Derya Sözen Esen | Senior Manager | EMEA / LAD SaaS Compliance | November 28, 2022
Oracle Fusion Cloud Applications Suite achieved a Type 2 attestation for BaFin on October 7, 2022.
Schellman & Company, LLC completed an examination to assess Oracle Fusion Cloud internal controls against the criteria within the Bundesanstalt für Finanzdienstleistungsaufsicht (“BaFin ”) regulations for information security and risks related to outsourcing (“BaFin regulations”). The examination covers the period from July 1, 2021 to June 30, 2022. The examination focused on Oracle’s information security program supporting Oracle Fusion Cloud Applications Suite, including Oracle Fusion Cloud Enterprise Performance Management (EPM), and Oracle European Union Restricted Access (EURA) Cloud Service for Oracle Fusion Applications and Oracle Cloud EPM and related Oracle controls that assist Oracle customers in meeting their own requirements set forth in the BaFin regulations. Oracle itself is not directly subject to compliance with BaFin requirements.
Schellman conducted the examination in accordance with attestation standards established by the AICPA SSAE 18, Attestation Standards: Clarification and Recodification and in accordance with ISAE 3000, Assurance Engagements Other than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Standards Board. Based on the examination, Schellman did not identify any testing exceptions for Oracle’s controls related to how customers subject to the BaFin regulations may be compliant when using the Oracle Fusion Applications, Oracle Cloud EPM, and Oracle EURA Cloud Service for Oracle Fusion Applications and Oracle Cloud EPM, as noted in their opinion dated October 7, 2022. Schellman compiled a formal report following the examination.
The report covers selected requirements of the following regulations:
Customers are solely responsible for determining the suitability of a cloud service in the context of BaFin. The information in the report compiled by Schellman is provided to aid German financial services customers in their evaluation of Oracle Fusion Applications. The reports are available both in English and German.
Please reach out to your Sales Representative and/or Account Manager to request access to the attestation report. To learn more of our compliance activities, check out the Compliance page on our website and Compliance Considerations for Cloud Services blogpost.
IT regulatory compliance senior manager with a profound technical background with over 13 years of experience in the field. Derya Sözen Esen manages IT regulatory compliance activities across the EMEA and LAD regions for Oracle Cloud Applications. Derya is actively participating in working groups for development of new regulations/standards and running a doctoral research on Artificial Intelligence compliance and auditing.