Oracle Supply Chain Security and Assurance

Introduction

Oracle customers worldwide rely on Oracle solutions to help protect their computing environments and data in the cloud and on premises. As a global company, Oracle takes great care in the development, engineering, and distribution of its products.

Oracle has formal policies and procedures designed to ensure the safety of its supply chain. These policies and procedures explain how Oracle selects third-party hardware and software that may be embedded in Oracle products, as well as how Oracle assesses third-party technology used in Oracle’s corporate and cloud environments. Additionally, Oracle has policies and procedures governing the development, testing, maintenance, and distribution of Oracle software and hardware to mitigate the risks associated with the malicious alteration of these products before purchase and installation by customers.

Oracle America Inc. is a certified partner in the Customs-Trade Partnership Against Terrorism (C-TPAT) program. By participating in this program, Oracle helps to secure our nation’s borders and ensure the free flow of international trade. As a C-TPAT partner, we require that appropriate security measures, based upon risk analysis and consistent with C-TPAT security criteria, are maintained in a documented and verifiable format throughout our international supply chains.

Oracle also has formal requirements for its suppliers and partners to confirm they protect the Oracle and third-party data and assets entrusted to them. The Supplier Information and Physical Security Standards detail the security controls that Oracle’s suppliers and partners are required to adopt when:

  • Accessing Oracle and Oracle customers’ facilities, networks and/or information systems
  • Handling Oracle confidential information, and Oracle hardware assets placed in their custody

In addition, Oracle suppliers are required to adhere to the Oracle Supplier Code of Ethics and Business Conduct, which includes policies related to the security of confidential information and intellectual property of Oracle and third parties.