Data sovereignty and Oracle Fusion Cloud Applications Suite

Today’s organizations want to know where their data is stored, and which entities have access to it. For this they need a cloud provider, who not only offers transparency about the location of their data, but who can also provide a variety of in-country offerings combined with robust data security protocols and standards.

Oracle Fusion Cloud Applications Suite offers several options which customers can utilize to help assist with their data sovereignty needs, depending on business requirements, industry, and location.

Oracle SaaS@Customer

Organizations can address their in-country data residency needs by subscribing to Oracle SaaS@Customer. Oracle delivers hardware to their data centers and can install either the Oracle Fusion Cloud Applications (ERP, HCM, SCM, Sales), Oracle Enterprise Performance Management (EPM) applications, or both. Oracle performs system maintenance either remotely over the network or with on-site personnel. This can enable organizations to consolidate applications and databases on engineered, high-performance cloud infrastructure right in their own data center.

SaaS for Dedicated Region Cloud@Customer

This offering brings Oracle Cloud Infrastructure (OCI) to our customer’s home turf, along with the Oracle public cloud offerings. SaaS for Dedicated Region Cloud Customer allows a customer to run Oracle Fusion Applications Suite on OCI infrastructure managed remotely by Oracle in the customer’s data center.

United Kingdom Government Cloud

UK government entities including government sponsored partners, integrators and suppliers of the UK government can be hosted in Oracle’s United Kingdom Government Cloud. Only Oracle personnel that are UK nationals and residing in the UK with at least Security Check clearance can access these systems and data to service the UK Government Cloud.

United States Government Cloud

If your organization is part of federal, state or local government in the United States, or in certain approved industries, such as hospitals, energy utilities, and education and research institutions, you may be eligible for hosting in the United States Government Cloud. Partners, integrators, and suppliers of eligible US government entities may be eligible for hosting in the US Government Cloud as well. Only US Nationals residing in the US manage these systems and data. Oracle aligns the systems to US Federal information security frameworks.

United States Department of Defense Cloud

If your organization is part of the United States Department of Defense, you may be eligible for hosting in the United States Department of Defense Cloud. Only US Nationals residing in the US manage these systems and data. Oracle manages systems to align with Department of Defense security requirements.

European Union Restricted Access

Oracle European Union Restricted Access Cloud Service for select Oracle Fusion Applications is designed to address the data sovereignty and privacy needs of our EU customers by ensuring that all customer service environments, and customer data in those environments, as well as derivative data sets potentially containing customer data, such as memory dumps, reside in EU data centers only. In addition, by restricting Oracle personnel access to customer data and diagnostic data by work location, only EU-based Oracle engineers can perform service management and maintenance. A new architecture expected to launch in 2023 will offer additional EU data residency; see the European Union Restricted Access page.

Break Glass and Key Management

Break Glass for Oracle Fusion enables customers to restrict and control Oracle's access to customer data stored in the Oracle Fusion Cloud Applications database for select ERP, HCM, Sales and SCM services. Using Oracle Break Glass for Fusion Cloud Service, customers can control access to passwords required for data level access to the Oracle Fusion Cloud Applications database. With Oracle Break Glass, Oracle personnel may not access the customer cloud environment to troubleshoot any issues unless they have approval from the customer. In addition to such controlled access, data at rest is secured using Oracle Transparent Data Encryption (TDE) and Oracle Database Vault.

Need additional information: If you have other questions regarding SaaS security at Oracle, please know that you have access to our completed Consensus Assessment Initiative Questionnaire offering answers to a multitude of common security questions.