Oracle has attained SOC 1 and SOC 2 Type 2 compliance for the Retail SaaS portfolio. As a result, Oracle Retail is the only solution provider in its space to have both SOC 1 and SOC 2 compliance for all retail cloud services. This compliance is critical in ensuring retailers have the most robust security, privacy, and confidentiality while running their business operations on our retail solutions.
System and Organization Controls (SOC) is a program from the American Institute of Certified Public Accountants (AICPA). The program is intended to provide internal control guidelines for the services offered by a service organization, such as Oracle Retail. The audits are performed by an independent third-party service auditor (we enlist Schellman). The outcome of the audit is a report on the internal control structure of an organization, like Oracle Retail, that provides the services.
These audits provide reports on a standard set of policies, procedures, and controls by the service organization such as Oracle. They also provide retailers (and their auditors) proof of the controls in place and help reduce their risk. SOC reports help companies to establish trust and confidence in their service delivery processes and controls. Since an independent third party does the SOC reports, they provide more than a "take our word for it" promise. They allow retailers to have a standardized, apples-to-apples comparison of different service providers.
SOC compliance audits are one of many inputs into a retailer's financial reporting and Sarbanes-Oxley Act (SOX) compliance. Oracle strongly recommends that cloud customers formally analyze their cloud strategy to determine the suitability of using the applicable Oracle cloud services depending on their own legal and regulatory compliance obligations. These audits are one of the key components in that analysis.
“Retailers are entrusted with a treasure trove of customer, cost, recipe and supplier data that is increasingly under attack. The risk of security breaches and digital theft has never been greater. Oracle Retail provides mission-critical functionality to our community and now gives them the additional confidence of SOC 1 and SOC 2 certification for our entire SaaS platform. This unique milestone allows our customers to deliver a more secure shopping experience and underscores the significant R&D and security investments made to serve retailers.,” explains Oracle Retail SVP and GM Mike Webster.
According to Marqeta, 65% of consumers have been more concerned about fraud since the start of COVID-19. At the same time, up to 96% of consumers intend to continue using contactless payments post-pandemic. Retailers need to be ready to support the shift to mobile and contactless payment in-store and instant one-click checkout online and implement retail solutions that have SOC compliance reports ensures safety to the business to restore confidence in customers. For example, a modern retail POS system like Xstore relieves the fear of payment fraud.
There are two different types of reports, SOC 1 and SOC 2.
They are specifically intended to meet the needs of entities that use service organizations and the CPAs that audit the user entities' financial statements in evaluating the effect of the controls at the service organization on the user entities' financial statements. This report is particularly relevant for Merchandising Foundation Cloud Service (PDF).
This report intends to provide detailed information and assurance about the controls relevant to the security, availability, and processing integrity of the systems used to process users' data and the confidentiality and privacy of the information processed by these systems. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization—relevant to security, availability, and processing integrity of the systems the service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems.
There are two types of reports for these engagements:
Not everyone has SOC compliance; however, it is not that simple. Some technology solutions may have SOC reports for their data center but not for their applications. Others may have SOC 2 but not a SOC 1 report, as their solution does not have financial integrations. Oracle Retail is the only cloud solution provider offering SOC 1 and SOC 2 reports for their retail applications.