Thai organisations facing an IBM audit are tested on two things at once: the Processor Value Unit (PVU) maths and whether the IBM License Metric Tool (ILMT) was deployed and reporting in time — miss the ILMT window and IBM can charge at full capacity instead of sub-capacity. This page covers the IBM audit climate in Thailand, the local legal context, and the firms that defend the pair, listed alphabetically with pros and cons, not ranked.
Published 10 October 2025 · Last reviewed 11 March 2026
IBM is audit-active in Thailand, where banking, telecoms, manufacturing and government run WebSphere, Db2, MQ, Cognos and Maximo across virtualised estates — a profile that generates broad PVU exposure. As a regional manufacturing and services base, Thailand hosts consolidated estates for multinationals operating across South-East Asia. With roughly 62–63% of organisations reporting a software audit within any twelve-month period globally, and around 52% now bringing outside defense help, large virtualised IBM estates are squarely in scope. These global figures are indicative and not specific to this market.
The audit turns on the ILMT sub-capacity trap: without the IBM License Metric Tool deployed and reporting in the required window, IBM can deny sub-capacity and recalculate at full capacity across every core. Thailand’s data-protection regime adds a second front, because employee-linked and deployment data cannot simply be exported to an overseas auditor without meeting local requirements.
The PVU and ILMT sub-capacity mechanics that decide the number — the same worldwide, enforced locally.
Processor Value Unit maths spans physical and virtual hosts and is complex enough to compute in IBM’s favour without a careful independent re-count.
Sub-capacity licensing requires the IBM License Metric Tool deployed and reporting within the required window. Miss it and IBM can charge at full capacity.
Whether you are charged for the whole host or only the virtual portion is the single biggest swing in an IBM finding.
WebSphere, Db2, MQ, Cognos and Maximo entitlements are read against program rules that put the burden of proof on the customer.
IBM audits are often delivered through appointed firms, some of which also advise buyers elsewhere — a conflict to weigh.
Reporting gaps are charged retroactively, compounding exposure across the audited period.
Thailand is a civil-law jurisdiction. Contract formation, performance and prescription are governed by the Civil and Commercial Code, and software is protected under the Copyright Act B.E. 2537 (1994), which treats unlicensed use as infringement. The audited period and any back-charges are ultimately governed by the Passport Advantage terms and the agreement’s choice-of-law and limitation clauses; many enterprise deals are routed through an IBM regional entity under a foreign governing law.
Data handover is shaped by the Personal Data Protection Act B.E. 2562 (2019) (PDPA), which regulates the processing and cross-border transfer of personal data, including employee-linked deployment data sent to an auditor. Assessing what data leaves Thailand, and on what basis, is a legitimate lever over audit scope, where analysis happens and timing. This is general information about the Thai market, not legal advice.
This page is general information about the Thailand legal and procurement environment and IBM’s audit practices, not legal advice for your situation. IBM’s program is described factually; figures are labelled indicative.
Listed alphabetically with balanced pros and cons — a directory, not a ranking.
Large multi-vendor ITAM/SAM services firm with an ISO 19770 practice and global delivery across Microsoft, IBM, Oracle and SAP estates.
Independent multi-vendor licensing practice covering IBM, Microsoft, Oracle, SAP and Tier-2 publishers, with a stated 100% impartial, buyer-side model.
Buyer-side licensing boutique combining advisory with the ArxPlatform monitoring tool and a contractual protection model across Oracle, Microsoft, IBM and VMware.
Independent boutique with strong IBM and VMware/Broadcom review depth and broader multi-vendor coverage, known for current licensing-change analysis.
Independent multi-vendor SAM managed-service provider with an audit-readiness focus, serving large multinationals from a London base since 2010.
Buyer-side independent licensing advisory with one of the broadest multi-vendor footprints, covering Oracle, Microsoft, SAP, IBM, Broadcom, Salesforce, ServiceNow and Workday.
DEMO — listings are compiled from public information and labelled demo until the verified registry is live. Firms are listed alphabetically, never ranked. Independence is shown as a pro; a reseller, Big-Four or vendor-side audit relationship is shown as a con — each a factual trade-off for you to weigh.
IBM claims in Thailand typically resolve through negotiated settlement rather than litigation, given the cost and uncertainty of contesting cross-border and IBM’s preference to convert findings into renewed or expanded Passport Advantage and Enterprise Software & Support commitments. What moves the number is a clean independent PVU re-count, evidence of ILMT remediation, contesting full-capacity where sub-capacity is defensible, and timing the conversation against IBM’s quarter and year end.
Indicative outcomes vary widely by estate and are not scored here: independent firms report meaningful reductions where ILMT data can be reconstructed or where a full-capacity assertion is challenged, but any figure a firm cites is self-reported and indicative until independently verified.
Up to the IBM hub and the Thailand hub, across to sibling markets and services.
If the IBM License Metric Tool was not deployed and reporting within the required window, IBM can deny sub-capacity licensing and recalculate the claim at full capacity — charging for every core in the host rather than the virtual portion. Reconstructing deployment evidence and demonstrating remediation is central to contesting a full-capacity assertion. This is information, not legal advice.
Prescription periods are set by the Civil and Commercial Code, but the audited period and any back-charges depend on the Passport Advantage terms and your agreement’s choice-of-law clause — many deals specify a foreign governing law. Confirm the position for your specific contract with qualified Thai counsel.
Transfers of employee-linked and deployment data are governed by the Personal Data Protection Act B.E. 2562 (2019) (PDPA), which regulates cross-border transfer. Assessing what data leaves Thailand, and on what basis, is a legitimate procedural lever over audit scope, where analysis happens and timing.
No — when a firm is appointed by IBM to conduct an audit it acts on the vendor side, a direct conflict with buyer-side defense. Such firms appear in this directory with that con stated plainly. Independence is shown as a pro and vendor-side audit work as a con, both factual trade-offs.
No. Every firm covering IBM in Thailand is listed in neutral alphabetical order with balanced pros and cons, never a ranking or a recommendation.
Tell us your situation and we route your brief to firms covering IBM in Thailand. The directory and matching are free for buyers, no vendor ever sees your brief, and no firm is recommended over another.
Our weekly dispatch on vendor audit programs, regional developments and one buyer move. Subscribe to The Licensing Radar.