Suppliers Security


Oracle suppliers are required to protect the data and assets Oracle entrusts to them. These Supplier Information and Physical Security Standards detail the security controls that Oracle’s suppliers are required to adopt when accessing Oracle or Oracle customer facilities, networks and/or information systems, handling Oracle confidential information, or controlling custody of Oracle hardware assets. Suppliers are responsible for compliance with these standards, including ensuring that all personnel and subcontractors are bound by contractual terms consistent with the requirements of Oracle’s standards. These standards cover a wide range of requirements in the following critical areas:

  • Personnel/human resources security
  • Business continuity and disaster recovery
  • Information security organization, policy, and procedures
  • Compliance and assessments
  • Security incident management and reporting
  • IT security standards
  • Baseline physical and environmental security

Sub-Processors for Oracle Cloud Services

Oracle identifies sub-processors for cloud services. These sub-processor lists are distributed to customers via the Oracle Cloud Customer Support Portal.

Customers can be notified when the lists of Oracle’s sub-processor are updated. My Oracle Support article: “Oracle Services Affiliate and Third Party Subprocessor List Notification How to Sign Up” (Doc ID 2288528.1) provides instructions for subscribing to these notifications.