What records does OpenText copy in a Documentum audit
The audit clause gives OpenText the right to copy relevant records. Two words in that sentence carry the whole question: relevant, and records. What the vendor actually needs to measure a Documentum estate is far narrower than what an open ended request will reach for, and the gap between the two is the buyer's to defend.
When a Documentum audit opens, the data demand follows quickly. OpenText gives seven days notice before an audit and the right to copy relevant records, and the audit team will ask for system extracts, configuration details, deployment information, and usage data to build the finding. The contractual right is real, but it is bounded by relevance: the records that bear on license compliance, not the entire contents of the estate. A request that is allowed to sweep beyond what the metric requires produces a larger, messier dataset, and a larger dataset gives the finding more material to inflate. Managing what is provided, ensuring it is accurate, complete on the points that help the buyer, and confined to what the measurement genuinely needs, is one of the most important early moves in a Documentum defense. Because the EULA makes compliance the licensee's responsibility, the buyer is also the party best placed to ensure the record the audit relies on is the right one.
What the audit right actually covers
The audit clause entitles OpenText to copy records relevant to verifying license compliance. For a Documentum estate that points to a defined set of materials: the user and account information that establishes the seat count, the deployment and environment details that establish where the software runs, the entitlement records that establish what was purchased, and the usage information that establishes how the software is actually used. These are the records that map to the licensed metrics. The boundary worth holding is relevance to the measurement. Materials that do not bear on the metric, the content stored in the repository, unrelated business data, information about systems outside the audited products, are not what the compliance verification needs.
The principle to hold to is that the vendor's right is to the records that prove or disprove compliance, exercised through a single controlled channel, not to an unbounded copy of the environment. Defining relevance up front, and providing accurate, well organised records within it, both satisfies the clause and keeps the finding anchored to the data that actually measures the license.
An open ended data request reaches beyond the records the metric needs. The audit right is to relevant records, the user, deployment, entitlement, and usage data that measure the license, not to the repository contents or unrelated systems. Scoping the request to relevance keeps the dataset honest.
The records that matter, and the ones that do not
User and account records
The account tables and directory information establish the seat count, and they are central to the measurement. They must be accurate and complete, because they are also the records that let the buyer disqualify ineligible accounts, the work described in how to challenge a Documentum repository headcount. Providing them well serves the defense, not just the audit.
Usage and activity data
Usage logs establish how the software is actually consumed, and they are where dormant accounts and read only access are demonstrated. Far from being a record to withhold, well kept usage data is the buyer's strongest evidence, as set out in reducing a Documentum finding with usage evidence.
Deployment and environment records
Server, instance, and environment details establish where Documentum runs, and they are needed to separate production from non production and to read capacity metrics correctly. The relevance here stops at the audited products, not every system in the data centre, a boundary that connects to Documentum non production environments and license claims.
Managing the data demand under the four Rs
Respond. OpenText gives seven days notice before an audit and the right to copy relevant records. In that window we take over the channel, define relevance against the licensed metrics, and ensure records leave the business through one controlled route rather than several uncoordinated ones.
Reconstruct. We build the effective license position independently, which means assembling the user, usage, deployment, and entitlement records ourselves first. Knowing exactly what the records show before they are shared lets the buyer provide accurate, complete data on the points that help and confine the rest to what relevance requires.
Rebut. We challenge the finding line by line using the same records. Because the data was scoped to relevance and prepared with care, the usage logs disqualify dormant accounts, the deployment records separate environments, and the entitlement records establish what was purchased. The record becomes the evidence for the reduction.
Resolve. We settle on the corrected position and, where it serves you, convert forward into an OpenPass agreement that defines the audit data scope clearly, so a future audit cannot expand the request beyond what the measurement needs.
An anonymised outcome
The reason managing the record matters is the standard remedy that rides on the finding. On noncompliance the licensee is deemed to have acquired licenses at then current list price, owes back maintenance and support, owes first year maintenance on the new licenses, and reimburses the cost OpenText incurs performing the audit, so a finding built on a sloppy or over broad dataset carries that multiplier on every overstated line. In our anonymised insurance engagement, case file E-01, a Documentum centred ECM finding fell from $7.2M to $1.6M, a 78 percent reduction, achieved by working the same user and usage records the audit relied on and showing what they actually proved. The record was not the vendor's alone, it was the evidence that brought the number down.
The record is evidence, so prepare it like evidence
The lasting lesson is that the records an audit copies are not merely a vendor entitlement to satisfy, they are the evidentiary basis of the finding and of the defense alike. A buyer who treats the data demand as something to be met passively, handing over whatever is asked for without scope or preparation, surrenders control of the very material that decides the number. A buyer who defines relevance, prepares accurate records, and shares them through one channel keeps the finding tied to the data that genuinely measures the license, and that data almost always supports a smaller number than the opening position.
For a buyer, the practical step is to know, before the request arrives, where the user, usage, deployment, and entitlement records live and what they show, so the response is scoped to relevance and prepared as evidence. To get ready, read how to reconcile Documentum entitlements before an audit, and to see how data handling fits the wider defense, read our ECM and Documentum audit defense track. If an audit data request reaches beyond what the measurement needs, open a case.
Where to go next
For the full method behind a Documentum finding, read our complete OpenText audit defense playbook for 2026. To understand how the vendor runs the measurement on the data it copies, read how OpenText measures Documentum in a self assessment script.
If an OpenText or Micro Focus audit notice has landed, the first seven days outweigh any week that comes after. OpenText Audit Defense is an independent, buyer side practice founded in 2020 by former vendor compliance leadership. We have defended more than 200 audits, reduced the average finding by 68 percent, and mitigated more than $90M in claims against vendor positions. We do not resell OpenText software and we are not affiliated with OpenText Corporation. To open a case, use the contact form on this site.