Audit Rights - Consider the changes Oracle made

Last April, Oracle included a revised Audit Clause into their standard OMA (Oracle Master Agreement) and Order Docs.

TIP #10 October 2019: Oracle changes their Audit Clause - What are the consequences for ITAM in your organisation?

For the first time in decades, Oracle LMS (nowadays, a part of the Global License Advisory Services – GLAS – Department, together with SIA) made a change to this clause. The implications of these changes really need to be considered. 

What are the actual changes, in Wording?

“….your use of the Programs is in compliance with the terms of the applicable order and the Master Agreement.”

  1. “Such assistance shall include, but shall not be limited to, the running of Oracle data measurement tools on Your servers and providing the resulting data to Oracle.”
  2. "The performance of the audit and non-public data obtained during the audit (including findings or reports that result from the audit) shall be subject to the provisions of section 8 (Nondisclosure) of the General Terms.”

Let’s take a further quick look at the changes:

  • Oracle wants to emphasise the importance of a good contractual overview of all contractual documents and their ‘Order of Precedence’. Terms and Conditions can differ within the separate documents, and different OMA’s/OLSA’s can apply per document. Always keep the precedence in mind. A possible backdoor though: new terms/clauses may only apply for new purchases, giving you the opportunity to be creative in applying licenses to different environments/servers.
  • Running measurement tools still is a rather vague definition. Oracle refers to their own tools like the LMS Collection Tool, OSW and OEM, as well as the Verified Third-Party Tool Vendors (e.g. Aspera, Flexera and others). Besides that, we think it’s also reasonable that Oracle accepts the output of in-house developed Oracle-data-collecting Tooling. As this option is not excluded nor the limited definition of tooling is specified.
  • Oracle wants to prohibit that the audited customer will enforce a specific Audit-NDA, by applying the standard contractual NDA. It still is better agreeing a specific Audit-NDA as well, also containing clauses that prohibit LMS to share the provided/retrieved information within Oracle (e.g. with Sales). Adding a specific NDA, does not need to conflict with the content of the standard NDA, but does add and specify the terms.