Overview

The corporate security architecture team guides Oracle’s IT departments and lines of business towards deploying information security and identity management solutions that advance Oracle's information security goals. The team works with Global Information Security and Global Product Security, and the development Security Leads to address key security topics and tooling.

Corporate Security Architecture manages a variety of programs and leverages multiple methods of engaging with leadership, IT, and security teams responsible for Oracle operations, services, cloud, and other lines of business. An example program is the Corporate Security Solution Assurance Process (CSSAP).

Corporate Security Solution Assurance Process

CSSAP is a security review process developed by Corporate Security Architecture, Global Information Security, Global Product Security, and Oracle's IT organizations to provide information security management review.

CSSAP reviews are designed to help align systems with Oracle’s strategy and corporate policies. CSSAP helps to accelerate the delivery of innovative cloud solutions and corporate applications by requiring appropriate reviews:

• Pre-review: technical security management teams in each line of business must perform a pre-assessment of each project using the approved template
• CSSAP review: security architecture team reviews the submitted plans and performs a technical security design review
• Security assessment: based on risk level, systems and applications undergo security verification testing before production use

Oracle Cloud Program

Corporate Security Architecture manages a cross-organization working group focused on security architecture, with the goal of collaboratively guiding security for Oracle cloud services. Participation includes members from Oracle cloud service development, operations, and governance teams.