A compliance register reconciles what you deployed, reported, and can evidence for every month in the 36 month window. Build it before the audit and you walk in with the proof already assembled.
A compliance register is the single artifact that turns scattered SPLA reporting into a defensible position. It is the place where every month, every customer, every product version, and every authentication count live together, reconciled. Build it before an audit and you walk into the room with the evidence already assembled.
A SPLA compliance register is a living record that reconciles what you deployed, what you reported, and what you can evidence, for every monthly cycle in the rolling 36 month window. It is not the monthly SAL report alone. It is the connective tissue that links each report to its underlying proof: the sealed authentication counts behind a SAL figure, the customer mapping behind each block, the version mapping behind each product line, and the architecture records behind each multi tenant boundary. When a Big Four auditor asks how you arrived at a number, the register is the answer.
Without a register, every audit becomes an archaeology project run under time pressure. With one, the audit becomes a review of evidence you already hold. The difference is the difference between defending and reconstructing.
A register can live in a controlled spreadsheet or a system, but the structure is consistent. For every reporting month it should hold, at minimum, the fields below.
The figures are indicative and illustrate structure, not a quote.
| Field | Example entry | Evidence held |
|---|---|---|
| Month | Reporting cycle in the lookback | Submission timestamp |
| Product and version | SQL Server, edition and version | Deployment inventory |
| Count and SPUR rule | Processor count, rule applied | SPUR mapping note |
| SAL basis | Subscriber access licences | Sealed daily authentication count |
| Customer mapping | Block tied to named customers | Contract and provisioning records |
When the audit starts, a complete register lets you control the channel and produce evidence on your terms. You answer the data request from a position of knowledge rather than scrambling to recreate counts. You can separate the non negotiable back fee from the negotiable uplift with confidence, because you already know your true count. And demonstrated reporting discipline, which a register makes visible, is one of the strongest arguments for the low end of the 25 to 125 percent uplift range.
The best register is never finished, because each month adds a row. That is the point. It converts compliance from a periodic panic into a routine that quietly builds your defense. Hosters that keep a living register tend to find their over reporting too, recovering margin that scattered reporting hides. The discipline pays in both directions.
If you do not have a compliance register, or yours has gaps across the lookback, building it is the highest value move you can make before an audit. Our SPLA audit defense guide sets out the standard, and the related articles below cover reporting discipline and the data request. Book a strategy call and we will help you stand the register up and reconcile the months that matter most.
When the exposure is real, we defend the full 36 month lookback through our SPLA audit defense work.
Book a strategy call and we will help you stand up a SPLA compliance register and reconcile the months that carry the most risk. Fixed Fee from $18,000 or Gainshare, both backed by our guarantee.
Book a Strategy CallWeekly intelligence on Microsoft and SPLA audit moves and the buyer side defenses that work.