Technology vendors of all sizes, including Oracle, have amassed an army of auditors whose job it is to analyze their customer’s spend and usage, identify high-risk targets, and audit them to gain maximum leverage and generate maximum revenue. The crux of this dynamic is that the software/cloud vendor is the ultimate arbiter of your compliance position. If they say you are out of compliance, then you must be out of compliance. On one level that makes sense. It is their IP, so who is in a better position to determine compliance but the vendor? The reality, however, is much different. Oracle LMS auditors (or anyone else in Oracle) do NOT have the final say to whether you are in compliance. Once we break down that tenant of how Oracle audits, then their entire LMS audit infrastructure comes crumbling down.
First, let’s say what the Oracle LMS audit team can do. Oracle LMS can simply give you their OPINION on whether or not you are in compliance. Their word is not the final word and you are not in a position of total supplication, even after you get the “final report” from Oracle LMS. In fact, the final report is just the next point in the negotiation process with Oracle or any other vendor.
The reason Oracle LMS can only give you their opinion is because software compliance is a contractual issue, not necessarily a technical issue. Granted, the circumstances surrounding your compliance have technical underpinnings, but your use of the software is based on your contracts with the vendor. Your Oracle contracts don’t say that if Oracle audits you, their position is final. In fact, if Oracle audits you, and you disagree with Oracle, then you either negotiate a resolution, or in very extreme cases you go to court and let a jury or judge decide. You see, the ultimate arbiter of your compliance position is the arbiter outlined in your contracts. Your Oracle contracts most certainly have a provision on where and how disputes will be adjudicated. Do any of your contracts say that Oracle LMS’s word is final? I’m sure they do not.
Now I’ve heard Oracle LMS state that only LMS can tell you if you are in compliance. My response is always the same: if LMS’s position were true, then if you went to court, Oracle LMS would present their case and the judge would immediately grant a judgement in Oracle’s favor because Oracle LMS is the decider. We all know that’s not what would happen. If you go to court, both sides present their case, the judge or jury looks at the contract and other evidence, and the jury decides. As you can see, the judge/jury/or arbiter is the final decider on your compliance position. Case closed.
Going to court is an extreme case. At Palisade, we’ve been in business 7 years and have approximately 300 clients all around the world, many of them have been audited by Oracle. Only one of our clients has gone to court with Oracle. That was Mars and you can read what happened here.
No one wants to take a software compliance problem to court. It costs a ton of money and distracts you from your core business. Sometimes, however, avoiding the courtroom may mean reminding Oracle LMS you know what they can do and what they can’t do. One thing they can’t do is have the final say on your compliance. In fact, I would argue that you as the user of the software are in a much better position than Oracle LMS to determine if you are in compliance or not.
If you are being audited by Oracle, or if Oracle is employing one of their stealth audits or just threatening an audit, make sure you let Oracle LMS know what they can do and what they can’t do before the audit gets going. For more information on how Palisade compliance can help you with your Oracle compliance challenges, please contact us.
Thank you for your time today and good luck with Oracle!