Oracle customers worldwide rely on Oracle solutions to help protect their computing environments and data in the cloud and on premises. As a global company, Oracle takes great care in the development, engineering, and distribution of its products.
Oracle has formal policies and procedures designed to ensure the safety of its supply chain. These policies and procedures explain how Oracle selects third-party hardware and software that may be embedded in Oracle products, as well as how Oracle assesses third-party technology used in Oracle’s corporate and cloud environments. Additionally, Oracle has policies and procedures governing the development, testing, maintenance, and distribution of Oracle software and hardware to mitigate the risks associated with the malicious alteration of these products before purchase and installation by customers.
Oracle America Inc. is a certified partner in the Customs-Trade Partnership Against Terrorism (C-TPAT) program. By participating in this program, Oracle enables the free flow of international trade. As a C-TPAT partner, we require that appropriate security measures, based upon risk analysis and consistent with C-TPAT security criteria, are maintained in a documented and verifiable format throughout our international supply chains.
Oracle also has formal requirements for its suppliers to confirm they protect the Oracle and third-party data and assets entrusted to them. The Supplier Information and Physical Security Standards detail the security controls that Oracle’s suppliers are required to adopt when:
In addition, Oracle suppliers are required to adhere to the Oracle Supplier Code of Ethics and Business Conduct, which includes policies related to the security of confidential information and intellectual property of Oracle and third parties.
Oracle’s Supply Chain Risk Management practices focus on quality, availability, continuity of supply, and resiliency in Oracle’s direct hardware supply chain, and authenticity, and security across Oracle’s products and services.
Quality and reliability for Oracle’s hardware systems are addressed through a variety of practices, including:
Supply availability and continuity and resiliency in Oracle’s hardware supply chain are addressed through a variety of practices, including:
Authenticity and the risk of counterfeit products are addressed throughout the product and service life cycle, including:
Additional security processes focus security and product protections during transport, shipping, and warehousing.