Oracle Global Customer Support (GCS) is a global operation. GCS follows formal security practices when performing software, hardware, and cloud technical support for its customers. These security practices are designed to preserve the security posture of our customers. Highlights include:
• Customer data is classified as one of the highest two classifications of Oracle confidential information (depending on the type of data). This data is subject to associated handling restrictions and access controls.
• Access to customer data is granted by Oracle to GCS staff based on job role and responsibility, with access provisioned from a central provisioning repository that is subject to a formal approval process and auditing.
• There are also restrictions on the storage and internal distribution of customer data, as well as on the retention of this data.
• Oracle’s information security management program is aligned with ISO/IEC 27001:2013. GCS practices comply with corporate policies established by Oracle’s Global Information Security and Global Product Security organizations, and also with technical security standards and procedures defined by Oracle’s IT and support organizations.
• GCS provides both new hire and recurring training courses, custom training for specific workflows and business cases, and regular hot topics training and communications for GCS staff.
Please note that GCS services and systems are not designed to accommodate special security controls that may be required to store or process certain types of sensitive data. Customers need to ensure that they do not submit any personal information, health, payment card, or other sensitive data that requires protections greater than those specified in Oracle’s technical support security practices.
For more information, see the Oracle Global Customer Support Security Practices (PDF) located on the Technical Support Policies page on Oracle.com.