Corporate Security Architecture Oversight


The Oracle corporate security architect helps set internal information-security technical direction and guides Oracle’s IT departments and lines of business towards deploying information security and identity management solutions that advance Oracle's Information Security goals. The corporate security architect works with Global Information Security and Global Product Security, and the development Security Leads to develop, communicate, and implement corporate security architecture roadmaps.

Corporate Security architecture manages a variety of programs and leverages multiple methods of engaging with leadership and operational security teams responsible for Oracle operations, services, cloud, and all other lines of business.

An example program for managing the security of Oracle’s architecture is the Corporate Security Solution Assurance Process (CSSAP).

Corporate Security Solution Assurance Process

CSSAP is a security review process developed by Corporate Security Architecture, Global Information Security, Global Product Security, and Oracle's IT organizations to provide comprehensive information-security management review. CSSAP reviews are designed to help align systems with Corporate Security Architecture strategy and corporate policies.

CSSAP helps to accelerate the delivery of innovative cloud solutions and corporate applications by requiring appropriate reviews so that projects are aligned with:

  • Pre-review: risk management teams in each line of business must perform a pre-assessment of each project using the approved template
  • CSSAP review: security architecture team reviews the submitted plans and performs a technical security design review
  • Security assessment: based on risk level, systems and applications undergo security verification testing before production use

Oracle Cloud Program

Corporate Security Architecture manages a cross-organization working group focused on security architecture, with the goal of collaboratively guiding security for Oracle cloud services. Participation includes members from Oracle cloud service development, operations, and governance teams.