Oracle audits : recommandations for CIOs

In a interesting document, Cerno, an independant company focused on reducing software license costs, provides some simple advices for CIOs concerned by audits from Oracle. The authors argue that « Oracle’s audit rights are weak and ambiguous. And they do not give Oracle the rights they and CIOs all assume. »

They conclude that « the opacity and ambiguity of licensing rules, the incorporation of multiple applications and packs when downloading a base program, and ever-shifting technical possibilities means that full compliance is rarely easy even for the most diligent and committed organisation. »

  1. Oracle has no right to enter your company’s premises.
  2. Oracle’s requested scripts or tools are not mandatory.
  3. The audit is only against use of the programs – not your IT infrastructure.
  4. The word “audit” means a checking or inspection of existing records – not an investigation from scratch.
  5. You need to give reasonable assistance – not every assistance.
  6. Oracle’s audit rights do not extend to licence reviews by third parties.
  7. Lack of co-operation by the business in giving immediate access does not result in a court order.
  8. Confidentiality undertakings may be needed from Oracle.

Link : http://cerno-ps.com/wp-content/uploads/2016/10/Cerno-Report-2016.pdf