Top Findings in an Oracle Software Audit: Re-Cap

Top Findings in an Oracle Software Audit: Re-Cap

Updated: Mar 26

Oracle is among the most active auditors in the software sector. These are most frequent areas for noncompliance findings:

  • Running Oracle on VMWare: When machines become virtualized, they often change servers, and this makes it complicated to count licenses. Oracle requires licenses for all machines their software could be used on. To avoid this “gotcha,” use something other than VMWare.

  • Contract Restrictions: Using Oracle on the cloud. Unlimited License Agreements (ULA) do not apply to Oracle used on a public cloud, only on Oracle’s cloud. o Web Logic restrictions. The agreement regarding this product says “unlimited” at the beginning, then later in the contract, specifies certain restrictions.o On the day your unlimited deployment period ends, your licenses will become fixed and limited. o Different rules apply when you leave a ULA. Auditors will count all products installed, for example, not just those running.

  • Names User Plus (NUP) Challenges: Mutiplexing, pooling, connections. People often make the mistake of licensing only the database administrator. According to Oracle, everyone who can access the Oracle product needs an individual license.o Minimum requirements. For some products, Oracle requires a minimum number of 25 licenses per processor; for other products, they have different minimums. o Active vs. authorized use. Oracle (like many other software vendors) requires licenses for anybody in the organization who could use the software, whether they use it or not.

  • Disaster Recovery: Many people assume that disaster recovery activity is free, but it is not.

  • Non-production: It does not matter in which environment the Oracle product is being used; you need licenses for all.

  • Options and Packs: These include add-on licenses to the database, which are often difficult to understand. Some are even installed by default.

The ClearEdge compliance practice is comprised of former professional auditors. We help a lot of our clients conduct self-audits to figure out how they want to handle renewals, or where they may be exposed prior to an official audit. To learn more about our audit preparation and defense services, please contact your ClearEdge representative.


Click here to view our webinar recording.