If you read nothing else
An Oracle SAM programme is the continuous, buyer-side practice of measuring your Oracle deployment, reconciling it against entitlement, and producing audit-ready evidence on your own timeline. Its purpose is twofold: right-size Oracle spend before renewal, and neutralise audit exposure before GLAS opens one. Done well, the next audit becomes a verification of numbers you already hold — not a discovery exercise Oracle controls. A monthly licence-position review is the single highest-value habit it installs.
This Oracle SAM programme playbook is written for the buyer who has to run the estate, not sell it. It covers the operating model — roles, cadence, tooling, and evidence — and the right-sizing levers that turn a defensive function into a cost-recovery one. Every pricing and policy figure carries a source and a date.
Key takeaways
- A SAM programme is audit insurance you build once and run monthly — for high-risk vendors like Oracle, a licence-position review should run monthly, not annually, so exposure is found and remediated before GLAS scripts it for you (Anglepoint 2026 Software Licensing Guide).
- Continuous evidence beats reactive scrambling — the strongest defence against Oracle's audits is a programme that produces audit-ready evidence continuously; across 600+ engagements, customers with a standing SAM baseline settle audits 40–90% below Oracle's opening claim, versus those who first assemble the data under a 45-day clock (Oracle Licensing Experts engagement data, 2026).
- Support is the silent cost the programme attacks — Oracle Enterprise Support runs 22% of net licence value per year and re-prices annually at a 4–8% uplift on capped contracts (Oracle Software Technical Support Policies, 8 May 2026); unmanaged, a $1M support line reaches roughly $1.17M after two 8% increases, so retiring shelfware is pure recovered budget.
- ISO/IEC 19770-1 gives you a maturity ladder, not an all-or-nothing target — the standard's tiered model (Trustworthy Data, Practical Management, Operational Integration, Full Conformance) lets you reach defensible “trustworthy data” first and build from there (ISO/IEC 19770-1:2012).
- Java and virtualization are where SAM pays for itself fastest — the Java SE Universal Subscription is priced per total employee at $5.25–$15.00 per employee per month (Oracle Java SE Universal Subscription, 2026), and unmanaged VMware sprawl is the single largest database audit exposure; both are invisible without a programme tracking them.
Recommendations by role
An Oracle SAM programme is owned by one person but staffed across four desks. Here is what each owner does to keep the estate defensible.
SAM / ITAM Manager
- Own the Oracle effective licence position (ELP) end to end — deployment, entitlement, and the reconciled gap — refreshed monthly, version-controlled, evidence attached.
- Enforce a no-install-without-a-licence-check gate so options and packs never switch on unbudgeted.
- Map every Oracle metric in play (Processor, NUP, Employee for Java) and track the count that drives each one.
CIO / Head of Infrastructure
- Isolate Oracle workloads onto dedicated, separately licensed hosts so VMware soft-partitioning has nowhere to spread.
- Fund the SAM programme as risk reduction, not overhead — one avoided audit claim pays for it many times over.
- Make the monthly licence position a standing item in infrastructure governance, not a once-a-year report.
VP Procurement / Vendor Management
- Feed the ELP into every renewal so you negotiate from your numbers, not Oracle's opening position.
- Retire shelfware before each support renewal and right-size the licence base it is calculated on.
- Hold the contract: pin scope, metrics, and the audit clause so the programme has firm boundaries to defend.
CFO / General Counsel
- Treat the 22% support line as a managed budget with a reduction target, not a fixed tax that only rises.
- Require an evidenced licence position before signing any Oracle order so exposure is known, not assumed.
- Keep SAM findings confidential so they cannot be recycled as a sales lever in the next negotiation.
The Oracle SAM programme framework: what to build and in what order
Each question below is one a SAM lead, CIO, or CFO actually asks when standing up the programme. Lead with the answer; the build step follows.
What is an Oracle SAM programme, and how is it different from generic SAM?
An Oracle SAM programme is software asset management tuned to Oracle's specific metrics, contracts, and audit behaviour. Generic SAM counts installs against purchases; Oracle SAM has to reconcile a far harder problem — Processor counts run through the Core Factor Table, Named User Plus minimums, options and packs that activate on use, the per-employee Java metric, and virtualization scope that Oracle interprets against its own policy rather than your contract. A programme that treats Oracle like any other vendor will miss exactly the exposures Oracle audits for.
The build order matters. Establish trustworthy data first — a clean, evidenced inventory of what is deployed and what you own — then layer reconciliation, governance, and right-sizing on top. ISO/IEC 19770-1's tiered model formalises this: its first tier is “Trustworthy Data,” precisely because everything downstream depends on it (ISO/IEC 19770-1:2012).
Stand up the Oracle baseline on a quiet quarter, not under a 45-day audit clock. A self-driven licence position surfaces the same gaps Oracle would — options left on, VMware sprawl, Java on unmanaged machines — while you still have room to remediate without a counterparty watching.
Who owns the Oracle SAM programme, and how should it be staffed?
One accountable owner, supported across four functions. Licence governance needs defined roles, documented policies, and escalation paths; leading organisations put a Software Asset Manager at the centre who owns the programme and the vendor relationship, working with an IT procurement lead who negotiates agreements, a security and compliance function, and finance or FinOps (Anglepoint 2026 Software Licensing Guide). The SAM manager owns the effective licence position — the reconciled view of deployment versus entitlement that is the programme's core deliverable.
Without a single owner, the count fragments: infrastructure knows what is deployed, procurement knows what was bought, and nobody holds the reconciled gap. The owner's job is to keep that gap measured, evidenced, and current — so when a renewal or an audit arrives, the answer already exists.
“Who can produce our reconciled Oracle licence position today, with evidence, without asking Oracle?” If the answer is no one, that gap is the programme's first deliverable — not a tool purchase.
How often should you run an Oracle licence-position review?
Monthly for Oracle, not annually. For high-risk vendors, a review of licence positions should occur monthly to avoid surprise audit liabilities (Anglepoint 2026 Software Licensing Guide). An effective licence position (ELP) is the reconciled statement of what you have deployed against what you are entitled to use, expressed per metric. Run quarterly and you can drift two full quarters out of compliance before anyone notices; run monthly and remediation is small, cheap, and routine.
The cadence is the programme's heartbeat. A monthly ELP catches an option switched on by a DBA, a new VMware cluster that pulled Oracle into a wider vMotion boundary, or Java installed on machines outside the subscription — while each is still a contained problem rather than a multi-year back-licence claim.
Across 600+ Oracle engagements, customers running a monthly licence-position review settle audits 40–90% below Oracle's opening claim, because the count is already theirs; those assembling data only after the letter routinely surrender the count to Oracle's worst-case interpretation (Oracle Licensing Experts engagement data, 2026).
How do you build a defensible Oracle effective licence position?
You build it from your own evidence, line by line, the way you would defend it in an audit. Start with a complete deployment inventory — processors, cores, options, packs, and virtualization topology — then map entitlement from your ordering documents and Master Agreement, recording metric, quantity, contract identifier, and the systems each licence covers. Reconcile the two and flag every gap and every surplus. A management pack is a separately licensed Database option that can switch on through ordinary administration, so the inventory must capture feature usage, not just installs.
Treat the result as evidence, not a spreadsheet. Each line — the metric, the core count, the Core Factor applied, the option attribution, the virtualization treatment — should stand on its own when challenged. This is the same forensic discipline that powers buyer-side Oracle compliance review, run proactively instead of reactively.
If your “licence position” is a procurement spreadsheet of what was bought, with no deployment evidence behind it, you do not have an ELP — you have half of one. Oracle's scripts measure deployment; your defence has to measure it too.
How does a SAM programme control Oracle support costs?
By attacking the licence base that support is calculated on. Oracle Enterprise Support is 22% of net licence value per year and re-prices annually with a 4–8% uplift on capped contracts (Oracle Software Technical Support Policies, 8 May 2026). Because that 22% is charged on the original net licence value regardless of whether the software is still used, every retired or never-deployed licence is pure recovered budget — and the programme is what identifies it. A SAM programme that surfaces shelfware before each renewal converts a rising fixed cost into a managed one.
The compounding is the reason to act early: at an 8% uplift, a $1M support line reaches roughly $1.17M after two years and nearly 50% higher within six (Oracle Software Technical Support Policies, 2026). Right-sizing the base, restructuring support sets, and where appropriate moving to third-party support are the levers; the SAM programme is what makes them safe to pull, because it proves what you actually need.
Bring a clean, evidenced ELP to the support renewal. When you can show exactly which licences are live and which are shelfware, Oracle loses the information advantage that lets it renew the whole base at 22% — and the conversation shifts to what you actually use.
How does the programme handle Oracle Java and VMware exposure?
By tracking the two metrics Oracle audits hardest, continuously. The Java SE Universal Subscription is licensed per total employee — every full-time, part-time, contractor, and temporary worker counts, not just developers — at $5.25 to $15.00 per employee per month depending on headcount band (Oracle Java SE Universal Subscription, 2026). Without a programme tracking where Oracle JDK is installed and what your employee count is, Java exposure is invisible until GLAS quantifies it for you.
Virtualization is the database equivalent. Oracle treats VMware as soft partitioning — counting every host inside the vMotion boundary, not just hosts running Oracle — so an estate that drifts into a wider cluster can be claimed at many times the cores actually used. In 2026, Oracle's GLAS function is issuing formal notices that explicitly target Java deployment and option usage (Mondaq, 2026). A SAM programme that tracks Java installs, employee headcount, and Oracle's virtualization boundaries turns both from a surprise into a managed number. See our Oracle audit defence manual for the full virtualization defence.
In our client base, the Java SE Employee Metric runs 5–10× the cost of the legacy NUP or Processor model for the same deployment — which is exactly why a SAM programme that quantifies Java headcount before renewal is one of the fastest-paying functions you can build (OLE benchmark, 2026).
What tooling does an Oracle SAM programme actually need?
Less than vendors will tell you, and more discipline than tools alone provide. A SAM tool helps with discovery and inventory, but no tool natively computes a defensible Oracle position — Core Factor application, soft-partitioning interpretation, option-usage attribution, and Java employee counting all require Oracle-fluent judgement on top of the data. The programme needs reliable discovery, a single reconciled system of record for entitlements, and a documented process; the interpretation layer is human.
Buy tools to remove manual data collection, not to outsource the decision. The most common failure is a six-figure SAM platform producing a number nobody can defend, because the interpretation was left to a generic algorithm rather than someone who knows how Oracle builds a claim. Pair tooling with the forensic discipline of Oracle licence optimization and the tool becomes an accelerator instead of a false comfort.
Validate any SAM tool's Oracle output against a manual rebuild on one representative cluster before you trust it estate-wide. If the tool counts every host in a shared vCenter as licensed, it is encoding Oracle's policy, not your contract.
When should you bring in independent, buyer-side help?
At the build stage, and again before any renewal or audit. Standing up an Oracle SAM programme is where Oracle-specific knowledge pays the most: getting the baseline, metrics, and interpretation right at the start means every monthly cycle afterward runs on solid ground. Independent advisors build the ELP methodology, validate the interpretation, and train the internal owner — exclusively for the buyer, never for Oracle. The same team then runs point when a renewal or a GLAS letter arrives.
If audit risk is the immediate pressure, the programme pairs naturally with Oracle audit defense; if support cost is the driver, with support reduction and optimization. The constant is independence: a SAM programme advised by a firm that also sells Oracle is not buyer-side. Read the Oracle Audit Guide 2026 for how the programme connects to the wider audit lifecycle.
In our work, organisations that build the SAM baseline before their next Oracle renewal recover materially more than those who wait — the average buyer-side engagement delivers a 38% cost reduction, and the standing licence position is what makes that durable rather than one-off (Oracle Licensing Experts benchmark, 2026).
Decision matrix: where to start your Oracle SAM programme
Figure 1 — Your first move depends on how trustworthy your current data is and how close the next audit or renewal sits.
Reconcile and weaponise
You already know what is deployed. Build the reconciled ELP now, surface shelfware, and walk into the renewal or audit with your own evidenced number.
Install the monthly cadence
Lock in the operating model — owner, monthly ELP, no-install gate — so the position stays current and the next event is routine.
Triage the high-risk metrics first
Fix discovery on Java, VMware, and options before anything else — that is where Oracle's claim concentrates — then build outward.
Build trustworthy data first
Stand up clean discovery and a single entitlement record — ISO 19770-1 Tier 1 — before attempting reconciliation or right-sizing.
In every quadrant the rule holds: own a defensible number before Oracle defines one for you.
Four Oracle SAM operating models, compared
| Model | What it delivers | Strength | Caution |
|---|---|---|---|
| No programme (reactive) | Data assembled only when Oracle asks | Zero standing cost | Count surrendered to Oracle's worst-case interpretation under a 45-day clock |
| Spreadsheet baseline | Annual manual licence position | Cheap; better than nothing | Stale fast; misses options, Java, and VMware drift between refreshes |
| Tool-led SAM | Automated discovery + inventory | Removes manual collection; scales | Generic tools mis-count Oracle Core Factor and soft-partitioning without human interpretation |
| Governed programme (monthly ELP) | Owned, evidenced, monthly reconciled position | Audit-ready continuously; feeds every renewal | Needs an accountable owner and Oracle-fluent interpretation to sustain |
Acronyms & key terms
- SAM
- Software Asset Management is the practice of managing software licences, deployment, and compliance across their lifecycle.
- ITAM
- IT Asset Management is the broader discipline covering hardware, software, and cloud assets, of which SAM is the software part.
- ELP
- An Effective Licence Position is the reconciled statement of deployment against entitlement, expressed per licensing metric.
- GLAS
- Global Licensing and Advisory Services is Oracle's current licence-review function, the successor to LMS, sitting inside sales.
- LMS
- License Management Services was Oracle's licence-review function, responsible for audits and now rebranded as GLAS.
- ISO/IEC 19770-1
- ISO/IEC 19770-1 is the international standard defining a tiered management system for software and IT asset management.
- Core Factor
- The Core Factor Table is Oracle's multiplier converting physical cores into required processor licences.
- NUP
- Named User Plus is Oracle's per-user metric, carrying per-processor minimums that often drive the licence count.
- Employee Metric
- The Employee Metric licenses Java SE per total employee headcount — including contractors — not per user or install.
- Soft partitioning
- Soft partitioning is virtualization Oracle does not accept as a licence boundary, such as VMware vSphere.
- Management Pack
- A Management Pack (Diagnostics, Tuning) is a separately licensed Database option that can activate on use and trigger findings.
- Shelfware
- Shelfware is purchased, supported licences that are no longer deployed yet still incur the 22% annual support fee.
Frequently asked questions
What is an Oracle SAM programme?
An Oracle SAM programme is the continuous, buyer-side practice of measuring your Oracle deployment, reconciling it against entitlement, and producing audit-ready evidence on your own timeline. It is software asset management tuned to Oracle's specific metrics — Processor, Named User Plus, and the per-employee Java model — and to Oracle's audit behaviour. Its goal is to right-size spend before renewal and neutralise audit exposure before GLAS opens one.
How often should I review my Oracle licence position?
Monthly. For high-risk vendors like Oracle, a licence-position review should run monthly to avoid surprise audit liabilities (Anglepoint, 2026). A monthly effective licence position catches an option switched on, a VMware cluster that widened the vMotion boundary, or Java installed outside the subscription while each is still a contained, cheap problem — rather than a multi-year back-licence claim discovered under audit.
How does a SAM programme reduce Oracle costs?
By right-sizing the licence base that cost is calculated on. Oracle support is 22% of net licence value per year (Oracle Software Technical Support Policies, 8 May 2026), charged whether or not the software is used, so every retired licence is recovered budget. The programme surfaces shelfware before each renewal, feeds an evidenced position into negotiation, and removes the information advantage Oracle uses to renew the whole base.
Do I need a SAM tool to run an Oracle programme?
A tool helps with discovery and inventory, but it cannot replace Oracle-fluent interpretation. Core Factor application, soft-partitioning scope, option-usage attribution, and Java employee counting all require human judgement on top of the data. Buy tools to remove manual collection, not to outsource the decision — a generic algorithm that counts every host in a shared vCenter encodes Oracle's policy, not your contract.
What is ISO/IEC 19770-1 and do I need it?
ISO/IEC 19770-1 is the international standard for a software and IT asset management system, structured as tiers — Trustworthy Data, Practical Management, Operational Integration, and Full Conformance (ISO/IEC 19770-1:2012). You do not need formal certification to benefit; the tiered model is a practical maturity ladder. Reaching trustworthy, evidenced data is the first and most valuable tier for Oracle defence.
How does a SAM programme handle Oracle Java licensing?
By tracking installs and employee headcount continuously. The Java SE Universal Subscription is priced per total employee — every full-time, part-time, contractor, and temporary worker counts — at $5.25 to $15.00 per employee per month (Oracle Java SE Universal Subscription, 2026). Without a programme mapping where Oracle JDK runs and what your headcount is, Java exposure stays invisible until GLAS quantifies it, often at 5–10× the legacy model's cost.
Does a SAM programme prevent an Oracle audit?
It does not stop Oracle from issuing a notice, but it changes the outcome. With a standing, evidenced licence position, an audit becomes a verification of numbers you already hold rather than a discovery exercise Oracle controls. Across 600+ engagements, customers with a monthly SAM baseline settle 40–90% below Oracle's opening claim, because they never surrender the count (Oracle Licensing Experts engagement data, 2026).
Who should own the Oracle SAM programme?
A single accountable Software Asset Manager, supported by procurement, security/compliance, and finance (Anglepoint, 2026). The owner holds the reconciled effective licence position — the gap between deployment and entitlement — that no single other function maintains. Without one owner the count fragments: infrastructure knows what is deployed, procurement knows what was bought, and nobody holds the defensible reconciled number.
Methodology & sources
This playbook combines current Oracle contract, pricing, and support-policy documents with Oracle Licensing Experts engagement data drawn from 600+ buyer-side Oracle engagements and $1.8B in Oracle spend advised. Benchmarks labelled “Oracle Licensing Experts” reflect anonymised outcomes across our SAM, audit-defence, and optimization work and are not attributable to any single client. Pricing and policy figures are Oracle's published rates and terms as of mid-2026 and exclude negotiated concessions. Cost-reduction and settlement ranges reflect observed buyer-side outcomes, not guaranteed results.
Primary and authoritative sources cited:
- Oracle Software Technical Support Policies (oracle.com, 8 May 2026) — the 22% support rate and annual uplift terms.
- Oracle Java SE Universal Subscription FAQ (oracle.com) — the per-employee metric definition and scope.
- ISO/IEC 19770-1:2012 (iso.org) — the tiered SAM/ITAM management-system standard.
- Anglepoint 2026 Software Licensing Guide — SAM governance roles and monthly licence-position cadence for high-risk vendors.
- Mondaq: 2026 — The Year Oracle's Java Audits Get Real — current GLAS audit targeting of Java and options.
Download the PDF
Take the full Oracle SAM programme playbook with you — the operating model, the monthly ELP cadence, the right-sizing levers, and the source list — in a board-ready PDF.
Request the PDF & a confidential SAM briefing →Related white papers
The Oracle buyer's briefing
Quarterly Oracle audit, SAM, and pricing benchmarks, written for buyers. No Oracle spin.