Your Progress: 0/35 (0%)0%
Software Asset Inventory
▼
Deploy automated software discovery across all environments Critical
Manual inventories are always incomplete. Automated discovery is the foundation of audit readiness.
Cover on-premise, cloud IaaS, and SaaS deployments Important
Modern audits cover all deployment models. Ensure discovery spans your entire estate.
Identify all installations including development, test, and DR
Non-production environments require licensing. Forgotten dev/test installations are common audit findings.
Detect and document shadow IT installations
Users installing unauthorised software create compliance gaps. Implement discovery that catches this.
Maintain a current Configuration Management Database (CMDB)
Your CMDB should be the authoritative source for all hardware and software. Audit it regularly for accuracy.
Track virtualisation host-to-guest mappings Important
Virtualisation licensing depends on knowing which VMs run on which physical hosts. This mapping must be current.
Entitlement Management
▼
Compile all licence agreements, order forms, and certificates Critical
Missing entitlement documentation is treated as unlicensed software by auditors.
Build Effective Licence Position (ELP) for each major vendor Critical
Reconcile deployments against entitlements for Oracle, Microsoft, SAP, IBM, and any other auditable vendors.
Document downgrade and cross-edition rights
Many licences include rights to use older versions or lower editions. Document these to maximise entitlement coverage.
Track Software Assurance and maintenance renewal status Important
Expired SA/maintenance affects upgrade rights, mobility rights, and virtualisation benefits.
Reconcile cloud subscriptions against actual usage
Cloud licences (M365, AWS, Azure) can also be over or under-provisioned. Include in your ELP.
Store all entitlement records in a centralised, accessible location
During an audit, you need to produce records quickly. Scattered records across email and file shares are a risk.
Virtualisation and Cloud Compliance
▼
Document your virtualisation licensing strategy per vendor Critical
Oracle, Microsoft, SAP, and IBM each have different virtualisation rules. Document your approach for each.
Verify Oracle licensing in VMware environments Critical
Oracle does not recognise VMware as a hard partition. All hosts in a cluster may be in scope.
Validate Microsoft Windows Server and SQL virtual machine licensing Important
Datacenter vs Standard, core assignments, and mobility rights all affect compliance.
Check IBM ILMT coverage for all virtualised IBM deployments
IBM sub-capacity rights require ILMT. Any gap means full-capacity licensing.
Audit BYOL (Bring Your Own Licence) in AWS, Azure, and GCP
Cloud BYOL has specific rules per vendor. Verify compliance with each vendor licence terms.
Document container and Kubernetes licensing exposure Important
Container licensing is rapidly evolving. Map which vendor products run in containers and verify licensing.
Audit Defence Preparation
▼
Create a documented audit response plan Critical
Define: who responds, communication protocols, data sharing rules, and escalation paths.
Designate an audit response lead for each major vendor
Each vendor audit requires different expertise. Pre-assign leads.
Retain independent licensing advisory on standby Important
Having an advisor identified and briefed before an audit arrives saves critical time.
Brief legal counsel on software audit rights and obligations
Legal should understand your contractual audit obligations BEFORE a letter arrives.
Prepare template responses for audit notifications
Pre-drafted responses ensure you do not accidentally waive rights or grant excessive access.
Conduct annual mock audits for your highest-risk vendors Recommended
Practice audits identify gaps and test your response plan.
Governance and Controls
▼
Implement software installation approval workflows Important
Prevent uncontrolled installations that create compliance gaps.
Automate licence reclamation for departed employees
Integrate HR systems with software management for automatic deprovisioning.
Establish a quarterly licence compliance review cycle Important
Regular reviews prevent gaps from accumulating between audits.
Track all vendor contract renewal dates and audit windows
Calendar every critical date. Set alerts 12-18 months before renewals.
Maintain a vendor audit history log
Document every past audit: findings, resolution, cost, and lessons learned.
Vendor-Specific Readiness Checks
▼
Oracle: Verify all database options/packs are correctly licensed Critical
The #1 Oracle audit finding. Check Diagnostics, Tuning, Partitioning, RAC, and Advanced Security.
Microsoft: Validate SQL Server core licensing and Windows Server editions Critical
The #1 Microsoft audit finding areas.
SAP: Review Named User type classifications Important
Misclassified user types are the primary SAP audit finding.
IBM: Confirm ILMT is deployed, reporting, and retaining data Critical
Without ILMT, IBM defaults to full-capacity licensing at 5-10x cost.
Broadcom/VMware: Verify per-core licensing calculations Important
Post-Broadcom per-core licensing catches many organisations off guard.
Salesforce/ServiceNow: Audit fulfiller vs requester classifications
Misclassified users on higher-cost licence types is a growing finding.
Get Your Personalised Report
Enter your details to unlock your customised audit readiness report with recommendations based on your checklist results.
Unlocked! Your report is ready below.
A Redress Compliance advisor will follow up with personalised guidance based on your results.