problem: Be clear on what problem you’re solving. If your primary concern is audit unpredictability or a lack of IBM licensing expertise, IASP addresses that. If cost is your concern, consider whether IASP truly saves money or merely spreads it out. Ensure there’s a business case – e.g., “We’ll avoid a potential $X million audit hit by spending $Y per year on IASP.”
• Engage Stakeholders Early: Involve procurement, finance, and legal teams in the evaluation. Procurement can help compare the provider offerings, finance will want to budget for the ongoing costs, and legal must review the contract terms (especially those related to data sharing and termination). Early buy-in from these groups will smooth the decision process and surface any concerns (like data privacy or exit clauses) before you sign.
• Choose Your SAM Provider Wisely: You may have a choice among IBM’s authorized providers. Interview them as you would any service partner. Look for a provider with a collaborative approach that aligns with your company’s culture. Ask for references or success stories. The right provider should feel like an extension of your team, not just IBM’s enforcer. Chemistry and trust are important for a multi-year relationship.
• Negotiate Clarity in the Contract: While IBM’s program terms are standardized, you can still seek clarification or slight adjustments. For instance, confirm in writing the remediation period (e.g., “IBM will not penalize findings resolved within 90 days”). Ask what happens after the term – is there a grace period before IBM can audit? You may not get major changes, but any additional assurances or documented understandings can be valuable later.
• Maintain Your Own Oversight: Don’t completely hand over the keys to the provider. Keep an independent eye on your IBM deployments and the provider’s findings. Have your ITAM team sanity-check the quarterly reports. If something looks off, question it. By staying engaged, you ensure the provider stays diligent and you retain institutional knowledge. Remember, it’s your compliance at stake, even if someone else is managing the details.
• Budget for True-Ups and Improvements: Plan financially not just for the provider fees, but also for potential license purchases that might result from the program’s findings. Ideally, set aside some funds each quarter or year for IBM true-ups so that you’re not scrambling if a compliance gap appears. Also, invest in process improvements (such as better inventory tools or staff training) as recommended – the goal is to see fewer issues over time.
• Plan an Exit Strategy (Just in Case): Although you may intend to stay in IASP in the long term, conditions can change. Have a rough exit strategy: bolster your internal SAM capabilities in parallel so that if you ever leave the program, you can sustain compliance on your own. Also, try to time any exit at a low-risk moment (for example, after a major deployment cleanup) and be prepared for a potential audit thereafter. Being ready for life after IASP gives you flexibility.

Checklist: 5 Actions to Take

If you are an ITAM professional evaluating IBM IASP, here is a simple step-by-step plan:

1. Assess Your IBM License Position: Gather your IBM license entitlements and deployment data. Use ILMT or another discovery tool to identify what’s installed. Determine if you are compliant or if there are obvious shortfalls. This baseline will inform your decision.
2. Consult with Experts and IBM: Speak to an independent IBM licensing advisor or the IBM account team about IASP. Understand the program’s availability for your company and get rough estimates of provider fees. Solicit advice on whether your environment would benefit from IASP or if simpler audit preparedness is enough.
3. Weigh Costs vs. Risks: Perform a cost-benefit analysis. Compare the projected annual IASP cost (provider fees + expected true-ups) against the potential cost of an IBM audit (consider worst-case non-compliance fees or past audit outcomes). Also, factor in soft costs like team effort and business disruption. Use this analysis to decide if IASP is financially and operationally justified.
4. Secure Internal Approval: Present your findings to senior stakeholders (CIO, CFO, etc.). If the decision is to proceed with IASP, get approval for the expenditure and alignment with program goals. If the decision is not to join, ensure everyone understands the plan for managing audit risk through internal measures instead. Obtain sign-off on the chosen approach.
5. Implement and Monitor: If you join IASP, select your authorized provider and complete the onboarding/baseline process diligently. If you are not joining, strengthen your internal SAM by implementing any necessary tools (such as ILMT), documenting processes for license tracking, and possibly scheduling periodic internal compliance audits. In either case, set up a regular review (quarterly or biannual) to revisit your IBM compliance status, so that you are never caught by surprise.

By following these steps, you’ll make an informed choice on IBM IASP and ensure that whichever path you take, your organization stays in control of its IBM software licensing exposure.

FAQ

Q1: What exactly is IBM’s IASP program in simple terms?
A1: IBM IASP is a program where, instead of IBM auditing you, you continuously audit yourself with the help of an IBM-approved partner. The partner monitors your IBM software usage and reports it to IBM regularly. In return, IBM agrees not to do surprise audits as long as you’re in the program and compliant.

Q2: Who is eligible to join the IBM IASP program?
A2: Typically, IASP is offered to larger IBM customers (usually by invitation or recommendation). Enterprises with substantial IBM software deployments and spending are the target. It’s generally not available or practical for small or mid-sized customers, as IBM focuses the program on large environments where audit risks and license complexities are highest.

Q3: Does being in IASP completely protect us from IBM audits?
A3: While you’re actively in the IASP program and adhering to its terms, IBM will not initiate a standard audit – that’s a core promise of the program. However, this isn’t a blanket immunity forever. If you leave the program or breach its terms (for example, failing to promptly remediate issues), IBM reserves the right to audit you. Also, after an IASP agreement ends, you’re back in the pool of auditable customers. Think of IASP as a pause in audits, not a permanent ban.

Q4: What happens if the IASP provider finds we’re non-compliant with some IBM licenses?
A4: In IASP, any compliance gaps discovered are handled in a business-as-usual way. You’ll typically get a short window (often 30-90 days) to address the issue. That could mean uninstalling software to fall back into compliance or purchasing the required licenses to cover the overuse. If you resolve it, IBM won’t penalize you or charge back penalties – you just pay for the licenses in the future. The key is that you must act promptly; ignoring the provider’s findings could lead to IBM stepping in.

Q5: What are the costs I should budget for under IASP?
A5: Budget for two main things: (1) Provider service fees – the ongoing cost for the IBM-authorized SAM firm to do its monitoring and reporting (this might be an annual or quarterly fee), and (2) License true-up costs – any IBM licenses you need to buy if usage exceeds entitlements. You won’t be paying audit penalties, but you should expect periodic purchases if your usage grows or if past under-licensing is uncovered. It’s wise to have some contingency funds for true-ups so that these compliance purchases are not a surprise to your finance team.

Q6: Can we use our existing software asset management tools in the IASP program?
A6: Possibly, yes. IBM traditionally requires its ILMT tool for tracking certain licenses (like sub-capacity PVU usage). Under IASP, IBM has shown flexibility by allowing some customers to use alternative tools (such as Flexera, Snow, or ServiceNow) as part of the agreement, as long as those tools can produce the required reports. This is something to discuss with IBM and your chosen provider during onboarding – they will confirm what tools are acceptable. The goal is to ensure accurate and IBM-approved data collection, whether via ILMT or an agreed equivalent.

Q7: What if we already have a SAM consultant or internal team – do we still need the IASP provider?
A7: To be in IASP, you must use one of IBM’s authorized providers; you cannot run the program solely with your internal team or a non-authorized consultant. However, your internal SAM team or external advisors can still play a role by working alongside the authorized provider. Many companies utilize IASP for IBM-specific oversight, but continue to rely on their internal processes or independent consultants to double-check findings and manage other vendors. If you have a trusted SAM partner who isn’t IBM-authorized, you’d have to decide whether to stick with them outside of IASP or switch to an authorized provider to get the IBM audit protection.

Do you want to know more about our IBM License Management Services?

Please enable JavaScript in your browser to complete this form.

Name *

First

Last

Email *

Company

Message *

Submit