Oracle’s formal Information Protection Policy provides guidelines for all Oracle personnel and business partners regarding information classification schemes and minimum handling requirements associated with those classifications.
Oracle categorizes confidential information into three classes—Internal, Restricted, and Highly Restricted—with each classification requiring corresponding levels of security controls, such as encryption requirements for data classified as Restricted or Highly Restricted.
Oracle’s mandatory training instructs employees about the company’s Information Protection Policy. This training also tests employee understanding of information asset classifications and handling requirements. Employees must complete this training when joining Oracle and must periodically repeat it thereafter. Reports enable managers to track course completion for their organizations.
Oracle has formal requirements for managing data retention. These operational policies define requirements per data type and category, including examples of records in various Oracle departments.