The Hoster Compliance Calendar

SPLA is pay as you consume, and compliance is verified for every monthly reporting cycle, not just your current position, across a 36 month lookback. That single fact changes everything about how a hoster should manage it. A program audited point in time can be cleaned up before the auditor arrives. A program audited month by month across three years cannot, because the evidence has to have existed in each of those months. You cannot manufacture a clean January eighteen months after the fact.

This is why the defense is structural rather than reactive. The work that defends a SPLA position is reporting discipline carried out on a fixed cadence, so that every month produces the record it needs while the information is still fresh and accurate. A calendar is simply the form that discipline takes. It converts a vague intention to stay compliant into specific tasks that happen on specific days, owned by specific people, every single cycle.

The heart of the calendar is the monthly reporting cycle, and it has a rhythm. Across the month, daily authentication counts are captured and sealed, so that the figures behind the eventual report are originals rather than estimates. Near the close of the cycle, usage is consolidated, the SAL or processor counts are calculated, the SPUR is applied to the current product versions, and each reported block is checked against its customer mapping. The report is then submitted on time, and the supporting evidence is filed where it can be found again. There is only a short window to correct a reporting mistake, so the calendar has to leave room to catch errors before the cycle closes rather than after.

Monthly discipline keeps each cycle clean, but it does not catch slow drift, so the calendar has heavier checkpoints on top of it. Each quarter, a wider review confirms that customer mappings still match live contracts, that new customers and new products have been brought into reporting, and that any SPUR update has been reflected in how counts are calculated. Once a year, a full reconciliation walks the entire lookback as the auditor would, confirms the trailing months are complete and consistent, and tests whether the evidence file would actually hold under questioning. Certain events also trigger their own checkpoint regardless of the calendar, such as onboarding a large customer, adding a product, or restructuring multi tenant infrastructure.

These layers turn the calendar from a reporting chore into a genuine defense. The monthly cycle produces the records, the quarterly review keeps them aligned with reality, and the annual reconciliation proves the whole lookback hangs together. The records this rhythm produces are the same ones assembled in the hoster audit defense pack, which is the calendar's output viewed as a single body of evidence.

The payoff is concrete. When an audit lands, back fees at the price file rate for any under reporting are not negotiable, but the penalty uplift of 25 to 125 percent is, and a calendar that has run cleanly is the strongest argument for the lower end of that range. On time reports across every month, sealed counts, and current mappings tell the auditor a story of discipline, which is exactly the story that argues the uplift down. A program with missing months and reconstructed figures invites the opposite reading. The way that uplift is calculated and argued is set out in the SPLA audit defense guide. As the calendar grows beyond what a few people can carry alongside their other work, the question of dedicated ownership arrives, which we take up in when to add a compliance lead to hoster operations.

We help you build the calendar, run it with your operations team, and defend the lookback if an audit lands. We sit between you and Microsoft and its appointed auditor, on your side of the table, and we never take vendor money. We work on a Fixed Fee from $18,000, or on Gainshare, a share of verified savings or avoided penalty with zero retainer and no risk to you. Our guarantee is plain: we reduce your exposure or we reimburse our service fee.