What is Verafirm?

Created by BSA | The Software Alliance, Verafirm is an industry-supported portal that helps companies effectively manage their software, efficiently document that their software is licensed, and connect with customers interested in doing business with ethical companies. It is the first and only registry of its kind. test

Why should companies register on Verafirm?

The Verafirm Registry provides value to registrants in four main ways:

Verafirm can simplify license  management and compliance.

Verafirm is a self-guided tool, which allows businesses to  maintain, manage and monitor their software inventory for multiple publishers  in one place. Through simple data entry and displays, businesses can easily  view and verify their licensing data. It is the only such license management  tool that is built with publisher support and contains publisher-specific  screens and guidance, allowing companies to more easily manage their software  license environment.

The Verafirm Registry can help control IT environment and costs.

Companies that do not have a trustworthy inventory of their  software assets are unable to properly leverage their software investments; find it hard to implement new software roll-outs;  frequently discover they are over-licensed, under-licensed or mislicensed; and  are inadequately prepared when faced with publisher audits resulting in  unplanned true-up costs and penalties. Verafirm is a resource companies can  use to manage their software, control their costs and maximize their  investments.

The Verafirm Registry provides a roadmap to software compliance, ultimately helping  registrants mitigate potential business liabilities, avoid surprises when audited,  reduce costs, improve business efficiency and protect their companies from the  security risks associated with outdated or pirated software.

Compliance ensures companies have a systematic way to keep  track of their software licenses and deployments on an ongoing basis, and  allows them to better align their software assets with their operational needs. Good software asset management is a fundamental prerequisite to effective  information security. According to a Harrison Group study, nearly one in four  (24%) pirated operating systems observed either became infected at installation  or independently downloaded and installed malicious software upon connection to the internet. Furthermore, gaps in understanding “what software you have  and where you have it” can subject an organization’s IT networks to other  external and internal vulnerabilities.  Full software compliance can also have an immediate and  measurable impact on business efficiency. In a series of tests measuring load  times for intranet websites, the Harrison Group found that genuine Microsoft  Windows® products demonstrated far superior performance than their pirated  counterparts – 67% of the time the genuine Microsoft Windows® products were an  average of 100% faster.

The Verafirm Registry can provide a competitive edge for companies looking to differentiate  themselves.

Verafirm is a unique registry portal of IT companies for  customers looking to deal with ethical, stable and responsible companies. Registering on Verafirm with a Registered, Verified or Certified status  provides a badge of differentiation to registrants, offering a competitive edge  and validating the reputation of the registrant company as a reliable,  well-governed organization that respects and values intellectual property.

What does the Verafirm Registry do?

Verafirm allows companies to log their software inventory and compare it against their license rights. Verafirm is also a portal where customers, looking to do business with ethical, legal IT companies, will be able to consult and make inquiries. Registrants have a choice whether they would like to share their information with such subscribers and exponentially increase their global visibility. Since their entire software inventory is maintained centrally and many screens are tailored to specific publishers, demonstrating license compliance is much simpler.

Why is software asset management (SAM) important?

In the information economy, software is a critical, strategic asset. Good software management ensures that a company only acquires the software and licenses it needs; has the ability to coordinate, and thus decrease the cost of software upgrades; can maintain its backup and recovery systems more easily; can benefit from software volume discounts; and stays in line with industry standards and technology improvements.

What does it mean to be included in Verafirm?

While Verafirm is a great tool to understand your company’s licensing positions,  BSA takes no position on whether you comply with any applicable laws or contractual requirements.

I’m already software-license compliant and have ensured my company has all the appropriate licenses. Why is Verafirm important to me or my company?

Verafirm can be used as a tool to ensure that your licensing position remains accurate and compliant. For registrants, Verafirm can also be a competitive differentiator, giving them an opportunity to maintain and grow their business with Verafirm subscribers. By self-declaring their licenses via Verafirm, registrants not only gain positive visibility with their customers, but also take an important first step in publicly demonstrating that they are ethical, transparent and well-run companies that value intellectual property

How does the Verafirm Registry increase operational efficiency for my business?

Verafirm provides increased visibility into a company’s software inventory and can help better control their IT environment to identify over-licensing to help optimize costs, licenses and future investments. Companies can effectively plan for new software and maintain version control instead of ad hoc expansion or delayed roll-outs due to discrepancies in software usage throughout the company.

How do I go about registering with Verafirm?

Through a simple, four-step process, any company can easily register on Verafirm. In fact, only 10 minutes are needed to take the first step towards minimizing your risk and maximizing your market access. Sign up today at

Do software publishers recognize this portal as a valid source for companies to manage license compliance?

Many publishers have worked closely with  BSA to develop screens that reflect their licensing models and terminology. It is important to note that data on Verafirm is governed by a strict privacy policy where registrants have the choice to control whether information is shared with subscribers. For companies who do not opt out, company name and general registration status information is shared. No entitlement or deployment data will be shared with subscribers.

Do software publishers recognize this portal as a valid source for companies to manage license compliance?

Many publishers have helped  BSA develop customized screens accommodating their unique licensing structures and terminology, making it easy for companies to maintain accurate records and demonstrate compliance relatively easily. Companies who have  Verafirm Registered, Verafirm Verified or Verafirm Certified status should take advantage of  the digital badges associated with each status. These badges can be easily displayed on any of the company’s Web properties, and remain valid as long as the company is actively maintaining its Verafirm account.

How often do I need to renew and refresh my information?

To gain the most benefit from Verafirm resources, companies should actively update their information. Companies are required to renew their account and refresh their registration status every 12 months.


What is Verafirm Verified status?

Verified status is given by BSA to those companies who invite a 3rd party review of their license positions and can, with reasonable assurance, claim they are properly licensed.  The 3rd parties are approved by BSA and the list is available here.

How do I request a Verification?

An organization may request a verification assessment by entering information on software assets in the Verafirm SAM Tool and, upon becoming Registered, accept the prompt to apply for 3rd party verification. Else a company can simply email BSA at or submit a request here to initiate the verification assessment.

Why should a company become Verified?

As companies gain assurance from getting their financial statements audited, verification assessments provide reasonable assurance to companies that properly licensed software is being used.  Periodic review of license positions also helps a company plan their software management and avoid legal and financial surprises.

How much will a verification audit cost me?

Cost depends on machines, complexity of the software environment, and geographical locations of the company.  BSA will provide you with a template to help assess the scope of the assessment.


What is SAM?

“Software Asset Management is the entire infrastructure and processes necessary for the effective management, control and protection of the software assets within an organization, throughout all stages of their lifecycle.” (ITIL’s Guide to Software Asset Management)

What is Verafirm Certified?

Verafirm Certified is the first and only program to independently assess an organization’s license compliance and implementation of sustainable, ISO- aligned SAM processes.

What is the objective of the Verafirm Certified program?

The objective of the certification program is to provide a universally applicable benchmark based on internationally accepted standards for organizations to follow when developing and implementing a software asset management program.

The Standard that BSA follows is ISO/IEC 19770-1. The Verafirm Certified program was built in alignment with the Standard with input from experienced SAM practitioners and auditors, as well as from BSA and its members.

What savings can organizations expect from certification?

While every organization is different, benefits from SAM are clear: Effective SAM programs result in increased efficiency and decreased risks. Substantial cost savings can be attained if an organization’s acquired software licenses are not being fully utilized or are underused. Effective SAM can lower costs by helping IT departments avoid software license over-buying and by securing better software licensing contracts with third-party vendor and software publishers.

What are the immediate and long-term benefits of the certification?

Certified organizations will receive forbearance from compliance audits by BSA and its participating members for a period of two years. Audits, which are the right of every software vendor, can drain resources, disrupt business, and expose the organization to unpredictable financial and legal risks.

Certifying your organization also makes a strong statement about the its effective governance, sophistication and reliability, especially if it’s new in the global market.

How can companies sustain the efficiencies achieved?

The key to sustaining these efficiencies is management commitment as well as continuous monitoring, management and adaptation of SAM processes that have been embedded into the organization. Ongoing management support, as well as consistent communication of those processes to all users and implementers of software within the organization, is also needed in order to sustain these efficiencies.

What are the challenges faced by companies in implementing software asset management and satisfying compliance requirements?

Most companies start out with the right intentions; however, companies can face many challenges ranging from lack of clear goals and inadequate budgeting or lack of management support. Effective SAM is about embedding repeatable processes into the organization. The ISO SAM Standard provides the guidance on what needs to be done to conform to the Standard. It provides the roadmap for the organization. The Verafirm Certified solution will certify that an organization’s SAM processes are robust and repeatable.

Who are BSA’s strategic knowledge partners for Verafirm Certified?

BSA enlisted the support and services of renowned SAM knowledge partners KPMG and Deloitte. KPMG and Deloitte have strong reputations as being thought leaders in the SAM space, an extensive client base, and, most importantly, strong audit experience with leading software publishers.

What is the process for obtaining the Verafirm certification?

Companies who succeed at sustainable SAM policies have full management commitment in wanting to get the most value from their IT assets. In addition, organizations need to ensure the tight integration of two important components:

1. Trained personnel (Verafirm Certified Professional)
2. Sustainable standards-based processes

After an organization has determined their SAM goals, assessed and closed their gaps, and implemented SAM processes, they will follow the steps below to obtain a Verafirm certification:

1. An interested organization approaches BSA to apply for certification.
2. During the application process, the organization will specify the legal entity and geographic scope of its operations that will be subject to the certification. The organization will also present proof of license statements for all software included in the scope of the certification.
3. The organization will be able to select a Verafirm Certified Auditor (provided there is not a conflict of interest) to independently assess the organization within the specified geographic scope for: a. Effectiveness and sustainability of their implemented ISO-aligned SAM processes, and b. Current license compliance and ability to sustain license compliance.
4. The Verafirm Certified Auditor issues its recommendation to BSA based on its assessment of the organization’s performance with respect to critical parameters. If sustainable license compliance is assured and the organization’s critical SAM processes pass the test, the auditor recommends the organization for certification.
5. BSA reviews the results of the assessment and the Verafirm Certified Auditor’s recommendations and makes a final determination.
6. The certification and its benefits, including forbearance, extend only to the legal entity and software that was considered within the scope of the assessment.

Want to get started? Fill out the Contact Us form here and a BSA representative will contact you shortly.

When will my organization have to renew its Verafirm certification?

As part of the checks and balances required to maintain the integrity of the certification, organizations will be required to renew their certification every two years.

What are the costs and time associated with obtaining certification?

The cost and time will vary depending upon the complexity of the organization and the software assets it has deployed. BSA is developing a tiered pricing structure that will take into account most commonly deployed software assets.

Are there any similar certifications available?

Certifications are available in connection with ISO 20000 (Service Management) and ISO 27000 (Security). However, these certifications do not expressly apply to the management of software. Accordingly, BSA believes these certifications may complement, but do not replace, a Verafirm certification, which specifically applies to the management of software assets.

Are there any specific criteria that the companies must meet before they are considered for audit?

Yes, companies will be required to provide BSA with their licensing positions (deployed and entitlement) for all server and desktop products within the scope of the certification assessment. In addition, because a “resting period” is necessary for many of the ISO-aligned SAM processes to settle and adjust into a company’s framework, applicant organizations will be required to demonstrate that their policies have been in place for a minimum period prior to applying for certification.

Is this certification targeted towards a specific industry or sector?

No, because software asset management (SAM) principles apply universally to any environment in which software assets are deployed. Some industries that engage with the global market or in the tech sector might find that certification particularly enhances their brand; however, the Verafirm certification is equally beneficial to any organization where software plays a critical role.

Are any of BSA’s global members involved in the development of this program?

Yes, BSA has actively engaged with its membership throughout the pilot and is moving forward with their full support.

Certified Professional

What is SAM Advantage?

SAM Advantage is the first industry training course developed around the ISO/IEC 19770-1:2012 software asset management (SAM) standard. This course is an international collaboration and builds from the expertise of the BSA| The Software Alliance, leading business software publishers and established SAM practitioners.

What will I learn from this course?

Through SAM Advantage, organizations will, for the first time, learn to build a unified standards-based SAM program. As organizations implement their own SAM programs through SAM Advantage, they will start to gain better control of their software assets, mitigate potential risks and ultimately improve the effectiveness of their IT operations.

How long is SAM Advantage?

SAM Advantage is delivered via an innovative online training portal. On average, it will take approximately 20 hours to complete the entire four-tiered course. You can stop the course at any point and pick up again later where you left off. There is no time limit for completing the full course.

Why should I take this course?

SAM Advantage will provide the critical benefit of giving you the knowledge necessary to successfully implement best practice SAM in any organization, reduce risk and increase overall IT benefits. The information learned from this course extends to the individual IT practitioner interested in SAM, to the SAM adopting organization and the partner/reseller wishing to extend their knowledge into a value-added benefit for their own customers.

Are there tests for each topic?

To ensure a positive learning experience and understanding of the course materials, there are short interactive quizzes, practical case studies and end-of-tier assessments.

Will I be certified after taking this course?

Successful completion of SAM Advantage leads to a Verafirm Certified Professional certification. A distinct qualification, the Verafirm Certified Professional certification conveys:

Knowledge of ISO/IEC 19770-1:2012 objectives
Mastery of processes required to implement ISO/IEC-aligned SAM programs
Expertise to work across the installed software base
Understanding of the business and technical issues facing organizations

What is a Verafirm Certified Professional?

The Verafirm Certified Professional certification is awarded to individuals upon successful completion of the SAM Advantage course and the accompanying assessment questions.

Is the Verafirm Certified Professional certification recognized by the industry?

BSA is the world’s largest software trade association. BSA developed SAM Advantage as there wasn’t any standards-based training explaining how organizations can build world-class SAM programs.

The Verafirm Certified Professional certification is based on your demonstration of knowledge of ISO/IEC 19770-1 standard and is the only certification that is based upon a globally recognized standard.

Do I have to pay for certification?

The certification is free and is given to all individuals who successfully pass the assessment tests in all SAM Advantage four Tiers. There is a cost associated with taking the SAM Advantage course.

What if I do not answer all the SAM Advantage assessment questions correctly?

You will be allowed to retake the tests. If you choose to skip this assessment (or do not pass), you will not be eligible for the Verafirm Certified Professional certification. In order to receive the certification, you must pass all four Tier assessments with an 80% or higher grade.

How long will it take to receive my certification?

It can take 6-8 weeks to receive your certificate as well as the logo/usage restrictions.

How can I access the SAM Advantage course?

You can register for the course by visiting our form here.
Once you’ve registered, you can login to the course here.

When will I have access to the course?

You will have access as soon as your payment has been received by us. You will get an email notifying you of your username and password to access the course.

How long do I have to complete the course?

There is no time limit on completing the course. However, we strongly recommend you complete the course within three months, as doing so will result in accruing the benefits you learned that much sooner.

What are the player requirements for taking this course?

Browser: Internet Explorer 6 or higher, Firefox 3.0 or higher.
Adobe Flash Player may or may not be required, depending on the features authors chose to use in each course.
OS: Any OS capable of running one of the abovementioned browsers, including Windows, Mac OS X, Linux, Android.
CPU: 2 GHz or higher.
RAM: 1 GB or higher.

Who should I contact if I encounter technical difficulties?

Should you encounter problems accessing the course or while taking the course, please send an email to

Who authored the course?

SAM Advantage is an international collaboration and builds from the expertise of the BSA| The Software Alliance, leading business software publishers and established SAM practitioners. To ensure BSA keeps up to date on the standard, BSA is a Liaison organization to the ISO SAM working group.

What languages is SAM Advantage available in?

The course is available in English, Chinese, Russian and Spanish. Overtime, it will be translated into additional languages. You select your language preference during the course registration.

Who should I contact if I have questions or comments regarding the course content?

Please contact

Supply Chain

Why is important for companies to do business with suppliers who use properly licensed software?

Strong software controls, in addition to signaling the strong and ethical governance practices of suppliers, go a long way in alleviating security threats.

According to 2013 Symantec Internet Security Threat report, the manufacturing sector is now victim of nearly 25% of cyber-attacks, up 11% from previous year and attributable to attackers’ exploitation of suppliers at the base of the supply chain.  As supply chains are getting more diverse, integrated supply chain executives want strong management of IT and software in global supply chains.  According to the 2012 SCM World’s The Chief Supply Chain Officer Report, 56% of surveyed supply chain executives said that they were concerned or very concerned about data security and IT incidents.

Using properly licensed software ensures that companies get the latest patches and updates which prevent most common cyber-attacks.  Supply chain companies who require their suppliers to use properly licensed software can be more assured of their stability and security and that their suppliers are operating to the same ethical standards and they are.

What is the Verafirm Supply Chain program?

The Verafirm Supply Chain program offers the only global monitoring tool to track software compliance in integrated supply chains, giving companies confidence that their business partners operate by the same ethical standards that they do.

How can I monitor my supply chain on Verafirm?

Subscribing and monitoring on Verafirm is a simple process.

  • Step 1: Subscribing. Companies wishing to monitor their supply chain use of ethical software need to first subscribe. You can subscribe here.
  • Step 2: Encourage your Suppliers to Register on Verafirm. You can 1) import your supplier list on the Verafirm Supply Chain portal. Once added, an automatic email will be sent you each contact asking them to Register. You can also ask your suppliers directly and provide them with your automated Subscriber number. Your suppliers may open an account and enter your Subscriber number here.
  • Step 3: Monitor. Once your suppliers Register on Verafirm, you will be able to monitor their declaration status.


What do my suppliers need to do to qualify for a Registered status on Verafirm?

Companies wishing to become Registered companies need to:

  • Enroll on Verafirm by completing this form.
  • If they are responding to a Buyer/Customer request they must enter the Buyer Connection Code
  • Enter details about software deployed on their environment along with corresponding contract and purchase information.
  • Once competed an authorized executive of the company attests to the accuracy and completeness of the licenses declared on Verafirm.
  • Once this step is completed they become Registered and get a digital badge to showcase.

What will it cost to subscribe?

Verafirm subscriptions is at no cost to the company for the introductory period.  BSA however reserves the right to charge for subscriptions with sufficient advance notice.

Do my suppliers have to pay to use Verafirm or become Registered?

Verafirm SAM tool is offered at no cost to the company for the introductory period.  BSA however reserves the right to charge for subscriptions with sufficient advance notice.

Does my company have to become a Registered company first before we can subscribe?

No.  While we highly recommend all companies implement and benchmark their software asset management, we do not require companies wishing to monitor their supply chain become Registered first.