Human Resources Security

Overview

Oracle maintains high standards for ethical business conduct at every level of the organization, and at every location where Oracle does business around the world. These apply to Oracle employees, contractors, and temporary employees, and cover legal and regulatory compliance and business conduct and relationships. Oracle requires its employees to receive training in ethics and business conduct every two years.

Emphasis on Personnel Security

Oracle places a strong emphasis on personnel security. The company has ongoing initiatives intended to help minimize risks associated with human error, theft, fraud, and misuse of facilities, including personnel screening, confidentiality agreements, security awareness education and training, and enforcement of disciplinary actions.

Employee Screening

In the United States, Oracle uses an external screening agency to perform pre-employment background investigations for newly hired U.S. personnel. Personnel screening in other countries varies according to local laws, employment regulations, and local Oracle policy.

Commitment to Confidentiality

Oracle employees are required to maintain the confidentiality of customer data. Employees must sign a confidentiality agreement and comply with company policies concerning protection of confidential information as part of their initial terms of employment. Oracle obtains a written confidentiality agreement from each subcontractor before that subcontractor provides services.

Security Awareness Education and Training

Oracle promotes security awareness and educates employees through regular newsletters and ad hoc security awareness campaigns.

Each employee is required to complete information-protection awareness training upon hiring and every two years thereafter. The course instructs employees on their obligations under Oracle privacy and security policies. This course also covers data-privacy principles and data-handling practices that may apply to employees’ jobs at Oracle and are required by company policy.

Enforcement

Oracle promotes security awareness and educates employees through regular newsletters and ad hoc security awareness campaigns.

Security reviews, assessments, and audits are conducted periodically to confirm compliance with Oracle information-security policies, procedures, and practices. Employees who fail to comply with these policies, procedures and guidelines may be subject to disciplinary action up to and including termination of employment.