Case Study – Oracle Audit Defense: How We Reduced a €12M Claim to €2M Cloud Spend for a Swiss Pharma Company
Background
A Swiss pharmaceutical company based in Basel, Switzerland, with global operations, relied on Oracle software for critical aspects of its business, from research data management to supply chain and finance.
The company, around 10,000 employees strong, used Oracle Database to store sensitive R&D data and patient trial information, as well as Oracle’s Hyperion and OBIEE for financial planning and analytics.
Given the regulated nature of pharma, systems had to be highly available and compliant with data integrity rules.
The company had previously entered an Oracle ULA (Unlimited License Agreement) for Oracle Database and options, which had expired a year before the audit.
They certified a certain usage at the ULA exit, but were uncertain if subsequent growth might have exceeded those counts.
Challenges
Oracle initiated an audit focusing on Database and middleware licenses. The complexity of the ULA exit became a central issue. Oracle auditors questioned the validity of the certification the company provided when the ULA ended, implying that the company might have under-reported usage to avoid fees.
They scrutinized areas like the use of Oracle Advanced Security option (TDE for encryption) and Partitioning – features common in pharma for data management, asserting that usage of these options exceeded what was licensed post-ULA.
Additionally, the audit found that the company’s extensive disaster recovery setup (with standby databases in multiple continents) might not be properly licensed if those standby systems were not counted or if they were activated beyond Oracle’s allowed testing limits.
The initial Oracle audit report tallied a potential €12 million compliance gap, a huge sum even for a big pharma, particularly unbudgeted. Oracle’s auditors, along with accompanying sales reps, pressed for a resolution, suggesting that the company either re-enter a new ULA (expensive, but forgiving on compliance) or purchase perpetual licenses plus back support.
The firm’s leadership was concerned not just about the cost, but also about ensuring no compliance issue would tarnish their reputation in an industry where trust and compliance are paramount.
How Oracle Licensing Experts Helped
- Licensing Assessment: Oracle Licensing Experts were engaged to parse the audit and verify the company’s actual license position. They performed a deep dive into the records of the ULA certification. By reviewing deployment data from the ULA period, they confirmed the company had correctly counted and certified all Oracle Database instances and options at the time of ULA exit. They also discovered that Oracle’s audit was counting some new database instances that were clones or refreshes of existing ones – effectively double-counting the same usage. The assessment also looked at the disaster recovery architecture: it turned out the standby databases were never open for active use except during quarterly DR drills under 48 hours, which meant they could be considered “cold backups” not requiring full licenses under Oracle policy.
- Audit Defense Strategy: The strategy centered on proving Oracle’s audit assumptions wrong and asserting the legitimacy of the company’s ULA exit. Oracle Licensing Experts prepared a detailed rebuttal: they showed that every database option in use (encryption, partitioning, etc.) was within the quantities the company had rights to, as per the ULA certification and subsequent limited purchases. They also highlighted Oracle’s own rules about disaster recovery, noting that Oracle’s audit team appeared to ignore the 10-day rule (which allows a standby to be used up to 10 days a year for testing without requiring a separate license). By documenting that their usage adhered to these guidelines, they weakened Oracle’s claims. Furthermore, the experts invoked Oracle’s auditing guidelines under industry compliance, pointing out that the company had been a good Oracle customer and that an aggressive audit stance could jeopardize future Oracle opportunities at the firm (since the client could consider moving to competitors for certain systems).
- Mitigation: In parallel, the pharma’s IT team, guided by the experts, took steps to mitigate any gray areas. For example, they uninstalled a rarely used Oracle option (Oracle Spatial) from database servers where it was not needed – this removed any doubt of unlicensed usage of that option. They also decided to separate one analytics workload into a PostgreSQL database (open-source), which was previously on Oracle but not heavily dependent on Oracle features. This proactive move slightly reduced Oracle license consumption. Additionally, the company formalized its disaster recovery procedures to ensure that any failover or switchover of databases was well-documented and within the allowed testing time frames, ready to show Oracle if required.
- Settlement Negotiation: The negotiation phase, led by Oracle Licensing Experts, was delicate. Given the large sum at stake, the experts and the company’s procurement heads held multiple rounds of discussions with Oracle. They presented the corrected compliance data, which, by their calculation, reduced the gap from €12M to nearly zero for actual licenses – perhaps only a need for some additional support or a couple of licenses for a handful of new servers added after the ULA. Oracle initially was skeptical, but the weight of evidence forced them to reconsider. In the end, instead of a traditional buyout of the €12M, the experts negotiated a creative settlement: the company agreed to purchase an Oracle cloud services package (worth about €2M) that the IT team was interested in using for dev/test environments. This purchase was positioned as a forward-looking investment rather than a penalty. In return, Oracle closed the audit with no non-compliance fees and provided a letter affirming the company’s compliant status. The €2M spent, far from a loss, would go towards modernizing certain systems on Oracle Cloud, giving the company a benefit.
Outcome and Impact
The pharma company successfully avoided roughly €10 million in unwarranted compliance fees. The outcome reinforced that their original ULA exit was sound and that they were right to stand by their data.
The modest investment in Oracle Cloud services not only satisfied Oracle’s need to book revenue, but it also aligned with the company’s digital strategy (since they planned to explore cloud for non-critical workloads). Essentially, the audit concluded with no penalty: the spending went into useful tech rather than a fine.
The business impact was substantial – funds that might have been wasted on unneeded licenses were preserved, ensuring R&D projects and drug development programs did not face funding cuts. Moreover, the resolution maintained the company’s good standing; there was no public dispute or legal fight, so the company’s reputation for compliance in all areas remained intact.
Internally, the process led to improved cross-department collaboration: IT, procurement, and legal teams established a regular review system for Oracle usage, particularly focusing on any new deployments of database options or high availability setups, to ensure ongoing compliance.
The company’s leadership appreciated that Oracle Licensing Experts not only saved them money but also helped them navigate the audit in a principled way, aligning compliance with the company’s operational needs.
“In pharmaceuticals, compliance is everything – we can’t afford any missteps. Facing a huge Oracle audit claim was daunting, but Oracle Licensing Experts turned it around for us. They validated that we were in the right, defended our ULA certification, and negotiated an outcome where we essentially paid nothing in penalties. Instead, we invested a bit in Oracle Cloud on our own terms. It was a relief to close the audit with our compliance verified and our budget intact. Their expertise was critical in safeguarding our company’s resources and reputation.” — CIO, Swiss Pharmaceutical Company
Read more about our Oracle Audit Defense Service.