Oracle runs compliance engagements through two distinct teams — Licence Management Services (LMS) and Global Licensing and Advisory Services (GLAS) — with different triggers, different methodologies, and different commercial agendas. Treating a GLAS "health check" the same as an LMS audit letter is one of the most consistent mistakes enterprises make. Understanding which team you are dealing with, why they have engaged, and what their playbook is — before you respond — determines how the engagement unfolds.
Oracle's licence compliance programme has evolved significantly over the past decade. What was once a single audit function has bifurcated into two distinct organisational units with different reporting lines, different success metrics, and different tools for engaging customers. Both teams ultimately serve the same purpose — identifying compliance gaps and converting them into Oracle revenue — but they operate through fundamentally different mechanisms and create different types of commercial pressure.
Understanding the organisational context helps explain the behaviour. Oracle LMS is part of Oracle's global compliance enforcement function. Its primary metric is compliance claim recovery — the dollar value of back-licence and remediation licences it generates through formal audit processes. LMS teams operate independently of Oracle's account teams and are measured on audit outcomes, not customer relationship health. They are, by design, adversarial.
Oracle GLAS sits within Oracle's sales organisation — specifically within the licensing and technology business development function. GLAS teams are closely connected to Oracle's account teams and are measured on commercial outcomes: licence revenue generated, cloud migrations facilitated, EA and ULA renewals closed. GLAS frames its engagement as advisory — "we're here to help you manage your Oracle estate" — but the intelligence it gathers and the findings it produces serve the same commercial function as an LMS audit finding. The Oracle Audit Guide covers both engagement types in the broader context of Oracle's compliance programme.
Oracle Licence Management Services is Oracle's formal audit function. LMS engagements are initiated under the audit clause in your Oracle Master Agreement — the clause that gives Oracle the contractual right to audit your software usage, typically once per year with 30 to 45 days' notice. When LMS engages, it typically sends a formal letter to the customer's legal entity citing the contract audit clause, requesting cooperation with a measurement process, and specifying an initial scope of products and time period to be reviewed.
LMS audits use Oracle's proprietary measurement scripts — the Collection of License Metrics (CLM) scripts, formerly known as LMS scripts — to gather deployment data from your Oracle Database, middleware, and application instances. These scripts collect processor counts, installation records, feature usage data, and instance metadata that Oracle uses to calculate your licence compliance position. The LMS audit scripts guide covers what the scripts measure, what they can and cannot detect, and how to prepare for the measurement process.
LMS audits have defined phases: notification, scoping, measurement, analysis, findings presentation, and settlement negotiation. Each phase has defined timescales in Oracle's standard audit methodology, though Oracle frequently extends or contracts these timescales based on commercial considerations. The formal LMS audit process gives the customer more procedural rights than a GLAS engagement — the contract audit clause defines the scope and frequency of Oracle's measurement right, creating legal constraints on what Oracle can demand.
LMS teams do not make commercial proposals. Their output is a compliance gap statement and a back-licence claim. The commercial resolution — how you purchase the required licences, whether at list price or discounted, whether as a standalone transaction or as part of an EA restructure — is handled by the Oracle account team and sales organisation after LMS has established the compliance position. This separation means that pushing back on LMS's technical findings and negotiating the commercial outcome are two distinct processes, and both require independent advisory support. See the Oracle Audit Negotiation article for the commercial settlement process.
The first 48 hours matter. Our audit defence team responds to LMS notifications every week — scoping the engagement, reviewing your contract audit clause, and establishing the boundaries before Oracle's measurement begins. See also: How to Respond to an Oracle LMS Audit Letter.
Oracle Global Licensing and Advisory Services presents itself as a consultative service rather than an audit function. GLAS engagements typically begin with an offer from your Oracle account team — "our GLAS team can help you understand your licence position" or "we can do a complimentary health check to make sure you're compliant" — rather than a formal audit notification citing contract audit rights. This positioning is deliberate. GLAS is designed to feel like Oracle is helping you, rather than auditing you.
In practice, a GLAS health check is a measurement exercise with the same fundamental objective as an LMS audit — identifying compliance gaps that can be converted into licence sales. The primary difference is the mechanism: GLAS operates through customer cooperation rather than contractual compulsion. GLAS teams ask customers to provide the same data that LMS scripts would collect — deployment inventories, USMM outputs, Java installation records, cloud usage data — by framing the request as part of an advisory review rather than a formal audit.
The commercial integration of GLAS distinguishes it sharply from LMS. While LMS produces a gap statement and hands it to the sales team, GLAS produces both the gap statement and the commercial proposal simultaneously. A GLAS engagement that identifies compliance exposure typically concludes with Oracle proposing a package deal — a combination of remediation licences, support restructuring, and (increasingly) an OCI cloud commitment — presented as the "solution" to the compliance issue the GLAS team has identified. Oracle's account team and GLAS team work together throughout the engagement, which means the commercial pressure is applied throughout the process rather than only at settlement.
GLAS also conducts proactive Oracle ULA advisory engagements — advising customers approaching ULA certification dates, reviewing deployment counts, and preparing certification documentation. In these engagements, the GLAS team's analysis of your deployment count serves Oracle's interests in establishing a high certification baseline, not your interest in certifying at the accurate count. Independent ULA certification advisory — using the ULA advisory service — is essential before any GLAS involvement in your certification process.
GLAS "health checks" are not advisory services. Every piece of deployment data you share with a GLAS team is used to build Oracle's compliance picture of your environment. A GLAS engagement that begins as a "health check" can convert into a formal LMS referral if Oracle identifies significant exposure and the commercial resolution stalls. Do not share USMM outputs, deployment inventories, or licence entitlement data with GLAS teams without independent legal and advisory review.
Oracle LMS audits are not random. Oracle's LMS teams use trigger criteria to identify customers likely to have compliance exposure — and prioritise those customers for formal audit engagement. Common LMS audit triggers include: previous audit history showing compliance gaps, large and complex Oracle deployments in VMware or multi-cloud environments, customers approaching EA or ULA renewal dates with large deployments, M&A events that create unclear licence scope across merged entities, and intelligence from Oracle's own account data about deployment expansion that may not be covered by current licences.
Oracle GLAS engagements are typically triggered by commercial opportunity rather than compliance concern. GLAS teams are deployed when the Oracle account team believes a customer has either a significant compliance gap that creates commercial opportunity or an upcoming renewal where licence restructuring could increase Oracle's revenue. GLAS engagements are also common around cloud migration discussions — when Oracle's account team identifies that a customer is moving workloads to AWS or Azure, GLAS provides the compliance analysis that creates pressure to commit to OCI instead.
Both teams are also triggered by the same event: a customer's Oracle estate growing significantly faster than their licence position, which Oracle's data analytics function — Oracle's internal licence use analysis — can identify from customer support registration, patch download activity, and CSI usage patterns. Oracle has substantial visibility into its customers' deployment patterns through these data sources, and uses that intelligence to prioritise both LMS and GLAS deployment. The Oracle Audit Risk Scoring guide covers these triggers in more detail.
The M&A trigger warrants particular attention. When an enterprise acquires a company that has Oracle software, or when a business unit is divested, the resulting licence scope question is almost always unclear — and both LMS and GLAS are routinely deployed to Oracle customers going through M&A precisely because the compliance position is ambiguous and Oracle can expand its claim under the ambiguity. The Oracle Audit After M&A article covers the specific risks in detail.
An LMS audit notification letter is a formal legal communication citing your Oracle Master Agreement's audit clause. Your first response should not be a phone call to your Oracle account manager — it should be an immediate internal review of the audit clause language in your specific contract, followed by engagement with independent Oracle licensing advisors before you communicate anything back to Oracle. The first 48 hours determine much of what is possible later in the process.
The critical first actions are: reviewing the audit clause for frequency limitations (most Oracle MAs permit one audit per year; if Oracle has audited within the past twelve months, the notification may be premature), reviewing the product and time scope specified in the letter against the audit clause scope language (Oracle frequently asserts broader scope than the contract permits), and identifying any supplementary agreements — side letters, Order Form terms, specific product schedules — that may contain provisions limiting Oracle's measurement methodology.
Once you have reviewed the contract, respond in writing to Oracle LMS — acknowledging receipt, confirming cooperation, and specifying your understanding of the audit scope. Do not share any deployment data, USMM outputs, or system inventories until you have independent analysis of what you are obligated to share and what scope Oracle's audit clause covers. The audit defence service manages this entire process — from the initial letter through measurement, findings, and settlement.
Complete playbook for both LMS and GLAS engagements — contract review, measurement defence, findings challenge, and settlement tactics. Free download from the white papers library.
The correct response to a GLAS health check offer is polite decline — at least until you have an independent compliance picture of your own. Accepting a GLAS health check without independent preparation gives Oracle's team visibility into your deployment environment without giving you any corresponding protection or benefit. The "advisory" framing of GLAS does not change the fact that every data point you share can and will be used to build Oracle's commercial position against you.
If a GLAS engagement is already under way, the priority is to limit data disclosure to what Oracle's measurement methodology technically requires, conduct a parallel independent analysis using the same data Oracle is reviewing, and ensure that all commercial proposals Oracle makes during the engagement are evaluated by advisors who understand Oracle's pricing and benchmarks — not by your account team, who have an incentive to close the commercial discussion quickly. Our contract negotiation service regularly engages in active GLAS situations where customers need independent assessment of the commercial proposals Oracle is presenting.
For customers who genuinely want to understand their Oracle compliance position — without Oracle's involvement — the independent compliance review service is the right mechanism. It uses the same measurement methodology as Oracle's LMS scripts but provides the results and gap analysis to you, not to Oracle. You control what Oracle sees and when. The healthcare case study — Healthcare: $6M Risk Eliminated — illustrates how an independent compliance review resolved a significant gap before GLAS engagement escalated to a formal LMS audit.
It is increasingly common for both LMS and GLAS to be active in a customer account at the same time — LMS conducting a formal audit while GLAS is simultaneously working with the account team on commercial proposals. This dual-track approach is not coincidental. Oracle uses it to create multiple pressure points: LMS drives the compliance claim, GLAS presents the commercial "solution," and the combined pressure is designed to accelerate settlement on Oracle's terms rather than the customer's.
When both teams are active, maintaining clear separation of the technical and commercial tracks is essential. Oracle's preferred outcome is for the customer to conflate the LMS audit settlement with the GLAS commercial proposal — accepting a larger licence purchase than the technical findings strictly require because the commercial terms look attractive in the context of a large audit claim. Independent advisors operating on both tracks simultaneously — challenging LMS's technical findings on the audit side while independently evaluating the commercial proposals on the GLAS side — prevent this conflation and ensure that each decision is made on its own merits.
The pharmaceutical GLAS case in our Oracle Audit War Stories article illustrates exactly this scenario: a GLAS "health check" that identified compliance exposure and simultaneously produced a $22M OCI cloud commitment proposal as the "solution." Independent analysis declined both the cloud commitment and Oracle's compliance framing, defending the customer's actual position without purchasing Oracle's proposed package. The full Oracle Audit Guide covers the dual-track scenario in the settlement negotiation section.
The complete playbook for both LMS formal audits and GLAS health checks — including response protocols, data disclosure guidelines, and commercial settlement frameworks.
Download Free White Paper →Weekly briefings on Oracle audit tactics, GLAS engagement patterns, and contract intelligence. Read by ITAM professionals and CIOs at global enterprises.
Oracle Licensing Experts Team — Former Oracle LMS auditors, GLAS practitioners, account managers, and contract specialists, now working exclusively for enterprise buyers. About us · Schedule a consultation
Not affiliated with Oracle Corporation. All Oracle product names are trademarks of Oracle Corporation.