Oracle’s information-asset classification determines corporate data-security requirements for Oracle-managed systems. Oracle policies and standards provide global guidance for appropriate controls designed to protect the confidentiality, integrity, and availability of corporate data in accordance with the data classification. Required mechanisms are designed to be commensurate with the nature of the corporate data being protected. For example, security requirements are greater for data that is sensitive or valuable, such as cloud systems, source code and employment records.
Oracle’s corporate security controls can be grouped into three categories: administrative, physical, and technical security controls.
In addition, Oracle has formal programs to guide development of software and hardware solutions. Encompassing every phase of the product development lifecycle, Oracle Software Security Assurance is Oracle’s methodology for building security into the design, build, testing, and maintenance of its products. Oracle’s formal programs also focus on security requirements and operations for Oracle Cloud.