Proactive, independent licence reviews for OpenText and SAP customers, so you stay compliant, supported, and protected ahead of audits, patch windows, and contract renewals.
Many organisations are unknowingly running non-compliant environments — not through negligence, but because licensing models evolve faster than IT asset management processes do. The gap is most acute with vendors like OpenText and SAP, where metrics are complex, contracts are long, and audit exposure can materialise without warning.
Enterprise software vendors tightly link active licence compliance to security patch and support eligibility. If your installation is non-compliant — even partially — you may find yourself unable to access critical security updates at your next renewal. This is not theoretical: OpenText customers are already experiencing it, and the same dynamic applies to SAP customers approaching end-of-mainstream maintenance on older product versions.
Many enterprise software vendors have sophisticated tooling to identify licence non-compliance across their customer base. Audits are no longer random events; they are increasingly triggered by specific signals. By the time you receive an audit notice, the cost of remediation is invariably higher than the cost of prevention.
Organic growth in deployments beyond licence entitlements. Connector or module additions that were never licenced. Third-party system integrations that trigger indirect access or digital access metrics. Mergers and acquisitions that brought in unlicensed installations. Version upgrades or platform migrations that reset licence obligations. Any one of these, common in a normal IT lifecycle, can create material exposure.
Customers who discover compliance gaps during a vendor audit face a very different negotiation than those who proactively remediate. The vendor has more leverage, timelines are compressed, and the cost typically includes backdated licence fees. A proactive review eliminates this dynamic entirely.
OpenText's licence model has grown through acquisitions — Documentum, Hummingbird, Actuate, and others each brought distinct licensing frameworks. Maintaining a compliant, well-understood position across a complex OpenText estate requires more than keeping track of user counts.
OpenText's support framework makes security patch access conditional on active licence compliance. The link is in the contract terms: customers who are non-compliant — or whose support maintenance has lapsed — may not qualify for patches even if they exist. Given the pace at which AI tools are now finding vulnerabilities in closed-source software, this is no longer a theoretical risk. It's an exposure that compounds over time.
Many enterprise software vendors have sophisticated tooling to identify licence non-compliance across their customer base. For OpenText, this includes deployment data, connector usage patterns, and version telemetry. Audits are no longer random events; they are increasingly triggered by specific signals. By the time you receive an audit notice, the cost of remediation is invariably higher than the cost of prevention.
OpenText's licence terms — including those inherited from Actuate and BIRT PowerDocs — explicitly permit the recovery of backdated fees where under-reported usage is identified, with interest provisions in some product schedules. This isn't a negotiating position; it's a contractual right that OpenText can and does exercise. Identifying and remediating gaps before an audit closes this exposure.
Organic growth, post-acquisition integration, and connector deployments that were never formally licenced are the most common root causes. The complexity is entirely normal — but the cost of discovering it during an audit rather than before one can be significant. A proactive review changes the negotiating dynamic entirely.
SAP's licensing model is deliberately granular. User types, document-based metrics, and migration frameworks all create exposure that doesn't surface in a standard headcount review. Our SAP advisory work focuses on the three areas that most consistently generate audit findings.
SAP's Digital Access model measures licence obligations by the volume of SAP documents created by third-party systems — purchase orders, sales orders, goods receipts — not just by named users. E-commerce platforms, supplier portals, IoT systems, and automation tools that connect to SAP can generate these documents at scale. Many customers don't know this exposure exists because it's invisible in a standard named-user audit.
SAP's user hierarchy — Professional, Limited Professional, Employee, Developer, and others — defines what each user is permitted to do. The definitions are precise but not intuitive, and the gap between what users actually do and what they're licensed to do is the most common source of SAP audit findings. SAP's own measurement tools (USMM and LAW) are designed to surface this gap. Most customers have never run an independent assessment of whether their user classifications hold up under SAP's audit methodology.
Signing a RISE with SAP or S/4HANA transformation agreement involves accepting a new licence framework. Entitlements held under legacy contracts don't always carry forward automatically, new consumption metrics may apply that didn't exist before, and the package consolidation offered in migration deals often resolves less exposure than it appears to. Independent review before signing a migration agreement consistently pays for itself.
SAP provides a pre-populated findings document using its own measurement methodology as the baseline. Without independent expertise, it's very difficult to challenge whether the measurement approach was applied correctly — or whether your contract terms actually support SAP's findings. Most initial findings documents contain room for challenge. The window to exercise it effectively is before you accept SAP's framework as given.
Being out of licence compliance doesn't just create a licensing problem; it increasingly creates a security one.
In April 2026, Anthropic published research showing that Claude Mythos Preview had autonomously discovered thousands of severe security flaws across all major operating systems, browsers, and closed-source software — often overnight, without human intervention. The findings were significant enough that Anthropic has since been asked to brief the Financial Stability Board, the global body of finance ministries and central banks, on the implications for systemic cyber risk. The IMF has separately warned that AI models of this capability could turn cyber vulnerabilities into a "macro-financial shock." Closed-source enterprise software sits squarely in scope. Anthropic research → Reuters / FT report →
When an enterprise software product version falls outside active support, security patches cease permanently. If a vulnerability is discovered in that version — by a researcher, an AI tool, or anyone else — there is no patch coming. The attack surface doesn't just exist; it grows over time as more vulnerabilities are found and published. Customers on non-compliant installations who have lost support entitlements are in the same position: even patches that exist are out of reach.
Here's the bind: if you're out of licence compliance, you may not qualify for support entitlements, which means you can't access patches even when they exist. Non-compliant customers often find they're simultaneously exposed to audit risk and security risk, with no clean path forward without independent guidance.
The emergence of AI models capable of finding zero-days in enterprise software at scale changes the risk calculus for every organisation running legacy or non-compliant deployments. If you're out of compliance, you can't access patches. If you can't access patches, every new vulnerability found — by anyone, using any tool — is permanent exposure. A licence review is no longer just a financial exercise. It's a security risk review.
We work exclusively on your side, independently of your software vendors, to give you an honest picture of your licence position and a clear path to compliance. Our deepest expertise is in OpenText and SAP, but we advise across the enterprise software landscape.
A thorough, confidential review of your current licence entitlements against your actual deployment. We identify what's covered, what isn't, and where the gaps are — before your vendor does.
Once we know your position, we quantify the exposure. You'll receive a clear, prioritised assessment of compliance gaps, ranked by audit risk, support access impact, and financial exposure, so you can make informed decisions.
We don't just identify problems; we help you fix them. You'll receive a pragmatic, actionable remediation plan including licence restructuring options, renewal strategy, and timing recommendations.
If you've received an audit notice, or suspect one is coming, we can prepare you. We'll help you understand your position, identify your strongest negotiating points, and ensure you're not caught off-guard by the vendor's findings.
Licence renewals and migration agreements are the ideal moment to optimise your position. We review your terms against your actual usage, identify over-licencing and under-licencing, and help you enter negotiations with full visibility.
For organisations who want continued visibility, we offer ongoing licence monitoring, so your position stays clean between audits, renewals, and platform changes. Compliance as a habit, not a crisis response.
We designed the process to be low-friction and respectful of your time, with no obligation to proceed beyond any step.
A confidential call to understand your software environment: which vendors and products you're running, deployment scale, and any specific concerns around compliance, upcoming renewals, or an active audit notice. No commitment required; this is about understanding whether we can help.
We conduct a detailed analysis of your licence entitlements against your actual deployment profile. We work from the documentation you can provide: licence agreements, purchase records, and deployment reports. We supplement with our own deep knowledge of your vendor's licensing model. You don't need everything to hand; we'll work with what you have.
We present a clear, written summary of your licence position, including any compliance gaps, support access risks, and our recommendations for remediation. The report is yours to keep and act on independently. If you'd like our support in implementing the recommendations, we're available for that too.
Many clients choose to retain us on an ongoing basis for licence monitoring, renewal preparation, and periodic compliance checks. This is entirely optional; the initial review is a complete, standalone engagement if that's what you need.
The following are illustrative scenarios based on the types of issues commonly encountered in OpenText and SAP environments. Details are anonymised.
A mid-size law firm had organically grown its Content Server deployment over five years. User counts had increased significantly beyond original licence entitlements, and a version upgrade had triggered new module licensing requirements that were never fulfilled. As a result, the firm had unknowingly lost eligibility for security patches at the previous renewal, without being notified.
A financial services firm had extended its xECM deployment with additional Salesforce and SAP connectors following an internal CRM migration. The connectors were deployed by the implementation partner without formal licence confirmation. An OpenText licence review flagged the exposure, but the firm had not yet received formal notice from OpenText.
A manufacturing company had connected its supplier portal and logistics platform to its SAP estate through a systems integrator. Both integrations automatically generated SAP documents — goods receipts and inbound delivery notices — at a volume not reflected in the original licence position. SAP's internal tooling identified the document volumes during a scheduled licence verification exercise.
We're independent consultants with extensive hands-on experience across the enterprise software licensing landscape — with particular depth in OpenText and SAP, where licence complexity, audit exposure, and the cost of getting it wrong are highest.
We don't sell software licences. We don't have referral relationships with vendors. Our only interest is in making sure you have an accurate, complete picture of your licence position, with a clear path to maintaining it.
"Most enterprise software customers we speak to are not knowingly non-compliant. They've simply grown, evolved, and integrated their platforms over time — without a mechanism to track whether their licence position has kept pace. A proactive review is not an admission of a problem. It's evidence of good governance."
Sean O'Callaghan, Enterprise Software Licence Consultant
If you have questions about your OpenText or SAP licence position, or you're simply not sure where you stand, get in touch. There's no obligation, and the initial conversation is free.
We typically respond within one business day.
Not sure if you need a review?
If your OpenText or SAP environment has grown since your last licence review, you've added integrations or connectors, you're approaching a renewal, or you've received any communication from your vendor about compliance — it's worth a conversation.
Opens your email client