The Challenge

The client — a Tier 1 supplier of precision automotive components with approximately 6,200 employees across eight North American facilities — had been running Oracle Database Enterprise Edition for over a decade, licensed on a Named User Plus (NUP) basis under a long-standing Oracle License and Services Agreement (OLSA). Their Oracle estate underpinned ERP, financial reporting, production scheduling, and supply chain management.

Over six years, internal IT teams and outside system integrators had built an extensive integration ecosystem connecting Oracle Database to manufacturing execution systems (MES), a customer-facing OEM order portal, logistics platforms, and a supplier quality management application — without engaging Oracle licensing specialists during the build phase.

The Audit Letter

Oracle LMS issued a formal audit notification identifying 38 integration points between the Oracle environment and non-Oracle applications, asserting that each represented indirect usage by users and systems that Oracle maintained were unlicensed. Oracle's claim totalled $3.4M — broken down as $2.1M in alleged NUP shortfalls and $1.3M in backdated Oracle Software Support and Maintenance (OSSM) at 22% over three years. The company's VP of IT Infrastructure engaged Redress Compliance within three days of receipt.

"Oracle's audit team presented a figure of $3.4M as though it were a settled fact. In our experience, the initial claim is a negotiating anchor, not a compliance verdict. The question is always whether the architecture and the contract language support the assertion — and in this case, they did not."

Oracle's indirect usage model holds that any person, device, or automated process that accesses an Oracle database — regardless of whether they interact with Oracle software directly — requires a Named User Plus licence. For a manufacturer with dozens of production systems feeding a central Oracle environment, this creates significant theoretical exposure. The critical question is not whether indirect access exists, but whether existing contract terms and licence counts already accommodate that access — a distinction Oracle's audit correspondence routinely obscures.

Received an Oracle audit letter citing indirect usage?

Redress Compliance has defended 60+ Oracle indirect usage claims. The initial figure is rarely the final one.
Request Audit Support →

The Approach

Step 1: Establishing the Effective Licence Position

Redress Compliance conducted an independent Effective Licence Position (ELP) analysis — a structured inventory of all Oracle entitlements under the OLSA matched against actual deployment — before engaging Oracle's LMS team. The ELP revealed that the client held Processor-metric licences for specific database nodes used in batch and integration processing, in addition to the NUP pool Oracle had cited. Oracle's claim had been constructed entirely on the NUP licences, ignoring Processor-licensed nodes that carry no minimum-user restrictions and cover all access — direct or indirect — to the licensed processor capacity.

Step 2: Integration Architecture Mapping

Redress Compliance engaged the client's enterprise architecture team to document all 38 flagged integrations, capturing data flow direction, trigger mechanism, originating user or system identity, and the Oracle database node involved. The three-week mapping exercise produced a complete integration dependency register. Of the 38 integrations Oracle had cited:

  • 22 integrations ran exclusively on Processor-licensed Oracle database nodes, where indirect access is inherently covered regardless of user count or origin.
  • 11 integrations involved NUP-licensed nodes but operated as scheduled batch processes executing under service accounts whose Named User entitlements had been correctly counted and registered in the existing licence agreement.
  • 5 integrations connected to NUP-licensed nodes via a third-party middleware platform. Redress Compliance reviewed the data flow logs and demonstrated that the transaction volume mapped to a subset of already-licensed named users rather than to any additional population.

None of the 38 integrations involved Oracle database access that fell outside the scope of existing licensed entitlements.

Step 3: Rebuttal and LMS Engagement

Redress Compliance prepared a formal written rebuttal addressing each of Oracle's 38 findings individually, citing the specific licence metric, node assignment, and contractual entitlement that covered the usage. Where Oracle had characterised access as unlicensed, the rebuttal identified the specific OLSA clause and licence order form entry that authorised it.

Redress Compliance also challenged Oracle's user-count methodology. Oracle's LMS team had assumed all external-facing integrations were accessed by the full user population of each connected system — in one case projecting 1,400 OEM customer portal users as requiring individual Oracle NUP licences. Application-layer logs and portal authentication records demonstrated that the portal queries were executed by a single service account operating under an existing NUP licence. Redress Compliance managed all direct communication with Oracle's LMS team, preventing scope expansion and ensuring every Oracle data request was responded to in writing with rights formally reserved. Oracle withdrew the $3.4M claim in full at week 14. No licence purchases were required.

The Outcome

Full Dismissal of the $3.4M Claim

Oracle formally withdrew all 38 indirect usage findings and confirmed in writing that no compliance gap existed in the client's Oracle estate as it related to the audit notification. The client incurred no additional licence costs, no backdated support charges, and no contractual amendments were required. The total saving against Oracle's initial claim was $3.4M.

Remediation of Genuine Architecture Risk

The integration mapping exercise also identified two areas where the client's future plans — specifically a planned migration of two NUP-licensed database nodes to virtualised infrastructure — would have created legitimate indirect usage exposure if not structured correctly. Redress Compliance provided written guidance on the licensing architecture required to maintain compliance post-migration, including the recommended licence metric conversion for those nodes before the virtualisation project commenced. Addressing these proactively avoided what Redress Compliance estimated at a further $480,000 in potential future audit exposure.

Audit-Ready Documentation Framework

As a deliverable from the engagement, Redress Compliance produced a reusable Oracle integration licence register for the client — a structured document recording the licence metric, authorised use, and access pattern for every Oracle integration point across the estate. This register is designed to be updated as new integrations are commissioned and provides the evidential basis for any future Oracle audit response without the need to reconstruct the architecture analysis from scratch.

"The $3.4M figure Oracle put in front of us was intended to create urgency and compliance anxiety. Having Redress Compliance methodically dismantle that figure, integration by integration, was a significant relief — and the audit-readiness work they left behind means we are in a much stronger position if Oracle returns."

— VP of IT Infrastructure, Automotive Components Manufacturer, Michigan

Oracle Audit Defence Resources

Access Redress Compliance's Oracle audit defence toolkit — covering indirect usage, Java licensing, and virtualisation compliance — available free from the Oracle Knowledge Hub.

Visit Oracle Knowledge Hub →