How long does a compliance assessment take?

A focused single-vendor assessment typically runs 3–4 weeks. A multi-vendor estate assessment runs 6–10 weeks. We deliver an interim exposure read at the halfway point so you can act on critical findings without waiting for the final report.

Will you trigger an audit by assessing us?

No. We work entirely from your internal data — deployment logs, contract documents, purchase records — and never contact vendors during an assessment. Our work is invisible to vendor licensing teams.

What does an assessment actually deliver?

A quantified exposure register by vendor and product; a prioritised remediation plan with cost estimates; a benchmark against comparable enterprises in our database; and a negotiation-leverage memo for upcoming renewals or audit risk windows.

Do we need SAM tools to engage you?

No. SAM tooling helps but is not required. We use your existing inventory, AD exports, vCenter and cloud telemetry, and contract data. If SAM data exists, we incorporate it; if not, we extract what we need ourselves.

How do you bill for compliance assessments?

Fixed-fee, by vendor scope and estate size. No contingency on findings, no resale commissions, no upsell. The fee is disclosed up front in the engagement letter — see /pricing/ for indicative ranges.

Service 01 · Compliance Assessment

Find your exposure before vendors do.

A structured, vendor-by-vendor review of your software estate. We quantify compliance gaps, model financial exposure under each vendor's audit playbook, and hand you a remediation plan you can act on before a Notice of Audit letter lands.

What it covers

A complete map of your software risk.

Contract inventory

Every active agreement, schedule, amendment, and order form for Oracle, Microsoft, SAP, IBM, Salesforce, Adobe, ServiceNow, Cisco, and your remaining estate. Normalised, cross-referenced, gap-checked.

Deployment reconciliation

Reconcile entitlements against actual deployment — Active Directory exports, vCenter inventory, cloud telemetry, database surveys, named-user counts. The places vendors look during an audit.

Metric exposure model

For every product, model exposure under the vendor's current licensing metrics: Oracle Processor and Employee metrics, Microsoft per-user and per-device, SAP Digital Access documents, IBM PVU and RVU.

Remediation plan

Prioritised list of actions: where to reduce, where to true-up early, where to rearchitect deployment to fall under a cheaper metric, where to negotiate a one-time waiver before renewal.

Negotiation leverage memo

The single most valuable artefact: a confidential briefing on where the vendor will pressure-test you, what walk-aways are credible, and which clauses to fight before signing the next renewal.

Why buyers engage us

Four reasons internal teams can't do this alone.

Former vendor auditors

Our compliance leads include former senior licensing executives from Oracle LMS, Microsoft SAM, and SAP GLAS. They wrote the playbooks they now defend you against.

Cross-vendor benchmarking

In our experience across 340+ engagements, we know what comparable enterprises pay, what audits they survived, and which clauses peers have already broken open at the negotiation table.

Buyer-side only

We do not resell software, take referral fees, or partner commercially with any vendor. The number on your invoice from us is the total cost of the engagement.

Audit-defensible work product

Every finding is documented, sourced, and defensible. When vendors arrive with their own counts, our register holds up under direct challenge.

Inline · talk to a senior advisor