In a interesting document, Cerno, an independant company focused on reducing software license costs, provides some simple advices for CIOs concerned by audits from Oracle. The authors argue that « Oracle’s audit rights are weak and ambiguous. And they do not give Oracle the rights they and CIOs all assume. »
They conclude that « the opacity and ambiguity of licensing rules, the incorporation of multiple applications and packs when downloading a base program, and ever-shifting technical possibilities means that full compliance is rarely easy even for the most diligent and committed organisation. »
- Oracle has no right to enter your company’s premises.
- Oracle’s requested scripts or tools are not mandatory.
- The audit is only against use of the programs – not your IT infrastructure.
- The word “audit” means a checking or inspection of existing records – not an investigation from scratch.
- You need to give reasonable assistance – not every assistance.
- Oracle’s audit rights do not extend to licence reviews by third parties.
- Lack of co-operation by the business in giving immediate access does not result in a court order.
- Confidentiality undertakings may be needed from Oracle.
Link : http://cerno-ps.com/wp-content/uploads/2016/10/Cerno-Report-2016.pdf