Voted Best Answer
Jan 27, 2016 - 11:51 PM
A few points.
1. I don't think any SAM, Oracle or Licensing professional will be surprised at the initial aggressive behavior shown by Oracle. They are notorious for auditing customers and in a rough, aggressive manner.
2. Mars went above and beyond in trying to provide the data (and more data that wasn't ask for!) to Oracle. Point 15 and 16 state that Mars did provide the required data, and that they did not breach any of the terms within the Oracle agreement regarding audits. Mars (and all organizations) clearly state that they would assist Oracle conduct such an audit, but it could not disrupt business operations. Fair request given the size and popularity of the brand.
3. The scope of any audit should be clearly defined before audit takes place - something Mars thought had happened until Oracle continually requested information outside of the audit scope (remember, Mars took the proactive approach and provided Oracle with over 200,000 pages worth of documentation and data). I love the comment of 'Oracle stated if this information is not provided, Oracle will escalate this to Oracle Legal'. Hold on a second - Mars have already provided more information than required (as set out in the audit scope), so on what basis can Oracle escalate this to their legal department?
I think that Mars conducted themselves in a very good manner and provided professional and helpful responses at all times. It would appear that Oracle confused themselves and conducted the 'review' with the mentality of 'get anything you can out of them'. This seems like a silly move to do with such a reputable brand and someone who no-doubt spends an awful lot of money with them. Surely the trust and relationship between Mars and Oracle has been severely damaged. The ITAM Review comment is exactly right - vmWare should be helping customers in this type of situation. Instead Mars were basically 'flying solo' against an aggressive vendor.
To avoid this happening in the future, there should be some sort of legal bounding (if possible) specifying what the scope of the audit is, what data is required and also associated time-frames. If there are third party applications (in this case, vmWare) then I would suggest the organization gets them involved to help fight their corner.
Makes me angry how vendors adopt this aggressive audit approach. I know this is a comment that may not be ‘real life’, but they should treat customers with respect and provide as much support (even in an audit) as possible. Without customers there wouldn’t be a software vendor in the first place!