On this page

Vendor and Licensing Management

Vendor and licensing management encompasses the operational procedures for maintaining software vendor relationships, tracking licence entitlements, verifying compliance, and managing contract lifecycles. These procedures apply whenever your organisation procures, renews, or terminates software agreements, whether for perpetual licences, subscription services, or open source support contracts.

Effective execution prevents compliance violations that trigger audit penalties, identifies cost savings through consolidation and nonprofit programme eligibility, and ensures continuity by avoiding lapsed agreements. The procedures in this page assume portfolio-level decisions about which applications to retain or retire have already been made through application portfolio management processes.

Prerequisites

Before beginning vendor and licensing management procedures, ensure the following requirements are satisfied.

Contract repository access: Read and write access to the centralised contract storage location, whether a contract management system, document management platform, or designated file share. You need permission to upload new agreements and update metadata on existing records.
Licence inventory tool: Access to a licence tracking system or spreadsheet that serves as the authoritative record of entitlements. This may be a dedicated software asset management (SAM) tool, an IT service management module, or a structured spreadsheet with defined fields for vendor, product, licence type, quantity, expiry date, and cost.
Financial system access: Read access to accounts payable records for the past 24 months to identify software-related expenditure. Write access to cost centre or project codes if you are responsible for allocating licence costs.
Vendor portal credentials: Administrative access to vendor licensing portals for your top 10 vendors by spend. These portals provide authoritative entitlement data, usage reports, and renewal quotes.
Deployment data sources: Access to systems that report actual software deployment: endpoint management tools, SaaS identity provider logs, application usage analytics, or server inventory databases.

Gather the following information before starting:

Information	Source	Purpose
Current contract list	Contract repository	Baseline for inventory
Software expenditure (24 months)	Finance system	Identify all vendors
Endpoint software inventory	MDM or endpoint management	Compare against entitlements
SaaS user counts	Identity provider	Verify subscription quantities
Renewal calendar	Existing tracking system	Prioritise upcoming renewals

Allow 2 hours for initial inventory setup per 20 vendors, plus 30 minutes per vendor for detailed entitlement verification.

Procedure

The following procedures cover the complete vendor and licensing management lifecycle. Execute them in sequence for initial setup, then perform ongoing management tasks according to the schedules specified.

Establishing the licence inventory

Export all software-related transactions from your financial system for the past 24 months. Filter by expense categories that include software, subscriptions, SaaS, cloud services, maintenance, and support. Include one-time purchases and recurring payments. Save this export as your expenditure baseline.
Extract unique vendor names from the expenditure baseline and create an initial vendor list. For each vendor, record the total spend over 24 months, the number of distinct transactions, and whether payments are recurring or one-time. Sort by total spend descending. Vendors with annual spend exceeding £5,000 require full tracking; those below this threshold can be tracked at summary level.
Locate existing contracts for each vendor on your list. Search the contract repository, email archives of procurement staff, and finance records for associated purchase orders. For each contract found, record: vendor name, contract reference number, effective date, expiry date, auto-renewal terms, notice period, and storage location. Flag vendors where you cannot locate a current contract.
Access each vendor’s licensing portal and download the current entitlement report. This report shows what your organisation has purchased and is entitled to use. Record the following for each product: licence type (perpetual, subscription, concurrent, named user), quantity entitled, maintenance or support expiry, and version entitlements. Reconcile portal data against contract terms; discrepancies indicate either portal errors or contract amendments you have not captured.
Create or update licence inventory records with the following structure for each product:

   Vendor: [Vendor name]
   Product: [Product name and edition]
   Licence type: [Perpetual|Subscription|Concurrent|Named user|Site|Device]
   Quantity entitled: [Number]
   Quantity deployed: [Number - to be populated]
   Contract reference: [Reference number]
   Contract expiry: [YYYY-MM-DD]
   Maintenance expiry: [YYYY-MM-DD]
   Auto-renewal: [Yes|No]
   Notice period: [Days]
   Annual cost: [Amount]
   Cost centre: [Code]
   Owner: [Role or person responsible]
   Nonprofit programme: [Yes|No|Eligible but not enrolled]
   Last verified: [YYYY-MM-DD]

For each product in the inventory, gather deployment data from your endpoint management, server inventory, or SaaS identity provider. Record actual deployment quantities in the licence inventory. Calculate the variance between entitled quantity and deployed quantity. Positive variance (more licences than deployments) indicates potential cost savings; negative variance (more deployments than licences) indicates compliance risk requiring immediate attention.

The following diagram illustrates the licence inventory data model and its relationships to source systems:

+-----------------------------------------------------------+
|                     LICENCE INVENTORY                     |
+-----------------------------------------------------------+
|                                                           |
|  +------------------+     +------------------+            |
|  | VENDOR RECORD    |     | PRODUCT RECORD   |            |
|  |                  |     |                  |            |
|  | - Vendor ID      |<--->| - Product ID     |            |
|  | - Name           |  1:n| - Name/Edition   |            |
|  | - Portal URL     |     | - Licence type   |            |
|  | - Account number |     | - Qty entitled   |            |
|  | - Contact        |     | - Qty deployed   |            |
|  | - Total spend    |     | - Contract ref   |            |
|  +--------+---------+     | - Expiry dates   |            |
|           |               | - Annual cost    |            |
|           |               +--------+---------+            |
|           |                        |                      |
|           v                        v                      |
|  +------------------+     +------------------+            |
|  | CONTRACT         |     | DEPLOYMENT       |            |
|  | REPOSITORY       |     | DATA             |            |
|  |                  |     |                  |            |
|  | - PDF/Document   |     | - Endpoints      |            |
|  | - Terms          |     | - Servers        |            |
|  | - Amendments     |     | - SaaS users     |            |
|  +------------------+     +------------------+            |
|           ^                        ^                      |
|           |                        |                      |
+-----------+------------------------+----------------------+
            |                        |
            |                        |
    +-------+-------+       +--------+--------+
    |               |       |                 |
    | FINANCE       |       | ENDPOINT/       |
    | SYSTEM        |       | IDENTITY        |
    |               |       | SYSTEMS         |
    +---------------+       +-----------------+

Figure 1: Licence inventory data model showing relationships between vendor records, product records, and source systems

Verifying licence compliance

Generate a compliance report by comparing entitled quantities against deployed quantities for all products. Create three categories: compliant (deployed equals or is less than entitled), over-deployed (deployed exceeds entitled by any amount), and under-utilised (deployed is less than 70% of entitled).
Investigate each over-deployed product immediately. Determine whether the over-deployment represents unlicensed usage requiring remediation, unrecorded licence purchases, or deployment data errors. For genuine over-deployment, calculate the exposure: number of excess deployments multiplied by per-unit licence cost, plus potential audit penalties (typically 1.5x to 3x back-licence costs depending on vendor).
For over-deployed products, execute one of these remediation paths within 30 days:
Path A: Reduce deployment. Identify and remove installations or user assignments that are not required. Verify removal through deployment data sources. Update deployment count in inventory.
Path B: Acquire additional licences. Obtain quotes for the required additional quantity. Process purchase through standard procurement. Update entitlement records upon receipt of licence keys or confirmation. Retain proof of purchase with backdated effective date if vendor permits compliance amnesty.
Path C: Upgrade licence type. Some licence types (enterprise agreements, site licences, unlimited use) eliminate per-unit counting. Compare the cost of additional unit licences against upgrading to a higher tier. Negotiate with vendor for retroactive coverage.
Review each under-utilised product (below 70% deployment against entitlement) for cost optimisation. Calculate annual savings from reducing licence quantity to match actual usage plus 15% buffer. For subscription licences, request quantity reduction at next renewal. For perpetual licences with maintenance, consider allowing maintenance to lapse on unused licences.
Document compliance status for each product with the following attestation record:

   Product: [Name]
   Verification date: [YYYY-MM-DD]
   Verified by: [Name/Role]
   Entitlement source: [Portal/Contract/PO]
   Deployment source: [System name]
   Entitled quantity: [Number]
   Deployed quantity: [Number]
   Status: [Compliant|Remediation in progress|Under review]
   Remediation deadline: [YYYY-MM-DD if applicable]
   Notes: [Relevant context]

Schedule recurring compliance verification quarterly for high-risk products (those with per-seat licensing, audit clauses, and vendor audit history) and annually for low-risk products (site licences, open source, unlimited use agreements).

Audit exposure

Software vendors increasingly exercise audit rights, particularly for organisations that have not verified compliance in 24 months or more. Audit findings typically result in back-licence fees at list price plus audit cost recovery. Proactive compliance verification is substantially less expensive than reactive audit response.

Managing contract renewals

The renewal management process begins 120 days before contract expiry for strategic vendors and 60 days before expiry for standard vendors. Strategic vendors are those with annual spend exceeding £25,000 or providing business-critical systems.

+------------------------------------------------------------------+
|                    RENEWAL TIMELINE                              |
+------------------------------------------------------------------+
|                                                                  |
|  Days before     Action                                          |
|  expiry                                                          |
|                                                                  |
|  -120 +---------+ Strategic vendor: begin renewal assessment     |
|       |         |                                                |
|  -90  |    +----+ Usage review and requirement validation        |
|       |    |                                                     |
|  -60  +----+----+ Standard vendor: begin renewal assessment      |
|            |      Request renewal quote from vendor              |
|            |                                                     |
|  -45  +----+----+ Evaluate alternatives if dissatisfied          |
|       |    |      Prepare negotiation position                   |
|       |    |                                                     |
|  -30  |    +----+ Negotiate terms and pricing                    |
|       |         | Process approval for renewal decision          |
|       |         |                                                |
|  -14  +---------+ Execute renewal agreement                      |
|                 | Update inventory records                       |
|                                                                  |
|  0    +---------+ Contract expiry date                           |
|                                                                  |
+------------------------------------------------------------------+

Figure 2: Renewal timeline showing action points relative to contract expiry

Generate a renewal report 120 days before each quarter end listing all contracts expiring in the following quarter. Include current annual cost, licence quantities, deployment levels, and contract owner. Distribute to contract owners and finance for budget planning.
For each renewal, validate continuing business need. Consult with the designated owner and primary user community. Determine whether the product should be renewed at current quantity, renewed at adjusted quantity, migrated to an alternative, or retired. Document the decision and rationale.
Review current usage against entitlement to establish the target renewal quantity. For subscriptions, match renewal quantity to current active users plus projected growth (use 10% if no specific projection exists). For perpetual maintenance, evaluate whether maintenance value (updates, support) justifies cost, or whether lapsing maintenance is acceptable.

Research nonprofit programme eligibility before requesting renewal quotes. Check vendor nonprofit programme portals and TechSoup or equivalent local technology donation programmes. Many vendors offer 50% to 90% discounts for registered charities and NGOs. Eligibility typically requires charity registration number, proof of nonprofit status, or specific organisational classifications.

Common nonprofit programmes:

Vendor	Programme	Typical discount	Eligibility
Microsoft	Microsoft for Nonprofits	50-90%	Registered nonprofits
Google	Google for Nonprofits	Free core services	Registered charities
Salesforce	Power of Us	10 free licences	501(c)(3) or equivalent
Atlassian	Community licence	75%	Registered nonprofits
Slack	Slack for Nonprofits	85%	Registered nonprofits
Zoom	Zoom for Nonprofits	50%	Registered nonprofits

Request a renewal quote from the vendor at least 60 days before expiry. Specify the target quantity, desired term length (multi-year agreements often reduce per-year cost), and reference your nonprofit status if applicable. Request both list pricing and your negotiated or programme pricing.
Evaluate the renewal quote against your target budget and alternative options. If the quote exceeds budget by more than 15%, or if you have identified viable alternatives, prepare a negotiation position. Negotiation leverage includes: multi-year commitment, payment terms (upfront versus monthly), reference customer willingness, competitive alternatives, and renewal timing (vendors often have quarter-end flexibility).
Conduct negotiation with the vendor or reseller. Present your target price with supporting rationale. Be prepared to discuss payment terms, term length, and scope adjustments. Document all negotiated terms in writing before accepting. Do not rely on verbal commitments.
Process the renewal through your organisation’s approval workflow. For renewals exceeding £10,000, typical approval requirements include budget holder sign-off, IT leadership approval, and procurement review. Ensure approval is complete before contract expiry to avoid service interruption.
Execute the renewal agreement by signing the vendor’s order form or renewal document. Verify that terms match negotiated conditions, including: price, quantities, term dates, and any special conditions. Upload the executed agreement to the contract repository.
Update the licence inventory with new expiry dates, quantities, and costs immediately upon renewal execution. Reset the renewal calendar entry for the next renewal cycle.

Monitoring vendor performance

Ongoing vendor performance monitoring ensures that vendors deliver contracted service levels and that the organisation receives expected value from software investments.

Establish performance baselines for strategic vendors (annual spend over £25,000). Document expected service levels including: uptime percentage, support response times, issue resolution times, and update frequency. These may be contractually specified in service level agreements or derived from vendor documentation.
Track actual performance against baselines monthly for SaaS and cloud services. Collect uptime data from vendor status pages, your own monitoring systems, or third-party services. Log support interactions including submission time, acknowledgement time, and resolution time.
Calculate a vendor health score quarterly using the following formula:

   Health Score = (Uptime Score × 0.3) + (Support Score × 0.3) +
                  (Value Score × 0.2) + (Relationship Score × 0.2)

   Uptime Score = (Actual uptime / Target uptime) × 100, capped at 100
   Support Score = (Target resolution time / Actual resolution time) × 100, capped at 100
   Value Score = Subjective 0-100 based on feature utilisation and business impact
   Relationship Score = Subjective 0-100 based on account management quality

Scores below 70 warrant vendor discussion. Scores below 50 warrant alternative evaluation.

Conduct formal vendor review meetings quarterly for strategic vendors and annually for standard vendors. Prepare an agenda covering: performance against SLAs, open issues, product roadmap updates, upcoming renewals, and relationship feedback. Document meeting outcomes and action items.
Maintain a vendor issue log recording all service disruptions, support escalations, and contract disputes. Use this log as evidence during renewal negotiations and as input to health score calculations.

Planning contract exits

Contract exit planning prepares for orderly transition away from a vendor, whether due to application retirement, migration to alternatives, or vendor relationship termination.

Review contract terms for exit provisions before initiating exit planning. Identify: notice period required, data export obligations, transition assistance provisions, and any termination fees or penalties. Flag contracts that lack data portability provisions for priority attention during future negotiations.
Develop an exit timeline working backward from target exit date. Key milestones include: formal termination notice (per contract notice period), data export completion, user migration, access termination, and final invoice reconciliation. Allow minimum 90 days for complex migrations.
Execute data export before termination wherever possible. Export formats vary by vendor; prioritise machine-readable formats (CSV, JSON, XML) over proprietary formats. Verify export completeness by comparing record counts and sampling data quality. Store exported data according to retention requirements.
Coordinate user transition with the migration to replacement systems. Communicate timeline to affected users, provide training on replacement systems, and establish support channels for transition questions. Plan for parallel operation period if business continuity requires it.
Submit formal termination notice in writing per contract requirements. Reference the contract clause permitting termination, specify the termination effective date, and request confirmation of receipt. Retain proof of submission (email delivery receipt, postal tracking, portal confirmation).
Disable access and integrations on or before termination date. Remove vendor API connections from integration platforms, revoke OAuth tokens, disable SSO federation, and remove vendor from identity provider. Confirm users can no longer authenticate.
Reconcile final invoicing within 30 days of termination. Verify no charges post-termination date. Dispute any incorrect charges in writing. Confirm any refunds due for prepaid unused periods.
Archive contract documentation including: original agreement, all amendments, termination notice, final invoice reconciliation, and data export confirmation. Retain per your records retention policy (typically 7 years for contracts).

Verification

Confirm successful execution of vendor and licensing management procedures through the following verification steps.

Inventory completeness verification:

Total vendors in financial records (24 months): [A]
Total vendors in licence inventory: [B]
Coverage percentage: (B / A) × 100

Target: 100% for vendors with annual spend > £5,000
        90% for all vendors

If coverage is below target, identify missing vendors and add to inventory.

Compliance verification:

Total products in inventory: [A]
Products with compliance status recorded: [B]
Products with status "Compliant": [C]
Products with status "Remediation in progress": [D]

Compliance rate: (C / A) × 100
Coverage rate: (B / A) × 100

Target: Compliance rate > 95%
        Coverage rate = 100%

Renewal coverage verification:

Contracts expiring in next 180 days: [A]
Contracts with renewal decision documented: [B]
Contracts with active renewal in progress: [C]

Renewal readiness: ((B + C) / A) × 100

Target: 100% (all upcoming renewals have decision or are in progress)

Data quality verification:

For a random sample of 10% of inventory records (minimum 10 records), verify:

Contract document exists in repository and matches recorded reference
Entitlement quantity matches vendor portal or contract
Deployment quantity matches current deployment data source
Expiry dates are accurate within 30 days
Cost figures match financial records within 5%

Target accuracy: 95% of sampled records pass all checks.

Troubleshooting

Symptom	Cause	Resolution
Vendor portal shows different entitlements than contract	Contract amendments not reflected in portal; portal data entry errors; different product naming conventions	Contact vendor licensing team with contract documentation. Request portal reconciliation. Document discrepancy resolution for audit trail.
Unable to locate contract for active vendor	Informal procurement; contract expired and renewed by PO only; decentralised purchasing	Search email archives for order confirmations; request contract copy from vendor; formalise vendor relationship with new agreement.
Deployment data shows installations not in inventory	Shadow IT procurement; legacy installations; evaluation software not removed	Identify installation source; add to inventory if legitimate; remove if unauthorised; update procurement policies to prevent recurrence.
Compliance audit notification received	Vendor exercising contractual audit rights; random audit selection; triggered by suspicious activity	Engage legal counsel immediately; do not provide data without review; gather internal compliance evidence; consider voluntary disclosure if non-compliant.
Renewal quote significantly higher than current pricing	Previous promotional pricing expired; nonprofit programme ended; price increase; quantity change	Verify pricing basis with vendor; confirm nonprofit eligibility; request price match to previous; escalate to account executive; evaluate alternatives.
Auto-renewal executed unintentionally	Missed notice period; notice sent to wrong address; contract terms misunderstood	Contact vendor immediately for cancellation; review contract for cancellation provisions; document auto-renewal terms in inventory; set earlier calendar reminders.
Cannot export data from SaaS vendor	Export feature not available in licence tier; technical limitations; vendor obstruction	Upgrade licence tier if export included; request manual export from vendor; use API if available; escalate to vendor management; document for contract negotiation.
Vendor acquired by another company	M&A activity; vendor consolidation	Review contract assignment clauses; contact acquiring company for transition details; verify licence continuity; assess product roadmap impact; consider alternatives if strategic direction changes.
Licence keys no longer work after renewal	Key not updated in inventory; renewal not processed by vendor; licence server synchronisation failure	Verify renewal payment processed; obtain new keys from vendor portal; update licence server; contact vendor support if keys still fail.
Finance records show software spend not in inventory	Expense coded to wrong category; direct departmental procurement; credit card purchases outside procurement	Review all expense categories; survey department heads for software purchases; implement procurement controls to capture future purchases.
Deployed quantity cannot be determined	No endpoint management; SaaS lacks usage reporting; on-premises software untracked	Implement endpoint management for desktop software; request usage reports from SaaS vendors; conduct manual software audit; use network discovery tools.
Nonprofit discount denied	Organisation type not eligible; registration not current; programme requirements changed; application error	Verify eligibility requirements; update charity registration; contact programme administrators; try alternative programme or reseller.

Automation opportunities

The following aspects of vendor and licensing management benefit from automation for organisations managing more than 50 software products:

Renewal alerting: Configure calendar systems or workflow tools to generate renewal alerts at 120-day, 90-day, 60-day, and 30-day intervals before contract expiry. Include contract owner, current cost, and renewal decision status in alerts.

Deployment data collection: Schedule automated collection of deployment data from endpoint management, identity providers, and SaaS platforms. Store in a central location for compliance comparison.

Compliance reporting: Create automated reports comparing entitlement quantities against deployment quantities. Flag variances exceeding 10% for review. Generate monthly or quarterly depending on audit risk.

Spend tracking: Configure finance system integrations to automatically capture software expenditure and associate with vendors in the licence inventory. Highlight new vendors not in inventory.

Script template for deployment data collection (adapt to your endpoint management tool):

#!/bin/bash
# Collect software deployment data from endpoint management
# Run weekly via scheduled task

DATE=$(date +%Y-%m-%d)
OUTPUT_DIR="/path/to/deployment-data"
OUTPUT_FILE="${OUTPUT_DIR}/deployment-${DATE}.csv"

# Query endpoint management API (example for generic REST API)
curl -s -H "Authorization: Bearer ${API_TOKEN}" \
  "https://endpoint-mgmt.example.org/api/v1/software/inventory" \
  | jq -r '.items[] | [.software_name, .version, .install_count] | @csv' \
  > "${OUTPUT_FILE}"

# Notify if file is empty (API failure)
if [ ! -s "${OUTPUT_FILE}" ]; then
  echo "Deployment data collection failed on ${DATE}" | \
    mail -s "Deployment Data Alert" it-admin@example.org
fi