UCLA has entered pre‑litigation talks with Oracle to resolve a multi‑year breach claim linked to the stalled Ascend 2.0 finance‑systems migration. The university’s Compliance and Audit Committee is reviewing a proposed settlement while assessing whether to continue with Oracle or seek an alternative vendor.
Regulatory Action
- Regulation involved: California Consumer Privacy Act (CCPA) and California Public Records Act (CPRA) – both require public institutions to maintain transparent records of contract performance and data‑handling obligations.
- Trigger: The Regents’ Compliance and Audit Committee listed a proposed settlement with Oracle America on its agenda, citing an alleged breach of the original Ascend 2.0 contract. The breach claim stems from Oracle’s failure to meet agreed‑upon service levels, licensing cost disclosures, and support responsiveness, all of which are material terms under California contract law and the university’s own procurement policies.
What It Requires
- Formal Disclosure of Settlement Terms
- Under the CPRA, UCLA must publish a summary of any settlement that affects the university’s financial position or data‑processing practices. The summary must be posted on the university’s public website within 30 days of finalizing the agreement.
- Audit of License Usage and Cost Allocation
- The university’s internal audit team must reconcile Oracle Cloud SaaS license consumption against the $98.9 million revised budget. Any over‑billing must be documented and reported to the California State Auditor per Government Code § 15002.
- Data‑Protection Impact Assessment (DPIA)
- Because the finance system processes student and research grant data, the DPIA required by the CCPA must be updated to reflect the new vendor arrangement or the decision to retain Oracle. The DPIA must identify any residual risk from the delayed go‑live and outline mitigation steps.
- Vendor‑Performance Review
- The university must complete a formal performance assessment of Oracle by 31 July 2026. This includes:
- Verification of response times for licensing queries (target < 48 hours).
- Confirmation that all contractual service‑level agreements (SLAs) are met for the remaining modules (e.g., budgeting, research administration).
- Contingency Planning
- If the settlement does not resolve the core issues, UCLA must issue a Request for Proposal (RFP) for an alternative ERP provider. The RFP must comply with California Public Contract Code §§ 10200‑10204 and be published no later than 15 September 2026.
Compliance Timeline
| Deadline | Action | Responsible Party |
|---|---|---|
| 15 June 2026 | Submit preliminary settlement brief to the Compliance and Audit Committee | Office of General Counsel |
| 30 June 2026 | Publish settlement summary under CPRA | Communications Office |
| 31 July 2026 | Complete Oracle performance audit and DPIA update | Internal Audit & Data Privacy Office |
| 15 September 2026 | Issue RFP if settlement does not meet performance thresholds | Procurement Services |
| 31 October 2026 | Final decision on vendor continuation or transition | Regents of the University of California |
Why This Matters
The Ascend 2.0 project was intended to replace a legacy mainframe system dating back to the 1980s with a modern Oracle Cloud SaaS suite. Delays have pushed the go‑live date from the original July 2020 target to an indefinite pause in August 2024, inflating costs and exposing the university to compliance risk. By entering pre‑litigation talks, UCLA aims to:
- Secure a financial remedy for the $13.5 million already spent without delivering the core financials module.
- Obtain clearer licensing terms that satisfy CCPA disclosure requirements.
- Preserve the ability to transition to an alternative ERP solution without breaching existing procurement statutes.
Next Steps for Stakeholders
- Faculty and staff should monitor the university’s public disclosures for any changes to data‑handling practices.
- Vendors interested in the upcoming RFP must prepare documentation that demonstrates compliance with California’s contract and privacy statutes.
- Compliance officers at other public institutions can use UCLA’s timeline as a template for managing similar SaaS contract disputes.
The university has declined to comment on the confidential settlement negotiations, emphasizing that it remains focused on finding the most effective path forward for financial‑systems modernization.
Comments
Please log in or register to join the discussion