Why it pays to proceed with caution—and seek independent advice—before committing to IBM’s latest SAM initiative.
IBM is evolving its approach to software license compliance. The newly announced Client Value Acceleration Program (CVAP) is being positioned as a progressive alternative to the existing IBM Authorised SAM Provider (IASP) initiative. While IBM hasn’t officially confirmed that CVAP will replace IASP, the similarities are notable—and the differences are even more important.
Why CVAP raises serious considerations
For organisations managing complex IBM estates, the newly announced Client Value Acceleration Program (CVAP) raises serious considerations:
The Devil is in the detail
While the high level "pane of glass" vision may appear attractive, the contractual small print probably implies some very significant resource commitments by you.
Security, Security, Security
Recent cyber-security breaches are a constant reminder that even the smallest snippets of information can be used to help infiltrate a client's network.
Information is Power
It is critical to understand how the deployment data you provide can be accessed and used by IBM.
Here’s what you need to know.
From IASP to CVAP: What’s Changed?
A quick refresher on IASP:
IASP allowed customers to avoid formal IBM software audits by working with IBM-approved third-party SAM providers. These providers monitored compliance and reported back to IBM, with the idea being a more collaborative, less disruptive way to manage license risk.
However, as these providers are selected and approved by IBM, it does raise a fair question: who’s verifying the verifiers? When the reviewer ultimately answers to the vendor, the independence of the process can be open to interpretation.
Now enter CVAP:
CVAP appears to continue the 'audit avoidance' narrative, but with an added twist: clients must now share quarterly deployment data directly with IBM, significantly increasing the volume and frequency of information being handed over.
This is a fundamental shift. And while IBM claims the programme is about delivering 'value acceleration' through insight and proactivity, the reality may feel more like handing your keys to the landlord and inviting them to inspect your house at will.
CVAP: Pros and Cons
Let’s break down the good, the bad, and the uncertain.
Potential Advantages
- Avoid formal IBM audits while participating in the programme.
- Potentially receive actionable insights on IBM software deployment and usage.
- May receive recommendations or access to IBM technical experts, for example, through proof of concepts.
- Demonstrates a proactive approach to software compliance and governance.
Key Considerations
- Data exposure: Quarterly uploads of system deployment data gives IBM unprecedented insight into your environment.
- Security risks: The traditional audit model resulted in a one-time snapshot of confidential data being carefully transferred to a third-party audit firm covered by a very specific non-disclosure agreement. More frequent data sharing increases potential vulnerability, especially as tools like ILMT don’t allow any redaction before transmission.
- Control and independence: IBM (and its selected partners) manage the process. How and where you use enterprise software is solely your data. If IBM can access the same usage data, they can leverage it in renewal negotiations and this opens up an endless stream of follow up questions as well as representing another security risk.
- Scope concerns: The programme is likely to cover all IBM products. What level of resource commitment is expected from your team? Requires multi-disciplinary teams across the organisation to co-ordinate and work together.
- Technical prerequisites: Will you have to report usage even if IBM can't provide in-built tooling or a simple methodology for deployment counting?
- Contractual caution: Request the standard contractual documentation before entering into any detailed discussions. There is the potential of enterprise-wide implications. Proceed with your legal and procurement eyes wide open.
- Sales and promotions: Tailored promotions and targeted sales activities are expected, based on your own data.
- AI-based analytics and insights: Does the mandatory use of AI analytics and insights on your data in the CVA portal meet your existing company AI, and data governance rules?
Why You Should Think Twice Before Signing Up to CVAP
It’s tempting to view CVAP as a ‘get out of audit free’ card. But it’s more accurate to call it a licensing trade-off: in exchange for exemption from formal audits, you’re granting IBM continuous access to your data, and, by extension, increased leverage over your future negotiations.
In short, you’re paying (with time, data, and control) for peace of mind. But whether that peace is worth the price depends entirely on your individual risk profile, estate complexity, and existing licensing position.
There Is Another Way: Independent Advice from Livingstone
At Livingstone, we provide independent, vendor-agnostic advice on IBM licensing strategy.
That means we can help you:
- Understand the full implications of CVAP (or IASP)
- Assess the state of your IBM estate before entering into any data-sharing agreements
- Negotiate on your own terms, not IBM’s
- Avoid unnecessary cost, risk, or future restrictions
We’re already helping clients across industries to manage their IBM software estate. And while CVAP might work well for some organisations, we firmly believe it’s worth pressing pause before committing.
Final Thought: The Audit May Be Avoidable—But the Risks Are Not
If IBM is offering you a place in CVAP, take your time. Ask the hard questions. Review the fine print. And most importantly, don’t go it alone.
Want a second opinion before you sign?
Get in touch with Livingstone’s IBM licensing experts—we’re here to help you make the smartest move, not just the safest one.
Article written by Livingstone's IBM team of specialists including Alicia Ijaz, Cristóbal Medina and Stephen Lee. Follow them on LinkedIn.
