Es tut uns leid. Wir konnten keine Übereinstimmung für Ihre Suche finden.

Beachten Sie die folgenden Tipps, um das Gesuchte zu finden:

  • Prüfen Sie die Schreibweise des Suchbegriffs.
  • Verwenden Sie Synonyme für das eingegebene Stichwort, z. B. „Anwendung“ statt „Software“.
  • Beginnen Sie eine neue Suche.

BaFin Attestation for Oracle Fusion Cloud Applications

Derya Sözen Esen | Senior Manager | EMEA / LAD SaaS Compliance | November 28, 2022

Schellman & Company, LLC completed an examination

Oracle Fusion Cloud Applications Suite achieved a Type 2 attestation for BaFin on October 7, 2022.

Schellman & Company, LLC completed an examination to assess Oracle Fusion Cloud internal controls against the criteria within the Bundesanstalt für Finanzdienstleistungsaufsicht (“BaFin ”) regulations for information security and risks related to outsourcing (“BaFin regulations”). The examination covers the period from July 1, 2021 to June 30, 2022. The examination focused on Oracle’s information security program supporting Oracle Fusion Cloud Applications Suite, including Oracle Fusion Cloud Enterprise Performance Management (EPM), and Oracle European Union Restricted Access (EURA) Cloud Service for Oracle Fusion Applications and Oracle Cloud EPM and related Oracle controls that assist Oracle customers in meeting their own requirements set forth in the BaFin regulations. Oracle itself is not directly subject to compliance with BaFin requirements.

Examination conducted with Attestation Standards

Schellman conducted the examination in accordance with attestation standards established by the AICPA SSAE 18, Attestation Standards: Clarification and Recodification and in accordance with ISAE 3000, Assurance Engagements Other than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Standards Board. Based on the examination, Schellman did not identify any testing exceptions for Oracle’s controls related to how customers subject to the BaFin regulations may be compliant when using the Oracle Fusion Applications, Oracle Cloud EPM, and Oracle EURA Cloud Service for Oracle Fusion Applications and Oracle Cloud EPM, as noted in their opinion dated October 7, 2022. Schellman compiled a formal report following the examination.

The report covers selected requirements of the following regulations:

  • Banking Act of the Federal Republic of Germany (KWG);
  • Insurance Supervision Act of the Federal Republic of Germany (VAG);
  • Guidance on outsourcing to cloud service providers;
  • Minimum Requirements for Risk Management (MaRisk);
  • Minimum Requirements under Supervisory Law on the System of Governance of Insurance Undertakings (MaGO);
  • Supervisory Requirements for IT in Financial Institutions (BAIT);
  • Supervisory Requirements for IT in German Asset Managers (KAIT); and
  • Supervisory Requirements for IT in Insurance Undertakings (VAIT).

Schellman compiled a formal report following the examination

Customers are solely responsible for determining the suitability of a cloud service in the context of BaFin. The information in the report compiled by Schellman is provided to aid German financial services customers in their evaluation of Oracle Fusion Applications. The reports are available both in English and German.

Learn more of our compliance activities

Please reach out to your Sales Representative and/or Account Manager to request access to the attestation report. To learn more of our compliance activities, check out the Compliance page on our website and Compliance Considerations for Cloud Services blogpost.


Derya Sözen Esen

IT regulatory compliance senior manager with a profound technical background with over 13 years of experience in the field. Derya Sözen Esen manages IT regulatory compliance activities across the EMEA and LAD regions for Oracle Cloud Applications. Derya is actively participating in working groups for development of new regulations/standards and running a doctoral research on Artificial Intelligence compliance and auditing.