Building compliance trust through ENS and PINAKES in Spain. Oracle Cloud Apps

Building compliance trust through ENS and PINAKES in Spain. Oracle Cloud Apps

Javier Mora-Lavin | Senior Principal, EMEA/LAD Oracle Cloud Apps Compliance | September 29, 2023| 3 minutes

Cloud and Trust

Without any doubt trust is the cornerstone of any relationship between companies of any nature. A relationship that little by little has moved from one-to-one towards one-to-many and in a more intertwined relationship among each other, where technology, in many ways, pivots and shapes how companies can go from doing a local activity to have a global presence in a matter of hours, targeting consumers from disperse ways and with targeted-customer-focus services.

As the above progress rapidly, regulation follows suit closely to make sure there is not a distortion of trust that could impact companies, consumers, and society in ultimate instance.

As Governments, public, private, and non-profit companies keep its pace by adopting cloud services, regulation, at any level, empowers and encapsulates trust through channels such as security and privacy frameworks, standards, best practices, and guidelines. If the progress of technology moves vertically, regulations do the same but horizontally.

So, how does Oracle Cloud Apps give the level of trust that customers across all sectors demand in Spain?

A solid and transparent trust comes twofold: National Security Schema (Esquema Nacional Seguridad – ENS) and PINAKES.

Today we see many regulations and directives emanating from the European Union that will come into effect across each state member in the coming months, and applicable to companies, suppliers, and organizations that deliver essential or critical services for the European Union economy and society.

Public Sector. National Security Scheme. ENS

Every two years, Oracle audits and certifies, through an accredited third party, the Oracle Cloud Apps offering under the ENS. Achieving the level any of our customers and prospects, in the public sector but also in the so-called critical infrastructure realm, would have expected from Oracle, ENS-High. Certificates available from the regulator’s web site (in Spanish).

With such rolling on security directives and having our offering certified under ENS, Oracle responses to the never-ending demands of customers to protect, and secure their cloud workloads with the highest security, operational and resilient controls and standards as established by ENS framework.

On top of the above, and to help our customers to configure their applications environments, and to avoid misconfiguration that could trigger potential security matters and lessen resilience. Oracle has produced several secure configuration guides, partnering with an accredited firm, in line with what the Spanish Public Sector regulator establishes, and linked to the security measures framed under the ENS, and for the high category. Such guides freely are available (in Spanish) to all our customers on the regulator’s site.

Financial Sector. PINAKES

A highly regulated sector such as the Financial one is not immured either to such -security- regulation at European Level. Regulation that addresses information technology incidents and how lacking operational resilience could jeopardize the financial system regardless having a solid capital covering traditional risk matters.

Due to this emerging regulation, and indeed existing one, and to provide the level of trust demanded by customers in this highly regulated market, Oracle reacted, and in parallel, to audit and qualify on an annually basis, also by an accredited party, the Oracle Cloud Apps offering under the security framework platform called PINAKES.

A security platform designed and managed by the Interbank Cooperation Center (Centro Cooperation Interbancaria) with the goal to help financial institutions to navigate, and so to comply, through their regulatory hurdles. PINAKES resembles risk ratings frameworks which provides levels based on categories (e.g., A+, A, B), and so, giving to the customers a more insight and deep understanding on how security, across multiple domains, is handled by the organizations.

Oracle obtained, based on the last audit, triple AAA. Advisory available to our customers on the Oracle Compliance page, under the advisory tab.

Customers are solely responsible for determining the suitability of a cloud service in the context of ENS and PINAKES.

Please reach out to your Sales Representative and/or Account Manager to request access to the audit report produced for PINAKES. To learn more of our compliance activities, check out the Compliance page on our website and Compliance Considerations for Cloud Services blogpost.

Javier Mora-Lavin

Javier Mora-Lavin

Senior Principal with a profound technical background with over 25 years of experience in the IT field spanning across different roles from sales, business and data analysis, software development, to privacy and information security. Javier Mora-Lavin works in the regulatory compliance team across the EMEA and LAD regions for Oracle Cloud Applications.