A SAM policy is an important part of your SAM programme and like any other policy, it is designed to ensure rules are followed and communicated appropriately.
There are two types of policy, one aimed at the end user which covers things like software use and security aspects, and the second which is an operating policy, covering aspects of SAM more from an operational governance perspective.
The business goals of your organisation will dictate the tightness of your SAM policy, creating a trade-off of user/IT enablement versus risk management. However, at any level you must ensure that for the policy to be effective, it must be clearly defined, communicated, enforced and managed.
Defining the SAM Policy
So, how do you start putting together a coherent and comprehensive SAM policy?
First of all you need to start by asking yourself a few questions:
1) What existing corporate policies and governance structure do we have in place, and do they
reflect our current business goals?
2) Who will be responsible for writing, maintaining and communicating the policy?
3) What processes do we need to define and manage an asset from requisition to retirement?
4) Who will be involved in the process and what responsibilities will they have?
5) How will the policy be enforced, both for users and for IT professionals?
6) Who is the audience for the policy?
What to include in your SAM policy
The content of a SAM policy differs from one organisation to another and depends on various factors such as the size of your organisation, users’ software requirements, staff mobility, use of mobile devices, structure of IT and procurement departments etc.
Your SAM policy needs to include strict guidelines that you want from a SAM governance perspective and which specifically relates to the SAM programme.
Tips on formulating your SAM policy
To ensure your SAM policy is effective, remember to:
1) Clearly define your policy and ensure it is easy to follow, enforce and manage.
2) Whilst the writing of the actual SAM policy is the responsibility of the IT Asset/SAM Manager, it is important that buy-in is sought from peers and all stakeholders involved or impacted by it.
3) Review and check your policy against business goals and align appropriately.
4) Differentiate between policy (why we do it), process (what we do) and procedure (how we do it, when we do it and with whom).
5) Standardise formatting for all policies (templating).
Policies should follow a uniform format, all policies should be structured in the same way throughout the organisation. In other words, if your organisation has existing policies, be sure to use them as a template to creating your SAM policy.
6) Create a Communication timeline/plan for distributing the policy details to stakeholders and business areas
7) Communicate the policy in line with your SAM processes and governance structure and corporate communications guidelines.
8) Your policy should be kept up-to-date. Initially it should be revised two months after release and then every 12 months thereafter.
Need more help?
So, if you still need some help building your SAM policy, ITAMS has developed a new one day workshop on SAM Policy Development for any newbie to SAM or existing SAM practitioner.
The workshop aims to help you identify, assess and develop appropriate policies to underpin your SAM practice and provide you with the core building blocks required to meet your business and SAM service goals. You’ll also get a set of best practice templates to take away.
For more information and to book your place, please visit click here.
Is your software asset data providing you with the right information to help you make informed decisions for your business?
In this post, ITAMS’ consultants define “data”, what data elements support IT asset management (ITAM) and what the data model comprises of for effective licence and compliance management.
Accurate, complete, and timely data is essential for reliable licence and compliance management. Regardless of how many sources you have, data coming into your asset repository must be of sufficient quality, quantity and coverage.
Data quality is the measurement of the correctness and completeness of data elements across all entities and the applications of standards, including attributes therein. When data is generated across multiple systems and then brought into the repository, where there are multiple data elements mapped to a single attribute, the data should, according to best practices, have the same format, i.e. Date = DD/MM/YYY.
Data quality also refers to the age of the data; it must be generated and transported in a timely fashion which supports the asset needs. Timeliness of data will depend on the asset (licence) and business requirements.
Data quantity then, is the measurement of the number of relevant data elements you have available to map against each entity. For example, if you are trying to create an asset profile, but all you have available to you is the product name and the date acquired, then you have insufficient data quantity. In order to create an asset profile, you would also need: PO number, SKU number, cost etc. Without the correct data quantity, your assets will not be complete.
Data coverage refers to the measurement of the availability of data elements, entities across the entire organisation in all environments and platforms. In order to generate a correct view of your assets, you must have data on Wintel, UNIX, Development and Test, Production, Disaster Recovery, Infrastructure, Regional Data etc. Unless you limit the scope of your SAM Service, you must have sufficient coverage for asset data.
Data elements in support of ITAM (of which SAM is a subset), must:
- Include all relevant data, not just software asset and licence data.
- Support all IT asset views resident in different technologies:
- Support specific requirements for analysis and reporting.
– Acquired (IT asset & licence repository).
– Installed (inventory discovery).
– Used (usage metering).
– Entitled (access authorisations).
The data model is comprised of:
- Entities – e.g. asset, contract.
- Elements (fields) – e.g., asset name, asset type.
- Definitions (purpose, intended content).
- Standards for key data elements – e.g., asset status.
- Attributes – e.g., alphanumeric, character.
- Links between entities – e.g., assets to licences to contracts.
- Relationships amounts entities – e.g., ‘installed on’, ‘assigned to’.
- Sources (systems-of-record) for each entity, possibly element.
Without data, your technology will not support your business requirements and be unable to provide you with the reporting and analysis information needed to make qualified decisions regarding your assets.
For more information about SAM data analysis services, please contact ITAMS.
SAM Market Trends – are you caught in the wave?
ITAMS’ specialist licensing consultants Monica & Adriana share some insight into how the Software Asset Management (SAM) market is changing, what this means to SAM providers and why end-users should not steer too far from the main principles of SAM.
“Having worked for several years in Oracle and now within ITAMS’ Oracle team, we are now in a great position to share a few thoughts with you, based on our experience working with both vendors and clients alike.
Without a doubt, the core strategy of a large software publisher is focused on revenue and not on achieving compliance for its end-users. In a large organisation, the need for a SAM process exists but the allocation of dedicated resources is not always covered. For this specific reason, SAM providers have emerged on the market and are here to help. However, things are not as simple as you might imagine.
Changes in the SAM industry have meant that organisations have started to spend a lot of money moving to new licensing models (that are vendor driven), and that are fast becoming “flavour of the month”. For example, let’s take the Cloud licensing model, which is suitable for a fully integrated service or when replacing an existing on premises software solution. The downside to moving to this type of licensing model is that if you‘re already tied into a licence term, you may need to re-invest in new licences.
Managing Software Assets has developed from a tactical fix into a strategic imperative. Even though IT budgets have remained flat, software spend continues to grow in terms of its percentage share of the overall IT budget.
SAM represents a business practice that involves managing and optimising the purchase, deployment, maintenance, utilisation, and disposal of software assets within an organisation. Furthermore, it enables an organisation to better understand the hierarchical ranking of software products from a vendor management perspective, as well as help it to make targeted software investments to support its strategic objectives. This being said the goals of SAM are to optimise IT costs, limit operational, financial, and legal risk related to the ownership and use of software.
So what should you do?
Firstly, you need to understand your software estate. So, what software licenses do you have, are they being fully utilised and are there any licences that are not being used and is there any software that is required?
In other words you need to be pretty sure about your organisation’s licensing position and especially with those vendors that consume the majority of your software licensing budget. There’s always going to be inconsistencies unless you keep an eagle eye on your estate. Once thing’s for sure though, with compliance comes responsibility. This being said, assess your current and future needs and act accordingly.
In a world in which SaaS (Software as a Service) and Cloud based software/licensing models are growing, one may be tempted to think that it could be the end of SAM as we know it. However, in our opinion, it’s the contrary. SAM will continue to prove its value as there are multiple reasons for investing in SAM services, in particular the necessity to manage user accounts, data and subscriptions.
Despite the fact that for many organisations the concept of “software asset management” (SAM) has largely been driven by the pressures of software license compliance, it is now widely agreed that SAM has become a vital business practice. Tracking software using excel spreadsheets is no longer the norm, with a significant number of growing companies now using key technologies to help them not only discover IT and software assets but also to track and manage assets over their lifetime.
Coming back to SaaS and Cloud licensing models, organisations must be aware of potential non-compliance situations arising from for example, accessing software from territories that are not included in the license rights, sharing user accounts or providing access to third parties and contractors to whom such access is prohibited.
To conclude, the best option for organisations at the moment is to explore what SAM services are out there. Initiate contact with a SAM provider, set a realistic yet effective and achievable framework of activity, taking into consideration the unique constraints of your organisation, existing tools and capabilities. Ensure you select an impartial partner, most probably one that does not resell software nor where interests blend. But, before you engage with a SAM partner, stop and ask yourself what does prevail, your requirements or those of your potential partner?”
For more information please contact ITAMS.
ITAMS’ Oracle licensing team provide an overview on Pool of Funds agreements.
For several years, Oracle has had an active policy to increase the number of Unlimited Licence Agreements (ULAs) signed with customers globally. This type of agreement is not something new, as some of the companies Oracle acquired previously have also used it.
For example, BEA Systems, (before its acquisition), used to offer their customers the possibility to buy licences using AYCE (All You Can Eat) agreements, these were replaced by Oracle ULAs, and PPBD (Prepaid Burn Down) agreements which are now, more or less, Oracle Pool of Funds (PoF).
Oracle decided to diminish the risk of letting customers choose the licences they wanted to use from the software listed in their ULA agreements, re-introducing the so called PoF agreements.
During the past year, the number of PoFs have increased and now, more and more ULA agreements take the shape of a PoF agreement.
So what exactly are Pool of Funds?
The Oracle PoF is a special type of licence agreement. In return for paying an upfront licence fee, end users get the right to deploy a mix of a pre-defined software against a fixed price, for a limited amount of time, until they reach the invested amount. If we refer to the initial agreements (ULAs) from which PoFs are derived, the conclusion is that Oracle dropped the option to select unlimited quantities (which is applicable only for ULAs) for the PoF agreements. This means that they can now, better handle any customers that are using large amounts of software, eliminating the risk of them using more software than what was initially paid for.
Customers must be re-assured that almost all the terms of a PoF deal are negotiable. The larger the company, the higher the discounts they will receive. Nothing is fixed, so more products can be included in the deal and the usage area can be expanded from a certain country to worldwide coverage. There are a lot of factors to take into consideration for this type of deal and they depend on the specific needs of the end-users.
Besides the licence fee, a customer must also pay for annual technical support based on the full PoF credit during each year of the PoF period and beyond. In addition, the PoF ordering document will specify a “Total Support Stream,” which the customer must maintain throughout the PoF period in order to keep the right to burn down the PoF credit until it is exhausted or the PoF period expires. Any failure to maintain the Total Support Stream will result in an early termination of the PoF period, and the customer must immediately declare licences in accordance with the contract conditions.
The Total Support Stream will include:
- Existing licences for the software programs that are included in the PoF agreement.
- All support for new licences included in the PoF agreement.
- Licences for the software programs that are included in the PoF owned by companies that are acquired by the end-user during the PoF agreement period.
- New licences for the software programs as included in the agreement, and as acquired against a price hold, after the signature date of the PoF agreement.
Usually, customers that have an active Pool of Funds agreement are contractually requested to provide periodical usage reports which are called “Licence Declaration Reports” (the standard term is every 6 months but this may vary from customer to customer). In this way Oracle is using the information from the report and updating their repository with the quantities provided.
An important fact is that, at the end of the contractual period, any unused licence credit will NOT be reimbursed; however, if at any time throughout the contractual period a client’s deployment worth exceeds the initial net credit, a new payment is due.
Furthermore, having a Pool of Funds deal doesn’t mean that Oracle will not conduct an audit during the term of the agreement in order to validate that the declared software listed in the Licence Declaration Report is complete and accurate. That is why our recommendation to customers that own PoF agreements is, to keep track of all licence records internally and if possible, use relevant SAM tools and support services that will ease their efforts.
ITAMS’ Licensing Analyst Sergiu provides an insight into the Oracle Licence Inventory.
The Oracle audit process represents a series of steps. The basis for this is Oracle’s so called “Licence Inventory”, although other software vendors may refer to it as ‘licence repository’/ ‘entitlement’, etc.
The Oracle licence inventory report is an excel spreadsheet summarising the licence products purchased by a particular customer and also a comprehensive overall picture of the historical support and licences.
How is this report used?
The report is used by Oracle Licence Management Services (LMS) consultants as a primary verification tool against which the original contracts are checked, in order for them to build a clear, simple and complete software repository. Later on, this will act as a guide for Oracle field consultants when managing their clients’ software accounts.
Grouped in several tabs, the information is based on the contract migrations report data and product migration rules. As a customer, special attention should be paid to your reference information, such as the correct spelling of names and ensuring that the address you have registered is the correct one. Also, pay particular attention to the status of your licences (if they are active or inactive) and the licence metric name of each licenced product.
Can the customer obtain this information from Oracle?
In 90% of cases, the customer will receive a “customer facing document”, where details about Oracle’s licencing audit report can be found. Included is a licence table (a simplified format of the licence inventory), nonstandard clauses (found in the original contracts), definitions of the licence metrics that the customer is licensed on (taken either from the original contract or from Oracle’s price lists) and finally, the minimum number of users /devices required for every software product (so these can be correctly licenced).
As Oracle consultants build the customer repository using different systems, sometimes the information lacks accuracy, so the customer should pay extra attention to ensure that the details contained in the inventory are correct.
For the customer, the most sensitive information to check is related to:
- Product name
- Licence Level
- Licence Term
- Support status
- Licence ownership
- Duplicate products.
For a customer to have a clear licencing position, they should ensure they have:
- A tool that is capable of tracking all software licences currently in use.
- Identified all the deployed licences across the organisation’s network. (Oracle uses measurement scripts which may be provided (but not in all cases). Customers must ensure that they know what the outputs are and that an expert is working on that.)
- Built and maintained a report with detailed information on licence use. In other words, keep track of licence use internally.
- Started comparing entitlement and deployment on a regular basis in order to have a strong compliance position.
After all the above are taken in consideration, the customer should have a clear view of whether they are under-licensed and need to acquire extra licences or whether they are over-licenced and need to uninstall licences.
Managing software assets can feel like an endless maze if you don’t know how to approach licensing information. Remember creating an efficient SAM process takes a lot of time and needs dedicated resources.
ITAMS’ Lead Consultant Monica explains why it is important to properly coordinate your internal resources and licensing knowledge for any forthcoming software re-negotiations.
“With licensing, as you will already know, things are never black nor white. So before signing a deal with a software vendor, ensure that you are aware of the key relations between your organisation’s internal departments and that the right environment exists to help manage the complex world of software licensing and usage. This is half the battle and definitely a large step in the right direction.
So what does this mean? Allocating the right resources to, and coordinating the collaboration between the different departments in your organisation such as IT Licence Operations, IT Procurement and the Legal department is of uttermost importance. However, if you are a small company, you need not worry about this too much, so long as you have a process for tracking the purchase and use of licences from requisition to disposal.
If you think and act smart, you will soon realise that if you have the right tools, knowledge and a clearly defined processes in place, entering into software negotiations and facing off an audit doesn’t need to be a stressful experience.
The above situation applies to all vendors. If we look more closely at Oracle, there are 2 possible scenarios when buying and managing your software.
The first one may be that you are stuck in standard contractual terminology. For example, using a decentralised purchasing model or having your price holds attached to the ordering documents. This will translate in, what I like to call “licensing chaos”. People will not read the contracts correctly, will misuse licences and will find that they are breaching standard licensing agreements, purely by not being organised internally, nor being able to track usage properly to ensure that compliance is met.
The second is where you prepare in advance to sign a licensing agreement. In this situation, you will have a non-standard contract and a centralised purchasing model. By properly coordinating your internal resources and licensing knowledge, you will be on the safe side, especially if you have a strong legal representative in your company to deal with any software re-negotiations.
My advice to you is, to get the right resources and expertise in place and prepare for your software negotiation thoroughly by:
– understanding what your existing and planned and software usage is,
– having a consolidated master agreement to govern all purchases and
– standardising the terms of your agreement before signing the deal.
If you need help, then you will be pleased to know that there is plenty out there, however you will need to know where to look! For more advice and help, please do get in touch!”
Oracle Unlimited Licence Agreements (ULAs) – the facts!
The Oracle ULA is generally offered to larger customers as a convenient option to purchase unlimited licences, for a pre-defined list of products and for a limited term. Licence fees are paid up-front, along with the first year of technical support, with the cost often amounting to millions of pounds.
So what are the advantages and disadvantages of this type of deal and how can you ensure that you are making the right decision before choosing to sign a ULA?
ITAMS’ Senior Licensing Consultant Anemaria provides an informative overview
of the Oracle ULA.
“First of all, let me summarise the characteristics of this type of contract. In simple terms, an Oracle Unlimited Licence Agreement (ULA) is a contract that gives you the right to use an unlimited quantity of a pre-defined list of products but for a limited period of time, usually 3 years.
Another characteristic of the deal is that, at the end of the term, you decide whether to follow Oracle’s certification process and waive your right to deploy an unlimited number of licenses or to continue with the arrangement and renew the deal.
The two big advantages of the ULA are cost savings and simplicity. Cost savings can be realised if you anticipate a future growth in usage during the contractual term. If so, then a ULA deal will be a good choice.
In addition to this, if you are looking for a single deal for different categories of Oracle products bundled together, or if you prefer simplified support management (of previous Oracle agreements), then a ULA deal will also prove to be a good choice.
However, you will need to be aware of some risks you may be exposed to if you opt for a ULA.
A common problem that customers face during the ULA’s contractual term is that they have made a wrong estimation of their future deployment and that the financial investment in the ULA was not a cost-effective choice.
If you are a large organisation this could be the right option. However, if you are about to enter into a period of mergers, acquisitions or divestments, this can be a very complex situation to manage under a ULA. Furthermore, if the expected growth in usage is not realised, you will most definitely over-pay for the licences your organisation actually uses during the term.
Even if the usage declines during the ULA, you will still be required to pay the same amount of maintenance that was in effect at the beginning of the deal, otherwise you are a non-compliant customer.
Another area of risk comes at the time of exiting the ULA. You must provide Oracle with accurate information about your current deployment to certify the number of licences installed and running at the contractual end date and to sign the Certification letter.
At this moment, the Oracle licence management consultants or the account manager will contact you with lots of technical questions about the actual deployment of the ULA programmes, wanting to ensure that you are not presenting an over-declaration of usage and at the same time, wanting to identify any future upsell opportunities. So, always keep in mind that the over-declaration or the over-deployment of your software is a non-compliance situation.
Declaring a high number of licences in use at the end of the deal, will always raise a question mark. In addition to this, if you are not ready to respond and to defend your certification, you will be very exposed to the risk of being audited.
The ULA deal is a suitable option for larger customers, and so the complexity of the system environment will also be discussed. For this reason, best practice requires that if you have already entered into this type of agreement, please ensure you have the processes and tools in place to accurately manage your Oracle deployment.
To conclude, it is best to manage your ULA in time and before Oracle comes knocking on your door to mitigate any potential risks!”
For more information please contact ITAMS or request to download Anemaria’s webinar on, “Oracle Unlimited Licence Agreements (ULAs) – Benefit or Risk?”
To support or not to support! That is the question…. if you want to save money!
ITAMS’ Lead Consultant Monica warns Oracle users to ensure they check which licences and licence sets are covered in their Oracle Licence and Services Agreements (OLSA) to avoid unforeseen technical support costs.
Acquiring a licence from Oracle goes hand in hand with purchasing support. Cost wise, this is also where Oracle gets most of its revenue, through support renewals. Most customers do not pay careful attention to this but they should. I am not talking about numbers but about market trends. The best example that comes to mind is Enterprise Manager 12c Cloud Control which is free of charge as long as you purchase any licence or support contract. You get something free if you purchase support! This is what we need to keep in mind!
You, as their customer, wanting to keep track with the latest technologies and managing your complex IT environment, definitely need software updates, product patches and the capability to migrate and upgrade your licences. At what costs? Usually the support cost represents 22% of your licence fee. However, depending on what you have negotiated, this may vary.
In case you purchase support, where do you have to pay maximum attention? Well, when you sign your Oracle Licence and Services Agreement (OLSA), under the Technical Support clause, you come across the following, “If you decide to purchase technical support for any licence within a licence set, you are required to purchase technical support at the same level for all licences within that licence set.”
How do you know what this Licence Set is, so you can watch out for it? According to Oracle’s Software Technical Support Policies, it consists of all the licences of a program, including any options or self-service module; all of the licences of a program that share the same source code.
For Crystal Ball programs, the same licences of a program contained on a single order and for Oracle Java Embedded Binary programs, all the distributed units of each unique Java application product licenced pursuant to the Java BLRA agreement between you and Oracle. So you see, it is rather easy for you to purchase licences contained in a licence set and you do not even know about this. Even Oracle, through its Software Investment Guide (SIG), stipulates that you, the end user, has to allocate someone who will be responsible for understanding and managing the agreements you sign.
The Licence Set definition is closely tied to the MSL (Matching Service Level) concept which says that you cannot support a subset of licences within a licence set and that it must be reduced by terminating the unsupported ones. Here you have to carefully calculate the most cost effective solution for you! Shall I get support or not?
This brings me to my next gotcha on my list! That would be represented by a single word: REINSTATEMENT! If you did not initially acquire support for a licence, you have to know that this will for sure alter your planned budget. The conditions are detailed in the Oracle Software Technical Support Policies document and what you need to remember is that this reinstatement fee is 150% of the last annual technical support fee (if you had acquired support in the past), or 150% of the net technical support fee (if you never had it). Together with these pro-rated reinstatement fees you will also have to pay for the lapsed support period AND potential renewal adjustments. Again, carefully plan your needs!
To avoid high unplanned costs, the need for a centralised purchasing model is felt acutely. Many customers need a framework agreement which will incorporate all legal provisions, applicable to all entities in the group, a contract which will clearly highlight your future rights and obligations with Oracle. This being said, remember what a licence set is, most probably you already have it, and, before committing to support, make sure you know this is a long term relationship, similar to marriage if you ask me, a relationship which demands from you time, money and understanding!
This week I approached Alin, one of ITAMS’ resident Oracle experts to help me understand more about the impact of virtualisation/partitioning technologies on Oracle licence assessments. Alin worked within Oracle’s Licence Management Services department for several years and now works in ITAMS’ technical team.
As the need for optimisation grows along with the cost of technical requirements, it seems that most companies choose to use virtualisation/partitioning technologies on their infrastructure, often without considering licensing implications and rules that may impact upon their environment.
Having worked for over three years within Oracle’s Licence Management Services department, Alin observed that key compliance issues were mostly centred on virtual environments. After taking a closer look at Oracle licensing rules, virtualisation and partitioning technologies were being split into two major categories:
- Hard Partitioning: Technologies that enforces the binding of resources and limits them to a virtual machine. (LPAR, vPar, nPar, Solaris containers, etc.)
- Soft Partitioning: Technologies (like VMware) where the virtual machine resources are flexible, covering the needs of each VM. Oracle VM: A “Soft” Partitioning technology behaviour that has a “special” licensing treatment from Oracle, so when the proper settings are made it is considered to be a “Hard” Partitioning technology.
Here are some tips from Alin:
- Try avoid using Oracle products inside a VMWare cluster. Even if you’re using a single product on a single virtual machine of that cluster, Oracle doesn’t recognise VMware so you’ll end up having to licence every single physical machine that is part of that cluster.
- If there’s no alternative and you need Oracle in a VMWare Cluster, try to avoid using Oracle in a multi-VMWare cluster-linked environment or at least try to limit the vMotion option where possible. Having the vMotion option enabled in such an environment could put you in an adverse non-compliance situation. I recently saw a case where a customer had four VMware clusters in separate locations and only a few Oracle products running on a few servers that were part of a single cluster. Oracle asked the customer to licence all four clusters just because vMotion was enabled.
- If you have a VMWare Cluster where Oracle is running, another alternative would be to have a separate “Oracle Cluster” where you could move the physical machines with Oracle to.
- Beware, of using SAN disks with Oracle products installed on them and especially in a Virtual environment, as everything that has access to a SAN disk must be licenced. So for example if you have a VMWare cluster that has access to that SAN disk, the entire cluster must be licenced for all the products that are installed on it.
“I do believe that it’s every company’s right to protect against licence non-compliance scenarios and even though Oracle licensing rules have many aspects and particularities, I would recommend at least, to consider the following in regards to Soft Partitioning, especially with VMware:
While setting up the technical architecture for Oracle products, a thought should go to Oracle VM as an alternative to VMWare or even to Hard Partitioning technologies where possible. Even if Oracle VM is pretty similar to VMWare re: partitioning concept (as it’s Xen based), being owned by Oracle gives them more control over the product, so they are way more permissive with it in terms of licensing, especially with the “binding settings” that somehow limits the resources allocated to a Virtual Machine.”
A sneak peek into Oracle’s auditing process.
Ever wondered why you’re being targeted by Oracle for an audit and what makes you an easy target?
You may have recently received an e-mail saying “You’ve been “randomly” selected by Oracle to perform a review of your Oracle estate. The Oracle License Management department is here to assist you?”
ITAMS’ consultant Madalina (ex-Oracle LMS consultant), provides an interesting insight into why you may be targeted, what you should watch out for and why you should keep a close eye on your Oracle estate.
“The reason why end users should be particularly cautious about how they manage their Oracle estate is mostly because Oracle does not sell licenses with a utilisation key but rather allows companies to deploy the software according to their business needs. Therefore, you could for instance buy 10,000 employee user licenses of “Identity and Access Management Suite (IDM)”, but as your business expands and you employ another 2,000 people, they too can utilize the software from day one.
If you have processes and tools in place to periodically check your license position, then you’re on the safe side as you will be well aware of the necessity to place a new order for an additional 2,000 employee user licenses of IDM; if not you will be left exposed to a compliance gap of 2,000 licenses in the eventuality of an audit.
In order for you to avoid being the lucky winner of one of these e-mails, here is what you should know about Oracle Audits…
An Oracle audit is typically conducted by the Oracle License Management Services (LMS) department. They start from 2 main initiatives.
The first and most common one is the LMS department conducting its own risk analysis. On a yearly basis, LMS will run a selection of their Install Base (the Oracle license repository of all customers) and make a selection of customers identified as presenting a high risk. The high risk profile is based on a variety of factors:
- The size and performance of your company, as well as industry trends and future projections. This means that the more profitable you are as a company, the more exposed you are to a threat of a software audit.
- The time elapsed since the last purchase plays a big part in this risk analysis because, depending on the evolution of the company, not having purchased software for a period of more than 3 years, can tell Oracle it’s high time you did!
- Oracle also scans for things like older metrics that are no longer in their price list because then, there is a high probability that you have to migrate your licenses, which, in most circumstances, means an additional cost for your company.
- Decommissioned products might also be an alarm signal. Let’s suppose you’re under an enterprise type agreement that locks you under a requirement to license all your users under a certain product and 3 years ago you purchased 10,000 user licenses of product “x” which is now decommissioned and replaced by product “y”. Currently the requirement is that you buy 2,000 more user licenses but because the initial product is no longer available, in addition you will also be required to migrate all your 10,000 existing licenses to the new product.
The second initiative for starting an Oracle audit may be identified by the Sales Account Manager who might identify a lead after spotting a risk factor with a particular customer. He may hear of a customer deploying VMWare or who is deploying software in an environment for which they may have not bought licenses, or a merger/acquisition in place which might leave the customer exposed. The Account Manager would then come to LMS and ask them to contact the customer regarding its licensing position.
In either case – by itself or together with the Account Manager, LMS performs a risk assessment and decides which customers should be targeted. In case the lead is not originally identified by sales, the LMS department will notify sales about their intention to begin conducting an auditing process. This happens because any potential opportunity that may be the result of the LMS review would need to be translated into an order by sales and because this is an engagement that requires a good communication plan with coordinated effort to maintain a commercially-driven relationship with the customer.
The process is then initiated by LMS sending an introductory letter to the customer that reveals their intention for conducting a ‘license review’ process. A soft approach that Oracle is trying to position for most of its audits. The legal framework for conducting the audit is provided by the audit clause found in the OLSA (Oracle License Software Agreement), which in general terms states that within a number of days’ written notice (usually 45 days), Oracle might audit the customer’s software use.
In addition to the LMS department and in countries where the SAM market is more developed (the UK in particular), there is often a dedicated sales organization (Compliance Optimization License Sales (COLS)). This is a sales-driven department which seeks to get a better understanding of the customer’s deployment, often finding any potential compliance issues they can commercially resolve without waiting until a full audit of three to six months to take place.
Coming from the auditing world and only having placed myself recently into better shoes, I thought it would only be fair that customers know what they should watch out for and why they should keep a close eye on their license estate.
So don’t walk around with a target on your back, make sure you have the bull by the horns! ;)”