SpotON – our blog around digital compliance in enterprises
SpotON – Digital Compliance
Read here regularly on selected topics, developments and news from the areas:
SAM & Cloud – use software legally compliant and cost-effective
IT Security & Threat Intelligence – protect the IT landscape effectively
Data & Digitization – manage digital assets across the lifecycle
Complion Insights – look behind the scenes of digital compliance consultants
26/11/2025
Unused license potential – Former employees
Many companies need to save money. That's why it's more important than ever to keep a close eye on your own expenses. But how can you efficiently track which costs are necessary and which are not?
Preventing unnecessary expenses early on is the most effective way to save money.
The job description of a software asset manager – for experienced professionals and those who want to become one
In an increasingly digitalized world, where software is not just a tool but a strategic success factor, the job description of a software asset manager is becoming increasingly important. But what exactly does a software asset manager do – and how do you become one? This article is aimed at both industry newcomers and experienced professionals who want to reflect on or further develop their role.
Is the MCA-E the end of the Microsoft Enterprise Agreement (EA)?
The Microsoft Customer Agreement (MCA) is a simplified, digital, and open-ended contract for purchasing Microsoft Online Services.
Microsoft's vision is to gradually replace older and more cumbersome agreements with the MCA. What does this mean for customers?
Cybercrime – Trendwechsel: Mittelständler jetzt im Fadenkreuz der Hacker?
The IT threat landscape has always been an arms race. Anyone who has spent more than five minutes dealing with IT security knows this. It is the reason why threat intelligence products have their raison d'être and why companies have to regularly introduce new tools and processes to avoid falling victim to cyberattacks by hackers.
Resilience instead of stagnation: BCM and emergency management as key factors
Questions such as "Is my company resilient?" and "Can we still operate during a crisis or disaster?" are becoming increasingly important. Additional legal and regulatory requirements, such as NIS2 and DORA, make BCM indispensable. Standards such as ISO 22301 and BSI 200-4 provide guidance on implementing a Business Continuity Management System (BCMS).
In IT in particular, as a unit that mostly supports business processes, the strategic approaches of business continuity management (BCM) and the operational implementation of emergency management are essential.
Since it came into force on January 17, 2025, the DORA Regulation requires financial institutions to report an information register with an overview of all contractual relationships with third-party ICT service providers to the national supervisory authority on an annual basis. Since the creation of this register is mandatory anyway, it is worth using the data strategically for your own risk management. Based on our project experience, we show how valuable insights into dependencies, concentration risks, and cost structures can be gained from regulatory mandatory data.
The future of freedom of information in Germany – between the need for reform and digitization
The Freedom of Information Act (IFG) will remain in place – that is the key message that has stuck in the public consciousness following resistance from FragDenStaat, among others (source). But that alone is not enough. The question is how the coalition intends to modernize the law in order to offer added value to both citizens and the administration.
Almost everyone knows that in everyday working life, a department usually has to keep track of several issues and objectives. As a result, license compliance and the efficiency of software costs are often not given sufficient consideration in day-to-day business. There is a solution to counteract this problem and raise the necessary awareness: SAM Awareness.
In August, we held an exchange of experiences on SAM awareness measures with the Special Interest Group Software Asset Management & Licensing of VOICE e.V. The following article summarizes the findings from this exchange.
Legal use of Microsoft 365? Current status and outlook
Microsoft 365 ist aus der modernen Arbeitswelt kaum mehr wegzudenken. Gleichzeitig stellt der datenschutzkonforme Einsatz der Cloud-Dienste in Europa seit Jahren eine Herausforderung dar. Immer wieder äußern Datenschutzbehörden Kritik – insbesondere im Hinblick auf die (möglichen) Datenübermittlungen in USA. Wie ist die aktuelle Lage, und was bedeutet das für Unternehmen?
In just over a month, it will be time once again for the SACS – Software Assets & Cloud Services conference, which will open its doors in Leipzig on September 9 and 10, 2025. SACS is a vendor-neutral platform for professional and in-depth exchange of experiences on current trends in software asset management. We will also be there again to speak on current topics as part of VOICE's Vendor Observer Competence Center (VOCC). Our blog post provides a concise summary of what you can expect from our presentations at SACS.
I have been part of Complion since 2018. I got to know the core team in my previous role at Deloitte in Berlin, where I was responsible for training management at the Deloitte SAM Academy. With the introduction of the GDPR, I became increasingly involved in data protection projects. The collaboration has been a good fit from the start, and I still enjoy working with customers on practical solutions, which is why I've stayed.
