Oracle’s Corporate Security Program is designed to protect the confidentiality, integrity, and availability of both Oracle and customer data, such as:
Oracle’s security policies cover the management of security for both Oracle’s internal operations and the services Oracle provides to its customers, and apply to all Oracle personnel, such as employees and contractors. These policies are aligned with the ISO/IEC 27002:2013 (formerly known as ISO/IEC 17799:2005) and ISO/IEC 27001:2013 standards, and guide all areas of security within Oracle.
Some Oracle products and services are certified per specific industry and government standards such as ISO/IEC 27001:2013, AICPA SSAE Number 18 (SOC), Payment Card Industry Data Security Standards (PCI DSS) and other standards.
The Chief Corporate Architect, who reports directly to the Executive Chairman and Chief Technology Officer (CTO), is one of the directors of the Oracle Security Oversight Committee (OSOC). The Chief Corporate Architect manages the functional departments directly responsible for identifying and implementing security controls at Oracle. These departments drive the corporate security program, define corporate security policies, assess compliance, and provide operational oversight for the multidimensional aspects of Oracle’s security policies and practices: