Quest Software Audits:  A closer look at your audit or compliance verification clause

 

Quest series

Quest Software was originally founded in 1987 and is best known for its software product Toad (Tool for Oracle Application Developers). The Toad product is used by database developers, database administrators and data analysts to manage both relational and non-relational databases using SQL. In 2012, the software publisher was acquired by Dell. In June 2016, Dell announced the sale its software division (including its Quest, SonicWall, and One Identity businesses) to a private equity firm Francisco Partners and investment management firm Elliott Management Corporation. A relaunch of Quest software took place having its fiscal year from January to December.

Since the relaunch of Quest Software, a large amount of software audits has been performed. These audits are either performed by one of the big four audit firms (e.g. KPMG, Deloitte) or by Quest itself. In a series of articles, we will explain the most common compliance issues seen for Quest software programs. These are identified based upon our daily work in which we support many different end users across the world with the delivery of audit support services, compliance review services and/or SAM Managed Services. But – as for any publisher – it starts with having a clear understanding of the audit or compliance verification clause as part of your license agreement.

This article will focus on the most important parts of the standard Compliance Verification clause as part of the old Dell Software Transaction Agreement and the current Quest Software Transaction Agreement. You should however at all times check the specific Compliance Verification clause as part of your license agreement.

Dell Software Transaction Agreement

The standard Compliance Verification clause – as applied by Dell in its historic Software Transaction Agreement – states the following

Customer agrees to maintain and use systems and procedures to accurately track, document and report its installations acquisitions and usage of the software. Such systems and procedures shall be sufficient to determine if Customers deployment of the software of, if applicable, use of the SaaS software is within the quantities, Product Terms and maintenance releases to which it is entitled. Dell or its designated auditing agent shall have the right to audit Customers deployment of the Software or, if applicable, use of the SaaS Software for compliance with the terms and conditions of this Agreement and the applicable Order(s). Any such audits shall be scheduled at least thirty (30) days in advance and shall be conducted during normal business hours at Customer’s facilities. Customer shall provide its full cooperation and assistance with such audit and provide access to the applicable records and computers. Customer will agree to run pre-approved scripts (tested to ensure non-interference to Customer operations) or self-auditing processes as an initial first proof of compliancy request and provide the results to Dell (or a mutually approved independent auditor). Without limiting the generality of the foregoing, as part of the audit, Dell may request, and Customer agrees to provide, a written report, signed by an authorized representative, listing Customer’s then current deployment of On-Premise Software and/or the number of individuals that have accessed and used SaaS software. If Customers deployment of the software or, if applicable, use of the SaaS software is found to be greater than its purchased entitlement to such software, Customer will be invoiced for the over-deployed quantities at Dells then current list price plus the applicable maintenance services and applicable over-deployment fees. All such amounts shall be payable in accordance with the agreement. Additionally, if the unpaid fees exceed five percent (5%) of the fees paid for the applicable software, then Customer shall also pay Dells reasonable costs of conducting the audit. The requirements of this section shall survive for two (2) years following the termination of the last license governed by this agreement.

Quest Software Transaction Agreement

The standard Compliance Verification clause – as applied by Quest in its current Software Transaction Agreement – is listed below:

In order to allow Quest to verify that Customer is not engaged in any Overuse of Products, Customer shall:

  • maintain and use systems and procedures that allow Customer to accurately and completely track, document, and report License Entitlements and Use of each Product; and
  • allow Quest to audit Customer’s Use of the Products (the “Audit”).

Audits may be performed by Quest or its designated agent. Quest shall provide at least ten (10) days prior written notice to Customer before the start of an Audit and will conduct the Audit during normal business hours at Customer’s facilities. Customer shall provide, and will require its Clients and Third Party Users to provide, their full cooperation and assistance with such audit and provide access to the applicable records and computers.

Comparison between Dell vs Quest Software Transaction Agreement

The below table makes a comparison between the Compliance Verification clause historically applied by Dell and the current clause applied by Quest.

Subject Dell Agreement Quest Agreement
Required to maintain systems and procedures to track software installation and usage? Yes Yes
Auditor? Dell or its third-party auditor Quest or its third-party auditor
Audit Notice Period 30 days 10 days
Audit Duration Normal business hours Normal business hours
Audit Location Your facilities Your facilities
Audit Fines List License + Support + over-deployment fees Not specified
Audit Costs If unpaid fees > 5% of the fees paid, then you need to pay the costs of conducting the audit Not specified
Audit Right Survival Two years following the termination of the last license Not specified

As a result of the comparison made, it is clear that Quest software would want to start an audit with a shorter notice period (10 days) compared to what Dell software applied in the past. Although the Audit Fines, Audit Costs and Audit Right Survival terms are nowadays no longer included in the Compliance Verification clause of the Quest Software Transaction Agreement, end users should be aware that Quest still applies the same principles as historically defined by Dell. In case you are in commercial negotiations with Quest to enter into a new Software Transaction Agreement, then it is at all times recommended to negotiate non-standard terms with regards to the Compliance Verification.

Quest Software is performing (either themselves or through KPMG or Deloitte) many software compliance audits in EMEA and NAMER. If and when you are confronted with a Quest audit, you should at all times validate the Compliance Verification clause as part of your Dell or Quest Software Transaction agreement to understand your rights and obligations. If and when you do not have a copy of your signed Software Transaction Agreement, this article hopefully provides you an overview of the standard terms and conditions that are most likely applicable.

The question is not if you are going to be audited, but when you are going to be audit. Our recommendation is to perform an internal Quest audit rather soon, to identify your compliance position first before Quest starts an audit. If you need in-depth knowledge and experience with regards to the execution of such audit, don’t hesitate to reach out to us.

Richard is one of the managing partners at B-lay. He started to work in the license management industry in 2004 and worked for almost 10 years at Oracle as regional director of compliance. He uses his knowledge of enterprise software vendors (such as Oracle, SAP, IBM and Microsoft) to educate, equip and enable software end users in their challenges regarding proper software license management. Richard holds a master’s degree in IT, from University of Amsterdam in the Netherlands.