SpotON – our blog around digital compliance in enterprises
SpotON – Digital Compliance
Read here regularly on selected topics, developments and news from the areas:
SAM & Cloud – use software legally compliant and cost-effective
IT Security & Threat Intelligence – protect the IT landscape effectively
Data & Digitization – manage digital assets across the lifecycle
Complion Insights – look behind the scenes of digital compliance consultants
20/10/2025
Resilience instead of stagnation: BCM and emergency management as key factors
Questions such as "Is my company resilient?" and "Can we still operate during a crisis or disaster?" are becoming increasingly important. Additional legal and regulatory requirements, such as NIS2 and DORA, make BCM indispensable. Standards such as ISO 22301 and BSI 200-4 provide guidance on implementing a Business Continuity Management System (BCMS).
In IT in particular, as a unit that mostly supports business processes, the strategic approaches of business continuity management (BCM) and the operational implementation of emergency management are essential.
Since it came into force on January 17, 2025, the DORA Regulation requires financial institutions to report an information register with an overview of all contractual relationships with third-party ICT service providers to the national supervisory authority on an annual basis. Since the creation of this register is mandatory anyway, it is worth using the data strategically for your own risk management. Based on our project experience, we show how valuable insights into dependencies, concentration risks, and cost structures can be gained from regulatory mandatory data.
The future of freedom of information in Germany – between the need for reform and digitization
The Freedom of Information Act (IFG) will remain in place – that is the key message that has stuck in the public consciousness following resistance from FragDenStaat, among others (source). But that alone is not enough. The question is how the coalition intends to modernize the law in order to offer added value to both citizens and the administration.
Almost everyone knows that in everyday working life, a department usually has to keep track of several issues and objectives. As a result, license compliance and the efficiency of software costs are often not given sufficient consideration in day-to-day business. There is a solution to counteract this problem and raise the necessary awareness: SAM Awareness.
In August, we held an exchange of experiences on SAM awareness measures with the Special Interest Group Software Asset Management & Licensing of VOICE e.V. The following article summarizes the findings from this exchange.
Legal use of Microsoft 365? Current status and outlook
Microsoft 365 ist aus der modernen Arbeitswelt kaum mehr wegzudenken. Gleichzeitig stellt der datenschutzkonforme Einsatz der Cloud-Dienste in Europa seit Jahren eine Herausforderung dar. Immer wieder äußern Datenschutzbehörden Kritik – insbesondere im Hinblick auf die (möglichen) Datenübermittlungen in USA. Wie ist die aktuelle Lage, und was bedeutet das für Unternehmen?
In just over a month, it will be time once again for the SACS – Software Assets & Cloud Services conference, which will open its doors in Leipzig on September 9 and 10, 2025. SACS is a vendor-neutral platform for professional and in-depth exchange of experiences on current trends in software asset management. We will also be there again to speak on current topics as part of VOICE's Vendor Observer Competence Center (VOCC). Our blog post provides a concise summary of what you can expect from our presentations at SACS.
I have been part of Complion since 2018. I got to know the core team in my previous role at Deloitte in Berlin, where I was responsible for training management at the Deloitte SAM Academy. With the introduction of the GDPR, I became increasingly involved in data protection projects. The collaboration has been a good fit from the start, and I still enjoy working with customers on practical solutions, which is why I've stayed.
ViennaON - Our summer event in Vienna from July 6, 2025, to July 12, 2025
Our team is spread across the DACH region. Video calls and emails are not always enough to create a real connection between all our employees. It is much more important for a good connection to bring all colleagues together in one place from time to time. That's why we at Complion organize a summer event in the form of a workation once a year. Each time in a new city, sometimes even outside Germany, all employees come together to work, gather impressions, and spend convivial evenings together. Of course, planned feasts of local cuisine and varied team events ranging from culture to brain teasers to action are not excluded.
VMware takeover by Broadcom - developments, impact and outlook
The takeover of VMware by Broadcom at the end of 2023 has changed the IT world forever - with far-reaching consequences for customers, partners and the entire VMware ecosystem. Since then, continuous adjustments to licenses, products and partner structures have caused great uncertainty.
Experience report from an implementation project: Contractual DORA compliance in ICT third-party risk management
In our latest article, Roman Scholtysik, Florian Müller, and Christian Grabner shed light on the contractual implementation of regulatory requirements under DORA. Based on concrete project experience, they show how companies can effectively shape digital resilience at the contractual level. A practical report for anyone who not only wants to understand DORA, but also wants to implement it operationally.
Between duty and potential: A project report on a Microsoft True-Up
What at first glance appears to be a mandatory annual task in license management turns out on closer inspection to be a project with great potential for optimization: the annual Microsoft True-Up report. The overarching goal is a comparison in which companies tell Microsoft how many licenses they have actually used in the past year.
