Geen resultaten gevonden

Uw zoekopdracht heeft geen resultaten opgeleverd.

We raden u aan het volgende te proberen om te vinden wat u zoekt:

  • Controleer de spelling van het trefwoord in uw zoekopdracht.
  • Gebruik synoniemen voor het trefwoord dat u hebt getypt. Probeer bijvoorbeeld “applicatie” in plaats van “software”.
  • Probeer een van de onderstaande populaire zoekopdrachten.
  • Start een nieuwe zoekopdracht.
Populaire vragen

Compliance

Open all Close all
  • Australian Prudential Regulation Authority (APRA)

    The Australian Prudential Regulation Authority (APRA) is the prudential regulator of financial services in Australia. APRA is responsible for issuing standards that regulate the operations of banks, credit unions, and insurance companies that operate business in Australia. Oracle is not an APRA-regulated entity (ARE). However, Oracle recognizes that some of its customers must adhere to APRA standards, and will work with its customers in a transparent and engaging manner to understand their specific requirements.

    Oracle has been committed to delivering on the needs of public and private sector organisations for over four decades. Oracle Cloud reinforces and extends this commitment by enabling regulated organisations as well as government agencies to move critical resources to an in-country cloud service, which has been designed for their needs and to facilitate their compliance objectives.

    To help ARE customers with their APRA regulatory requirements, Oracle has consolidated and summarized frequently asked questions into one document. These questions have been identified as being critical in the mitigation of risks associated with information security incidents and customer confidentiality for AREs. For further information, see the APRA Regulated Entity Frequently Asked Questions.
    For further assistance, submit your APRA inquires here.

  • C5

    The Cloud Computing Compliance Controls Catalog (C5) is produced by the German Ministry for Information Security (BSI), and is a set of minimum controls that cloud providers should have in place with the goal of establishing a baseline for cloud security. C5 is audited under ISAE 3000 rules, and Oracle has been evaluated by a third-party assessor against the C5 security requirements.

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Data Transfer
    • Database – Bare Metal
    • Database – Exadata
    • Database – Virtual Machine
    • Digital Assistant
    • Distributed Denial of Service (DDoS) Protection
    • Email Delivery
    • Events
    • FastConnect
    • File Storage
    • Functions
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Network (VCN)
    • Notifications
    • Object Storage
    • Registry
    • Resource Manager
    • Streaming
    • Web Application Firewall (WAF)
  • The Communications and Information Technology Commission (CITC CCRF)

    The Communications and Information Technology Commission (CITC) in Saudi Arabia published a Cloud Computing Regulatory Framework (CCRF) based on international best practices and analysis that outlines the rights and obligation of cloud service providers and cloud customers in Saudi Arabia. Cloud service providers must register with CITC to demonstrate alignment with this framework. Oracle has built its infrastructure to support and is Level-1 certified with CITC for Oracle Cloud Infrastructure.

  • CJIS—Criminal Justice Information Services

    The Criminal Justice Information Services (CJIS) Security Policy establishes guidelines for specific security precautions to protect criminal justice information (CJI), such as fingerprints and criminal backgrounds.

    Oracle has obtained a third-party assessment of available security controls for certain cloud services against the technical requirements of Criminal Justice Information Services (CJIS) within our Oracle Government Cloud environments.

    Oracle Cloud Infrastructure

    • Audit
    • Block Volume
    • Compute
    • Database – Bare Metal
    • Database – Exadata
    • Database – Virtual Machine
    • DDoS Protection
    • FastConnect
    • Identity and Access Management (IAM)
    • Load Balancing
    • Networking
    • Object Storage
    • Virtual Cloud Networks (VCN)

    Oracle Cloud Infrastructure Classic

    • Compute Classic
    • Object Storage Classic

    Oracle PaaS

    • Oracle Big Data Cloud Service—Compute Edition
    • Oracle Database Backup Cloud Service
    • Oracle Database Cloud Service
    • Oracle Exadata Cloud Service
    • Oracle Golden Gate Cloud Service
    • Oracle Java Cloud Service

    Oracle SaaS

    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
  • CSA Star Level 1

    The Cloud Security Alliance (CSA) is a not-for-profit organization that promotes best practices for providing security assurance in cloud computing. The organization also provides education on the uses of cloud computing to help secure other forms of computing. The controls are based on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum, and NERC CIP. Oracle has completed a CSA Star Level 1 self-assessment for Oracle Cloud Infrastructure.

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Bare Metal
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Data Transfer
    • DDoS Protection
    • Exadata
    • FastConnect
    • File Storage
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Networks (VCN)
    • Notifications
    • Object Storage
    • Registry
    • Resource Manager
    • Streaming
    • Virtual Machine
  • Cyber Essentials Plus

    Cyber Essentials is a UK government-backed model that identifies the technical security controls an organization needs within their IT systems to defend against common cyber threats. It can help demonstrate that an organization can identify and mitigate potential cyber risks, has adopted security controls to protect customer data, and is compliant with UK government requirements to bid for UK government contracts. Cyber Essentials PLUS covers the same requirements as Cyber Essentials, but the tests of the systems are carried out by an authorized, external certifying body.

    Oracle has obtained Cyber Essentials Plus certification for our London-based Commercial Cloud and UK Government Cloud offerings.

    Oracle Cloud Infrastructure

    Oracle has achieved Cyber Essentials Plus Certification for Oracle Cloud Infrastructure residing in the UK Commercial Cloud.

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Containers
    • DDoS Protection
    • Data Transfer
    • Database
    • Database–Exadata
    • Database 2-Node RAC
    • Email Delivery
    • FastConnect
    • File Storage
    • Health Checks
    • Identity and Access Management
    • Internet Intelligence
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Network
    • Notification Service
    • Object Storage
    • Registry
    • Resource Manager
    • Streaming
    • Virtual Machine

    Oracle SaaS

    Oracle has achieved Cyber Essentials Plus Certification for the following services for the UK Gov Cloud only:

    • EPM: Enterprise Performance Reporting
    • EPM: Enterprise Planning and Budgeting
    • EPM: Financial Consolidation and Close
    • EPM: Planning and Budgeting
    • EPM: Profitability and Cost
    • EPM: Tax Reporting
    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Customer Experience Cloud
    • Oracle Enterprise Performance Management (EPM): Account Reconciliation
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)
  • Data Privacy Act

    The Privacy Act 1988 (Privacy Act) was passed to promote and protect privacy and to regulate how Australian Government agencies and certain organizations handle personal information. The Privacy Act includes 13 Australian Privacy Principles (APPs) that apply to some private sector organizations and most Australian government agencies. The Privacy Act also regulates privacy in consumer credit reporting, tax file numbers, and health and medical research. Oracle has designed and implemented security controls around its infrastructure technology stack to support the Privacy Act for Oracle Cloud Infrastructure.

  • DISA SRG—Defense Information Systems Agency, Security Requirements Guide

    The Defense Information Systems Agency (DISA) Cloud Computing Security Requirements Guide (CC SRG) outlines how the DoD will assess the security posture of non-DoD cloud service providers (CSPs) and how non-DoD CSPs can show they meet the security controls and requirements. These baseline cloud security requirements are required before handling any DoD data.

    All cloud computing is required to take place in the U.S and are based off of impact levels:

    • Impact Level 2: Data cleared for public release (note: Level 1 was combined with Level 2)
    • Impact Level 4: Controlled unclassified information (CUI) over NIPRNet. CUI includes protected health information (PHI), privacy information (PII) and export controlled data (note: Level 3 was combined with Level 4)
    • Impact Level 5: Higher sensitivity CUI, mission-critical information, or NSS over NIPRNet
    • Impact Level 6: Classified data over SIPRNet

    For select services Oracle has received Department of Defense (DoD) Provisional Authorizations at Impact Levels 5, 4, and 2.

    Oracle Cloud Infrastructure (IL2, 5)

    • Archive Storage
    • Block Storage
    • Database
    • Database–Exadata
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Object Storage
    • Virtual Machine

    Oracle SaaS

    Oracle has achieved a DISA SRG Level 4 Accreditation for the following services within the Oracle DoD Cloud:

    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud

    Oracle has achieved a DISA SRG Level 2 Authorization for the following services within the Gov Cloud:

    • Oracle Service Cloud (OPA and RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)
  • ENISA - Information Assurance Framework

    The European Network and Information Security Agency (ENISA) is a European agency that contributes to European cybersecurity policy and supporting member state and other stakeholders of the union, when large-scale cyber incidents occur.

    ENISA has created a set of assurance criteria called the Information Assurance Framework (IAF) that is designed to help consumers of cloud services to:

    • Assess the risk of adopting cloud services
    • Compare different cloud providers offerings
    • Obtain assurances from the selected cloud providers
    • Reduce the assurance burden on cloud providers

    This framework is based on the broad classes of controls from the ISO27001/2 standard, alongside other industry frameworks such as the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM).

    Oracle’s SaaS have obtained CSA Star Level 2 certification for Fusion on OCI and a certified ISMS against the ISO27001:2013, 27017:2015 & 27018:2014 standard. These certifications can help consumers of cloud services to review Oracle security controls and the alignment of these Oracle cloud services to ENISA IAF, and how these controls compare to their requirements, and to other cloud providers, when conducting their assurance activities and/or risk assessments in migrating to the cloud.

  • Esquema Nacional de Seguridad (ENS) High

    Law 11/2007 in Spain establishes a legal framework to give citizens electronic access to government and public services. Aligned with ISO/IEC 27001, the framework defines a set of security controls for availability, authenticity, integrity, confidentiality, and traceability. The certification establishes security standards that apply to all government agencies and public organizations in Spain, as well as related service providers. Oracle has been evaluated by a third-party assessor against ENS High security controls.

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Autonomous Data Warehouse
    • Autonomous Transaction Processing
    • Block Volume
    • Cloud Analytics
    • Compute
    • Container Engine for Kubernetes
    • DDoS Protection
    • DNS
    • Data Transfer
    • Database
    • Database–Exadata
    • Database 2-Node RAC
    • Email Delivery
    • FastConnect
    • File Storage
    • Identity and Access Mgmt.
    • Key Management
    • Load Balancing
    • Networking: Virtual Cloud Network
    • Object Storage
    • Registry
    • Storage Gateway
  • EU Model Clauses

    EU Model Clauses are contractual clauses established by the European Commission and used in agreements between cloud service providers and their customers that govern data transfers from data controllers in the EU to data controllers established outside the EU or European Economic Area (EEA). Oracle has designed and implemented security controls around its infrastructure technology stack to support EU Model Clauses for Oracle Cloud Infrastructure.

  • FedRAMP—Federal Risk and Authorization Management Program

    The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services. US Federal agencies are directed by the Office of Management and Budget (OMB) to leverage FedRAMP to ensure security is in place when accessing cloud products and services.

    FedRAMP uses the NIST Special Publication 800-53, which provides a catalog of security controls for all US Federal information systems. FedRAMP requires cloud service providers (CSP) to receive an independent security review performed by a third-party assessment organization (3PAO) to ensure authorizations are compliant with the Federal Information Security Management Act (FISMA).

    The following Oracle Cloud Services have received US Federal Risk and Authorization Management Program (FedRAMP) P-ATOs and ATOs up to the High baseline level defined by FedRAMP.

    Oracle Cloud Infrastructure (FedRAMP High)

    Oracle has achieved FedRAMP High Authorization for its U.S. Government Cloud regions. Oracle Cloud Infrastructure can provide government customers with the stringent standards of security necessary to protect the federal government's data. Services include:

    • Audit
    • Block Volume
    • Compute
    • Database - Bare Metal
    • Database - Exadata (X7 and X8)
    • Database - Virtual Machine
    • FastConnect
    • Health Checks
    • Identity and Access Management
    • Key Management Service
    • Load Balancer
    • Object Storage
    • Virtual Cloud Networks
    • Virtual Private Network

    Oracle SaaS

    Oracle has achieved FedRAMP Low (baseline) Authorization to Operate for the following Oracle US Government Cloud offering:

    • Oracle Enterprise Performance Management (EPM)

    Oracle has achieved FedRAMP Moderate (baseline) Authorizations to Operate for the following services within Oracle US Government Cloud:

    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Talent Acquisition Cloud (Taleo)
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)

    Oracle has achieved FedRAMP High (baseline) Authorization to Operate for the following Oracle US Gov Cloud offering:

    • Oracle Government Cloud–Common Controls
  • FIPS 140-2—Federal Information Processing Standards Publication 140-2

    Oracle has obtained a third-party assessment of available security controls for certain Cloud Services against the technical requirements of US Federal Info Processing Standard (FIPS 140-2) within our Oracle Government Cloud environments.

    The Federal Information Processing Standard Publication 140-2 (FIPS 140-2) is a US government security standard that specifies the security requirements related to the design and implementation of cryptographic modules protecting sensitive data. Cryptographic module protection within a security system is needed to maintain the confidentiality and integrity of the data protected by the module.

    Oracle Cloud Infrastructure Classic

    • Compute Classic
    • Object Storage Classic

    Oracle PaaS

    • Oracle Big Data Cloud Service—Compute Edition
    • Oracle Database Backup Cloud Service
    • Oracle Database Cloud Service
    • Oracle Exadata Cloud Service
    • Oracle Golden Gate Cloud Service
    • Oracle Java Cloud Service

    Oracle SaaS

    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)
  • FISC—Financial Industry Information Systems

    The Center for Financial Industry Information Systems (FISC), created by the Japanese Ministry of Finance, consists of financial institutions, insurance companies and securities firms, as well as computer manufacturers and telecommunication companies. The organization established the FISC Security Guidelines in 1985. These guidelines provide basic standards in architecture and operation on information systems for banking and other related financial institutions. Oracle has been evaluated by a third-party assessor against the Financial Industry Information Systems (FISC) v9 security guidelines.

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Container Registry
    • Database
    • Database–Exadata
    • DNS
    • Fast Connect
    • File Storage
    • Identity and Access Management
    • Load Balancing
    • Networking: Virtual Cloud Network (VCN)
    • Object Storage
    • Tagging

    Oracle Cloud Infrastructure Classic

    • Application Container
    • Compute
    • Database
    • Database backup
    • Java Cloud Service (JCS)
    • SOA Suite
    • Storage

    Oracle PaaS

    • Autonomous Data Warehouse
    • Autonomous Transaction Processing
  • G-Cloud 11

    The UK Government G-Cloud is a procurement initiative to streamline cloud-computing procurement by public-sector bodies in departments of the United Kingdom Government. The G-Cloud Framework enables public entities to purchase cloud services on government-approved contracts through an online Digital Marketplace. Oracle has registered as part of G-Cloud 11 in order to streamline the ability of Her Majesty's Government to procure and deploy on Oracle's cloud, with pre-negotiated terms and pricing. Oracle has achieved enablement in this marketplace for Oracle Cloud Infrastructure.

    Oracle Cloud Infrastructure

    • Archive Storage
    • Bare Metal
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Database
    • Database–Exadata
    • Data Transfer
    • FastConnect
    • File Storage
    • Identity and Access Management
    • Key Management
    • Networking: Virtual Cloud Networks
    • Object Storage
    • Storage Gateway
    • Virtual Machine

    Oracle PaaS

    • Autonomous Data Warehouse
    • Autonomous Transaction Processing
    • Database Backup
  • GDPR—General Data Protection Regulation
  • HIPAA—Health Insurance Portability and Accountability Act

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is US legislation that provides data privacy and security provisions for safeguarding Protected Health Information (PHI). HIPAA applies to covered entities and business associates.

    The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of protected health information (PHI). The HIPAA Breach Notification Rule requires covered entities and their business associates to provide notification following a breach of unsecured PHI. By law, the Privacy Rule applies only to covered entities (e.g., health plans, health care clearinghouses and certain health care providers). However, parts may be applicable to business associates.

    Oracle has successfully completed third-party HIPAA assessments for the following services within commercial data centers located in the United States:

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Data Transfer
    • Database – Bare Metal
    • Database – Exadata
    • Database – Virtual Machine
    • Digital Assistant
    • Distributed Denial of Service (DDoS) Protection
    • Email Delivery
    • Events
    • FastConnect
    • File Storage
    • Functions
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Network (VCN)
    • Notifications
    • Object Storage
    • Registry
    • Resource Manager
    • Streaming
    • Web Application Firewall (WAF)

    Oracle Cloud Infrastructure Classic

    Oracle has successfully completed third party HIPAA assessments for the following services within both commercial and US Government data centers located in Chicago (Illinois) and Ashburn (Virginia):

    • Storage Classic
    • Compute Classic
    • Dedicated Compute Classic
    • FastConnect Classic
    • Container Classic
    • Messaging Cloud Service

    Oracle PaaS

    Oracle has successfully completed third party HIPAA assessments for the following services within both commercial and US Government data centers located in Chicago (Illinois) and Ashburn (Virginia):

    • Oracle Analytics Cloud
    • Oracle Analytics Cloud – Classic
    • Oracle Applications Program Platform Interface (API) Platform Cloud
    • Oracle Applications Container Cloud
    • Oracle Autonomous Database
    • Oracle Big Data Cloud
    • Oracle Big Data Preparation Cloud
    • Oracle Blockchain Platform
    • Oracle Business Intelligence Cloud
    • Oracle Content and Experience
    • Oracle Data Integration Platform Cloud
    • Oracle Data Visualization Cloud
    • Oracle Database Backup Cloud
    • Oracle Database Classic Cloud
    • Oracle Database Exadata Cloud
    • Oracle Database Cloud Schema
    • Oracle Developer Cloud
    • Oracle Digital Assistant
    • Oracle Identity Cloud
    • Oracle Integration Cloud
    • Oracle Internet of Things Cloud
    • Oracle Java Cloud
    • Oracle Java Cloud – SaaS Extension
    • Oracle NoSQL Database Cloud
    • Oracle Management Cloud
    • Oracle Mobile Cloud
    • Oracle Mobile Hub
    • Oracle Process Cloud
    • Oracle SOA Cloud
    • Oracle Visual Builder
    • Oracle WebCenter Portal Cloud

    Oracle SaaS

    Oracle has successfully completed third party HIPAA assessments for the following services:

    • B2B Marketing Automations (Oracle Eloqua Marketing Automation)
    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
  • IRAP—Information Security Registered Assessor Program

    The Information Security Registered Assessor Program (IRAP) is a security compliance framework comprised of security assessment processes and a security assessor program. It was developed by the Australia Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) within the Australian government. IRAP supports Australian commonwealth government entities in maintaining their security assurance and risk management as well as assessing cloud service providers and their cloud services’ security controls against the Australian government security policies and guidelines.

    Oracle SaaS

    The following Oracle Cloud Applications have been assessed by an independent third-party assessor and qualified for IRAP’s PROTECTED level:

    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management

    The following Oracle Cloud Applications were assessed by an independent third-party assessor and qualified for IRAP’s Official: Sensitive level:

    • Oracle Customer Experience Cloud (Sales)
    • Oracle Enterprise Performance Management
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
  • IRS 1075—Internal Revenue Service Publication 1075

    The Internal Revenue Service Publication 1075 (IRS 1075) is a US government guideline to ensure effective security controls are in place to protect Federal Tax Information (FTI). The IRS 1075 assessment report provides information on the available technical safeguards intended to adequately protect the confidentiality and integrity of FTI.

    Oracle has obtained a third-party assessment of available security controls for certain cloud services against the technical requirements of US Internal Revenue Service Publication 1075 within our Oracle Government Cloud environments.

    Oracle Cloud Infrastructure Classic

    • Compute Classic
    • Object Storage Classic

    Oracle PaaS

    • Oracle Big Data Cloud Service—Compute Edition
    • Oracle Database Backup Cloud Service
    • Oracle Database Cloud Service
    • Oracle Exadata Cloud Service
    • Oracle Golden Gate Cloud Service
    • Oracle Java Cloud Service

    Oracle SaaS

    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
  • ISO/IEC 27001:2013—International Organization for Standardization 27001

    ISO/IEC 27001:2013 is an international standard that covers the planning, implementation, monitoring, and improvement of an Information Security Management System. This widely adopted global security standard sets out requirements and best practices for a systematic approach to managing company and customer information based on periodic security risk assessments.

    Oracle has achieved International Standards Organization (ISO)/International Electrotechnical Commission (IEC) 27001:2013 certification for the Oracle Cloud Information Security Management System (ISMS), additionally, ISO 27017 has been included within scope of our ISO/IEC 27001:2013 certification.

    Oracle Cloud Infrastructure

    • Oracle has successfully completed an ISO/IEC 27001:2013 audit for Oracle Cloud Infrastructure.
    • Additionally, Oracle Cloud Infrastructure Edge Services successfully completed an ISO/ IEC 27001:2013 audit
    • Conducted by EY/CertifyPoint BV, Amsterdam, Netherlands, Oracle Cloud Infrastructure’s ISO/IEC 27001:2013 audit provides assurance that Oracle Cloud Infrastructure has designed and implemented an Information Security Management System (ISMS) in accordance with information security standard ISO 27002:2013 (Information technology – Security techniques – Code of practice for information security management).

    Services include:

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • DDoS Protection
    • Data Transfer
    • Database
    • Database–Exadata
    • Email Delivery
    • FastConnect
    • File Storage
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Network
    • Notification Service
    • Object Storage
    • Public DNS
    • Registry
    • Resource Manager
    • Streaming
    • Virtual Machine
    • WAF

    Oracle Infrastructure Classic

    • Oracle Cloud Infrastructure Dedicated Compute Classic
    • Oracle Cloud Infrastructure Compute Classic
    • Oracle Cloud Infrastructure Container Classic Service
    • Oracle Cloud Infrastructure Storage Classic
    • Oracle Cloud Infrastructure FastConnect Classic
    • Oracle Messaging Cloud Service

    Oracle PaaS

    Oracle has achieved ISO/IEC 27001:2013 certification for the Oracle Cloud Information Security Management System (ISMS) consumed by all SaaS, PaaS, and Oracle Cloud Infrastructure Classic services, in all data centers where these services reside. Additionally, ISO 27017 has been included within scope of our ISO/IEC 27001:2013 certification.

    Services include:

    • Oracle Analytics Cloud
    • Oracle Analytics Cloud – Classic
    • Oracle Application Program Interface (API) Platform Cloud Service
    • Oracle Application Container Cloud Service
    • Oracle Autonomous Database
    • Oracle Big Data Cloud Service
    • Oracle Big Data Preparation Cloud Service
    • Oracle Blockchain Platform
    • Oracle Business Intelligence Cloud Service
    • Oracle Content and Experience
    • Oracle Data Integration Platform Cloud
    • Oracle Data Visualization Cloud Service
    • Oracle Database Backup Cloud Service
    • Oracle Database Classic Cloud Service
    • Oracle Database Exadata Cloud Service
    • Oracle Database Cloud Schema Service
    • Oracle Developer Cloud Service
    • Oracle Digital Assistant
    • Oracle Identity Cloud Service
    • Oracle Integration Cloud Service
    • Oracle Internet of Things Cloud Service
    • Oracle Java Cloud Service
    • Oracle Java Cloud Service – SaaS Extension
    • Oracle Management Cloud
    • Oracle Mobile Cloud Service
    • Oracle Mobile Hub
    • Oracle NoSQL Database Cloud Service
    • Oracle Process Cloud Service
    • Oracle SOA Cloud Service
    • Oracle Visual Builder
    • Oracle WebCenter Portal Cloud Service

    Oracle SaaS

    Oracle has achieved International Standards Organization (ISO)/International Electrotechnical Commission (IEC) 27001:2013 certification for the Oracle Cloud Information Security Management System (ISMS), additionally, ISO/IEC 27017:2015 and ISO/IEC 27018:2014 codes of practices have been included within scope of our ISO/IEC 27001:2013 certification.

  • ISO/IEC 27017:2015—Code of Practice for Information Security Controls Based on ISO/IEC 27002 for Cloud Services

    Conducted by EY/CertifyPoint BV, Amsterdam, Netherlands, Oracle Cloud Infrastructure’s ISO/IEC 27017:2015 audit examines cloud service specific controls, implementation guidance and other information that are intended to mitigate the risks that accompany the technical and operational features of cloud services. This certification demonstrates Oracle’s ongoing commitment to align with globally recognized good practice for information security controls for cloud services.

    Oracle Cloud Infrastructure:

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • DDoS Protection
    • Data Transfer
    • Database
    • Database–Exadata
    • Email Delivery
    • FastConnect
    • File Storage
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Network
    • Notification Service
    • Object Storage
    • Public DNS
    • Registry
    • Resource Manager
    • Streaming
    • Virtual Machine

    Oracle Cloud Infrastructure Classic:

    • Oracle Cloud Infrastructure Dedicated Compute Classic
    • Oracle Cloud Infrastructure Compute Classic
    • Oracle Cloud Infrastructure Container Classic Service
    • Oracle Cloud Infrastructure Storage Classic
    • Oracle Cloud Infrastructure FastConnect Classic
    • Oracle Messaging Cloud Service

    Oracle PaaS:

    • Oracle Analytics Cloud
    • Oracle Analytics Cloud – Classic
    • Oracle Application Program Interface (API) Platform Cloud Service
    • Oracle Application Container Cloud Service
    • Oracle Autonomous Database
    • Oracle Big Data Cloud Service
    • Oracle Big Data Preparation Cloud Service
    • Oracle Blockchain Platform
    • Oracle Business Intelligence Cloud Service
    • Oracle Content and Experience
    • Oracle Data Integration Platform Cloud
    • Oracle Data Visualization Cloud Service
    • Oracle Database Backup Cloud Service
    • Oracle Database Classic Cloud Service
    • Oracle Database Exadata Cloud Service
    • Oracle Database Cloud Schema Service
    • Oracle Developer Cloud Service
    • Oracle Digital Assistant
    • Oracle Identity Cloud Service
    • Oracle Integration Cloud Service
    • Oracle Internet of Things Cloud Service
    • Oracle Java Cloud Service
    • Oracle Java Cloud Service – SaaS Extension
    • Oracle Management Cloud
    • Oracle Mobile Cloud Service
    • Oracle Mobile Hub
    • Oracle NoSQL Database Cloud Service
    • Oracle Process Cloud Service
    • Oracle SOA Cloud Service
    • Oracle Visual Builder
    • Oracle WebCenter Portal Cloud Service
  • ISO/IEC 27018:2014—Code of Practice for Protection of Personally Identifiable Information (PII) In Public Clouds Acting as PII Processors

    Conducted by EY/CertifyPoint, Oracle Cloud Infrastructure’s ISO/IEC 27018:2014 audit examines a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a PII processor. ISO/IEC 27018:2014 is based on the information security objectives and controls in ISO/IEC 27002. This certification demonstrates to Oracle customers that Oracle Cloud Infrastructure has implemented appropriate measures to protect Personally Identifiable Information (PII) for a public cloud computing environment.

    Oracle Cloud Infrastructure:

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • DDoS Protection
    • Data Transfer
    • Database
    • Database–Exadata
    • Email Delivery
    • FastConnect
    • File Storage
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Network
    • Notification Service
    • Object Storage
    • Public DNS
    • Registry
    • Resource Manager
    • Streaming
    • Virtual Machine
    • WAF

    Oracle Cloud Infrastructure Classic:

    • Oracle Cloud Infrastructure Dedicated Compute Classic
    • Oracle Cloud Infrastructure Compute Classic
    • Oracle Cloud Infrastructure Container Classic Service
    • Oracle Cloud Infrastructure Storage Classic
    • Oracle Cloud Infrastructure FastConnect Classic
    • Oracle Messaging Cloud Service

    Oracle PaaS:

    • Oracle Analytics Cloud
    • Oracle Analytics Cloud – Classic
    • Oracle Application Program Interface (API) Platform Cloud Service
    • Oracle Application Container Cloud Service
    • Oracle Autonomous Database
    • Oracle Big Data Cloud Service
    • Oracle Big Data Preparation Cloud Service
    • Oracle Blockchain Platform
    • Oracle Business Intelligence Cloud Service
    • Oracle Content and Experience
    • Oracle Data Integration Platform Cloud
    • Oracle Data Visualization Cloud Service
    • Oracle Database Backup Cloud Service
    • Oracle Database Classic Cloud Service
    • Oracle Database Exadata Cloud Service
    • Oracle Database Cloud Schema Service
    • Oracle Developer Cloud Service
    • Oracle Digital Assistant
    • Oracle Identity Cloud Service
    • Oracle Integration Cloud Service
    • Oracle Internet of Things Cloud Service
    • Oracle Java Cloud Service
    • Oracle Java Cloud Service – SaaS Extension
    • Oracle Management Cloud
    • Oracle Mobile Cloud Service
    • Oracle Mobile Hub
    • Oracle NoSQL Database Cloud Service
    • Oracle Process Cloud Service
    • Oracle SOA Cloud Service
    • Oracle Visual Builder
    • Oracle WebCenter Portal Cloud Service
  • The International Traffic in Arms Regulations (ITAR)

    The International Traffic in Arms Regulations, or ITAR, is a set of government rules that control the export and import of defense-related articles, services and technology. ITAR compliance is required for customers that are subject to export regulations and that must ensure technical data is not inadvertently distributed to foreign persons or foreign nations. Oracle has been assessed by an independent auditor against ITAR for Oracle Cloud Infrastructure.

  • Japan Act on Protection of Personal Information

    The Japan Act on Protection of Personal Information applies to businesses that handle the personal data of people in Japan. This applies to companies that offer goods and services in Japan and are located within the country as well as those with offices outside it. This Act is focused on the data controller and definitions of personal data. Oracle has designed and implemented security controls around its infrastructure technology stack to support the Japan Act on Protection of Personal Information for Oracle Cloud Infrastructure.

  • National Center of Incident Readiness and Strategy for Cybersecurity (NISC)

    The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) in Japan works to establish common standards for cybersecurity for government agencies. The NISC governing body is responsible for monitoring government related organizations that handle large volumes of personal information in and out of the cloud sector. NISC has designed a wide range of security guidelines to for government entities to follow, which promote efficient and effective cyber security measures and legal compliance. Oracle has been evaluated by a third-party assessor against NISC guidelines for the following services:

    Oracle Cloud Infrastructure

    • Audit
    • Archive Storage
    • Block Volumes
    • Compute
    • Container Engine for Kubernetes
    • Database
    • Database–Exadata
    • DNS
    • Events Service
    • FastConnect
    • File Storage
    • Functions as a Service
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Network
    • Notifications
    • Object Storage
    • Registry
    • Resource Manager
    • Storage Gateway
    • Streaming
    • Tagging
    • VPN
    • Web Application Firewall (WAF)

    Oracle Cloud Infrastructure Classic:

    • Application Container Cloud
    • Compute
    • Database Backup Cloud
    • Database Cloud
    • Java Cloud
    • SOA Suite Cloud
    • Storage

    Oracle PaaS

    • Analytics Cloud
    • Autonomous Data Warehouse
    • Autonomous Transaction Processing
    • Data Safe
    • Integration Cloud Service
  • National Cybersecurity Authority

    The Saudi Arabian National Cybersecurity Authority (NCA) was established by Royal Decree to guide national organizations “to effectively identify and address risks related to cyber security” for a defined set of sectors serving critical infrastructure for Saudi Arabia. Oracle’s implementation of cloud infrastructure is consistent with these security models and makes available a set of security controls for customer use in their own implementations. This allows Oracle to provide services in the region, including specific infrastructure security controls that customers can use to implement and operate their own platforms and applications, sharing responsibility to meet the requirements of the authority’s cybersecurity controls. Oracle has designed and implemented security controls around its infrastructure technology stack to support these controls for:

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Database
    • Database–Exadata
    • FastConnect
    • Identity and Access Management
    • Key Management Service
    • Load Balancing
    • Networking–Virtual Cloud Networks (VCN)
    • Object Storage
  • MARS-E—Minimum Acceptable Risk Standards for Exchanges

    The Minimum Acceptable Risk Standards for Exchanges (MARS-E) is a suite of documents assembled by the Centers for Medicare & Medicaid Services (CMS). The CMS has oversight responsibility of Exchange information technology (IT) systems. The suite of documents defines a risk-based Security and Privacy Framework for Exchange information technology (IT) system design and implementation. The document suite includes guidance, requirements, and templates that address the mandates of the Patient Protection and Affordable Care Act of 2010 (ACA).

    Oracle has obtained a third-party assessment of available security controls for certain Cloud Services against the technical requirements of US Minimum Acceptable Risk Standards for Exchanges (MARS-E) within our Oracle Government Cloud environments.

    Oracle Cloud Infrastructure Classic

    • Compute Classic
    • Object Storage Classic

    Oracle PaaS

    • Oracle Big Data Cloud Service—Compute Edition
    • Oracle Database Backup Cloud Service
    • Oracle Database Cloud Service
    • Oracle Exadata Cloud Service
    • Oracle Golden Gate Cloud Service
    • Oracle Java Cloud Service

    Oracle SaaS

    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud
  • My Number Act

    In Japan, My Number is a 12-digit ID number issued to all citizens and residents of Japan (even foreign residents). Similar to the US SSN, the number is used for taxation, social security, and disaster-response purposes. The numbers were first issued in late 2015, and the bill includes a provision about protection of specific personal information. The My Number Act is designed to improve efficiency and transparency of government systems in Japan and to protect personal information of each number holder. Oracle has designed and implemented security controls around its infrastructure technology stack; customers can architect, build, and maintain security for their own applications and workloads.

  • NIST 800-171/DFARS 252.7012—National Institute of Standards and Technology Special Publication 800-171 / Defense Federal Acquisition Regulation Supplement 252.7012

    The National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” provides security requirements for protecting the confidentiality of Controlled Unclassified Information (CUI). Federal agencies use the requirements in contractual vehicles or other agreements established between those agencies and nonfederal organizations. The requirements apply to all nonfederal information systems and organizations that process, store, or transmit CUI.

    Oracle has obtained a third-party assessment of available security controls for certain cloud services against the technical requirements of NIST 800-171 and DFARS 252.7012 within our Oracle Government Cloud environments.

    Oracle Cloud Infrastructure Classic

    • Compute Classic
    • Object Storage Classic

    Oracle PaaS

    • Oracle Big Data Cloud Service—Compute Edition
    • Oracle Database Backup Cloud Service
    • Oracle Database Cloud Service
    • Oracle Exadata Cloud Service
    • Oracle Golden Gate Cloud Service
    • Oracle Java Cloud Service

    Oracle SaaS

    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
    • Oracle Talent Acquisitions Cloud (Taleo)
    • Oracle Enterprise Performance Management (EPM)
  • PCI DSS—Payment Card Industry Data Security Standard

    The Payment Card Industry Data Security Standard (PCI DSS) is a global set of security standard designed to encourage and enhance cardholder data security and promote the adoption of consistent data security measures around the technical and operational components related to cardholder data.

    Oracle has successfully completed a Payment Card Industry Data Security Standard (PCI DSS) audit and received an Attestation of Compliance (AoC) covering several Oracle Cloud Infrastructure services and the Oracle RightNow Service Cloud Service. As a PCI Level 1 Service Provider, customers can now use these services for workloads that store, process or transmit cardholder data.

    Oracle Cloud Infrastructure

    • API Gateway
    • Application Migration
    • Archive Storage
    • Audit
    • Block Storage
    • Compute
    • Container Engine for Kubernetes
    • Data Catalog
    • Data Transfer
    • Database – Bare Metal
    • Database – Virtual Machine
    • Database – Exadata
    • DDoS Protection
    • Digital Assistant
    • Email Delivery
    • Events
    • FastConnect
    • File Storage Service
    • Functions
    • Health Checks
    • Identity and Access Management
    • Oracle Cloud Infrastructure Vault
    • Load Balancing
    • Monitoring
    • Notifications
    • Object Storage
    • Registry
    • Resource Manager
    • Streaming
    • Virtual Cloud Network

    Oracle PaaS

    • Oracle Identity Cloud Service (IDCS)

    Oracle SaaS

    • Oracle CX Commerce (Oracle Commerce Cloud)
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
  • PIPEDA—Canadian Personal Information Protection and Electronic Documents Act

    The Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) is a data privacy law in Canada that applies to many organizations based in Canada that collect and process the personal information of individuals.

    Oracle Cloud Infrastructure Privacy and Security Features and PIPEDA (PDF)

  • Privacy Shield Framework

    Oracle provides a broad range of hosted, remote and on-site computer-based services to our customers, including cloud services, consulting services and advanced customer support services, technical support services and training services. Privacy Shield frameworks provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. In order to join a Privacy Shield Framework, US corporations must self-certify to the Department of Commerce and commit to the Framework’s requirements. Oracle has designed and implemented security controls around its infrastructure technology stack to support Privacy Shield obligations for Oracle Cloud Infrastructure.

  • Protected B

    Federal government contracts in Canada contain clauses with security requirements that specify levels of security for sensitive information, assets and work sites. The Canadian government has established levels for protection of information and assets, and Level B applies to information or assets whose lose or damage could cause serious injury to an individual, organization or government. Oracle has designed and implemented security controls around its infrastructure technology stack to support Protected B.

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Bare Metal
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Data Transfer
    • Digital Assistant
    • DDoS Protection
    • Email Delivery
    • Exadata
    • Events
    • FastConnect
    • File Storage
    • Functions
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Notifications
    • Object Storage
    • Resource Manager
    • Registry
    • Streaming
    • Networking: Virtual Cloud Networks (VCN)
    • Virtual Machine
    • Web Application Firewall
  • Saudi Arabian Monetary Authority (SAMA)

    The Saudi Arabian Monetary Authority (SAMA) of the Kingdom of Saudi Arabia has established a Cyber Security Framework to enable financial institutions regulated by SAMA to effectively identify and address risks related to cyber security. SAMA states that “To maintain the protection of information assets and online services, the Member Organizations must adopt the Framework.” The SAMA Cyber Security Framework provides a baseline for security of information interchange between Member Organizations, and between Member Organizations and SAMA. The Framework consists of 32 control topics grouped into four areas. These controls generally map to either or both the ISO/IEC 27001 controls and the PCI-DSS controls, consistent with SAMA’s stated intent to facilitate financial operations, modernization, and information exchange. Oracle Cloud Infrastructure implementation of cloud infrastructure is consistent with these security models and makes available a set of security controls for customer use in their own implementations. Oracle has designed and implemented security controls around its infrastructure technology stack to support controls for:

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Database
    • Database–Exadata
    • FastConnect
    • Identity and Access Management
    • Key Management Service
    • Load Balancing
    • Networking–Virtual Cloud Networks (VCN)
    • Object Storage
  • SOC 1—System and Organization Controls 1

    SOC 1 is a report on a service organization controls relevant to internal control over financial reporting. A “type 1” report focuses on the suitability of the system's design of its controls to achieve the control objectives. A “type 2” report includes the “type 1” report opinions; additionally, it includes an opinion on the operating effectiveness of the controls to achieve the control objectives as well as a description of the service auditor’s tests of the controls and results.

    Oracle Cloud Services have been assessed using the American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements (SSAE) No. 18 (System and Organization Controls (SOC) 1) and the International Auditing and Assurance Standards Board (IAASB) International Standard of Assurance Engagements (ISAE) 3402 standards for the suitability of the design and operating effectiveness of the specified controls.

    Oracle Cloud Infrastructure—SOC 1 Type 2

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Data Transfer
    • Database – Bare Metal
    • Database – Exadata
    • Database – Virtual Machine
    • Digital Assistant
    • Distributed Denial of Service (DDoS) Protection
    • Email Delivery
    • Events
    • FastConnect
    • File Storage
    • Functions
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Network (VCN)
    • Notifications
    • Object Storage
    • Registry
    • Resource Manager
    • Streaming
    • Web Application Firewall (WAF)
    • Web Application Firewall (WAF)

    Oracle Cloud Infrastructure Classic—SOC 1 Type 2

    • Storage Classic
    • Compute Classic
    • Dedicated Compute Classic
    • FastConnect Classic
    • Container Classic
    • Messaging Cloud Service

    Oracle PaaS—SOC 1 Type 2

    • Oracle Analytics Cloud
    • Oracle Analytics Cloud – Classic
    • Oracle Applications Program Platform Interface (API) Platform Cloud
    • Oracle Applications Container Cloud
    • Oracle Autonomous Database
    • Oracle Big Data Cloud
    • Oracle Big Data Preparation Cloud
    • Oracle Blockchain Platform
    • Oracle Business Intelligence Cloud
    • Oracle Content and Experience
    • Oracle Data Integration Platform Cloud
    • Oracle Data Visualization Cloud
    • Oracle Database Backup Cloud
    • Oracle Database Classic Cloud
    • Oracle Database Exadata Cloud
    • Oracle Database Cloud Schema
    • Oracle Developer Cloud
    • Oracle Digital Assistant
    • Oracle Identity Cloud
    • Oracle Integration Cloud
    • Oracle Internet of Things Cloud
    • Oracle Java Cloud
    • Oracle Java Cloud – SaaS Extension
    • Oracle NoSQL Database Cloud
    • Oracle Management Cloud
    • Oracle Mobile Cloud
    • Oracle Mobile Hub
    • Oracle Process Cloud
    • Oracle SOA Cloud
    • Oracle Visual Builder
    • Oracle WebCenter Portal Cloud

    Oracle SaaS—SOC 1 Type 2

    • Oracle CPQ Cloud Service (BigMachines)
    • Cobrowse Cloud Service (LiveLook)
    • Oracle B2B Marketing Automation (Oracle Eloqua Marketing Cloud Service)
    • Oracle Enterprise Performance Management (EPM)
    • Oracle Field Service Cloud Service (TOA)
    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud
    • Maxymiser Cloud Service
    • B2C Campaign Management (Responsys Marketing Cloud Service)
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)
    • Oracle Talent Cloud for Midsize (TBE)
    • Taleo Learn Cloud Service
    • Transportation Management Cloud Service (OTM)
    • Warehouse Management Cloud (LogFire)
  • SOC 2—System and Organization Controls 2

    SOC 2 is a report on a service organization controls relevant to security, availability, processing integrity, confidentiality, or privacy using up to five trust principles. A given SOC 2 report may be based on one or more trust principles. Similar to a SOC 1 report, SOC 2 also have type 1 or type 2 available.

    Oracle Cloud Services have been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) for the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.

    Oracle Cloud Infrastructure—SOC 2 Type 2

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Data Transfer
    • Database – Bare Metal
    • Database – Exadata
    • Database – Virtual Machine
    • Digital Assistant
    • Distributed Denial of Service (DDoS) Protection
    • Email Delivery
    • Events
    • FastConnect
    • File Storage
    • Functions
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Network (VCN)
    • Notifications
    • Object Storage
    • Registry
    • Resource Manager
    • Streaming
    • Web Application Firewall

    Oracle Cloud Infrastructure Classic—SOC 2 Type 2

    • Storage Classic
    • Compute Classic
    • Dedicated Compute Classic
    • FastConnect Classic
    • Container Classic
    • Messaging Cloud Service

    Oracle PaaS—SOC 2 Type 2

    • Oracle Analytics Cloud
    • Oracle Analytics Cloud – Classic
    • Oracle Applications Program Platform Interface (API) Platform Cloud
    • Oracle Applications Container Cloud
    • Oracle Autonomous Database
    • Oracle Big Data Cloud
    • Oracle Big Data Preparation Cloud
    • Oracle Blockchain Platform
    • Oracle Business Intelligence Cloud
    • Oracle Content and Experience
    • Oracle Data Integration Platform Cloud
    • Oracle Data Visualization Cloud
    • Oracle Database Backup Cloud
    • Oracle Database Classic Cloud
    • Oracle Database Exadata Cloud
    • Oracle Database Cloud Schema
    • Oracle Developer Cloud
    • Oracle Digital Assistant
    • Oracle Identity Cloud
    • Oracle Integration Cloud
    • Oracle Internet of Things Cloud
    • Oracle Java Cloud
    • Oracle Java Cloud – SaaS Extension
    • Oracle NoSQL Database Cloud
    • Oracle Management Cloud
    • Oracle Mobile Cloud
    • Oracle Mobile Hub
    • Oracle Process Cloud
    • Oracle SOA Cloud
    • Oracle Visual Builder
    • Oracle WebCenter Portal Cloud

    Oracle SaaS—SOC 2 Type 2

    • Oracle CPQ Cloud Service (BigMachines)
    • Cobrowse Cloud Service (LiveLook)
    • Oracle B2B Marketing Automation (Oracle Eloqua Marketing Cloud Service)
    • Oracle Enterprise Performance Management (EPM)
    • Oracle Field Service Cloud Service (TOA)
    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud
    • Maxymiser Cloud Service
    • B2C Campaign Management (Responsys Marketing Cloud Service)
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)
    • Oracle Talent Cloud for Midsize (TBE)
    • Taleo Learn Cloud Service
    • Transportation Management Cloud Service (OTM)
    • Warehouse Management Cloud (LogFire)
  • SOC 3—System and Organization Controls 3

    SOC 3 is a report, like the SOC 2, on a service organization controls relevant to security, availability, processing integrity, confidentiality, or privacy. However, a SOC 3 can be distributed for general use and only states whether the or not the entity has achieved the Trust Service criteria, without any description of tests, results or opinions.

    Oracle Cloud Services have been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) for the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles. The SOC 3 general use report for whether or not the Trust Service criteria was achieved is available for the following services.

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Data Transfer
    • Database – Bare Metal
    • Database – Exadata
    • Database – Virtual Machine
    • Digital Assistant
    • Distributed Denial of Service (DDoS) Protection
    • Email Delivery
    • Events
    • FastConnect
    • File Storage
    • Functions
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Networking: Virtual Cloud Network (VCN)
    • Notifications
    • Object Storage
    • Registry
    • Resource Manager
    • Streaming
    • Web Application Firewall

    Read the report (PDF)

  • Personal Information Protection Act

    The Personal Information Protection Act of South Korea is a framework act on data protection for the public and private sectors. The Act regulates government agencies and private businesses in collection, use, processing, and destruction of personal information. The act makes no distinction between controllers and processors; both are considered “Personal information processors.” The Data protection framework is to be revised every three years. Oracle has built its infrastructure to support the Personal Information Protection Act for Oracle Cloud Infrastructure.

  • Three Ministries

    Three government ministries in Japan have developed guidelines to promote cloud security and the safeguarding of data for the medical institutions in Japan. These ministries include:

    • Ministry of Health, Labor and Welfare (MHLW): Guidelines for the Security Management of the Medical Information Systems
    • Ministry of Internal, Affairs and Communications (MIC): Security Management Guidelines for Cloud Service Providers Dealing with Medical Information
    • Ministry of Economy, Trade and Industry (METI): Security Management Guidelines for Information Processing Providers Dealing with Medical Information

    Oracle has been evaluated by a third-party assessor against the security requirements of Three Ministries. The report from Oracle Cloud Infrastructure’s independent assessor is designed to assist the customer in its own compliance efforts with respect to requirements outlined in the guidelines.

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Container Registry
    • Database
    • Database–Exadata
    • DNS
    • Fast Connect
    • File Storage
    • Identity and Access Management
    • Load Balancing
    • Object Storage
    • Tagging
    • Virtual Cloud Network (VCN)

    Oracle Cloud Infrastructure Classic

    • Oracle Application Container
    • Oracle Compute
    • Oracle Database
    • Oracle Database Backup
    • Oracle Java Cloud Service (JCS)
    • Oracle Object Storage
    • Service-Oriented Architecture (SOA) Suite

    Oracle PaaS

    • Oracle Autonomous Transaction Processing
    • Oracle Autonomous Data Warehouse
  • TISAX

    The Trusted Information Security Assessment Exchange (TISAX) is a German standard security assessment used by the automotive industry. TISAX is based on the Verband der Automobilindustrie (VDA) Information Security Assessment (ISA), which is an information security requirements catalogue based on key aspects of the international standard ISO/IEC 27001. It is used by companies both for internal purposes and by suppliers and service providers who process sensitive information from their respective companies. Oracle has been evaluated by a third-party assessor against TISAX security requirements for Oracle Cloud Infrastructure.

  • UK NHS DSPT

    The Data Security and Protection Toolkit is a self-assessment tool that measures performance against the United Kingdom's National Health Service 10 data security standards. Any organizations that have access to NHS patient data and systems must use this toolkit to provide assurance that they practice good data security and that personal information is handled correctly. Oracle has submitted their responses and has been rated as "Standards Exceeded".

    The scope of the Oracle assessment includes the following Oracle SaaS services for UK Government Cloud only:

    • Oracle Enterprise Performance Management (EPM)
    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)

    Oracle Cloud Infrastructure

    • Archive Storage
    • Audit
    • Bare Metal
    • Block Volume
    • Compute
    • Container Engine for Kubernetes
    • Data Transfer
    • DDoS Protection
    • Exadata
    • FastConnect
    • File Storage
    • Health Checks
    • Identity and Access Management
    • Key Management
    • Load Balancing
    • Monitoring
    • Notifications
    • Object Storage
    • Resource Manager
    • Registry
    • Streaming
    • Virtual Machine
    • VCN
  • United Kingdom Cloud Security Principles

    The UK National Cyber Security Centre (NCSC) was created to improve the security of and protect the UK internet and critical services from cyberattacks. The NCSC's 14 HMG Cloud Security Principles outline the requirements that cloud services should meet including considerations for data in-transit protection, supply chain security, identity and authentication, and secure use of the service.

    Oracle provides Assertion Statements which outline how UK Government Cloud offerings align with the UK National Cyber Security Centre (NCSC) Cloud Security Principles.

    Oracle Cloud Infrastructure

    National Cyber Security Centre (NCSC) guidance summarizes 14 essential security principles (the NCSC Cloud Security Principles) to consider when evaluating cloud services and provides context on why these may be important to an organization. Customers should decide which of the NCSC Cloud Security Principles are important and how much (if any) assurance they require in the implementation of these principles. Providers of cloud services should consider NCSC Cloud Security Principles when presenting their offerings to consumers. This will allow them to make informed choices about which services are appropriate for their needs. This whitepaper is intended to provide the reader and customers with an understanding of:

    • How Oracle Cloud Infrastructure’s administrative, physical and technical safeguards relevant to security, confidentiality and availability align with NCSC Cloud Security Principles.
    • How the responsibilities for security and implementation of the NCSC guidance are shared between Oracle Cloud Infrastructure (provider of cloud services) and the customer (consumer of cloud services).
    • How the customer can approach information security risk management and implementation of the NCSC Cloud Security Principles guidance using Oracle Cloud Infrastructure services.

    Services include:

    • Archive Storage
    • Audit
    • Block Volumes
    • Cloud Access Security Broker (CASB) Cloud Service
    • Compute
    • Container Engine for Kubernetes
    • Data Transfer
    • Database
    • Database–2–node Real Application Clusters (RAC)
    • Database–Autonomous Data Warehouse
    • Database–Autonomous Transaction Processing
    • Database–Exadata
    • Distributed Denial of Service (DDoS) Protection
    • Domain Name System (DNS)
    • Email Delivery
    • FastConnect
    • File Storage Service (FSS)
    • Identity and Access Management (IAM)
    • Key Management Service (KMS)
    • Load Balancing
    • Networking: Virtual Cloud Networks (VCN)
    • Object Storage
    • Registry
    • Storage Gateway

    Oracle SaaS

    Oracle has achieved HMG Cloud Security Principles Assertion for the following services for the UK Government Cloud only:

    • Oracle Enterprise Performance Management (EPM)
    • Oracle Enterprise Resource Planning
    • Oracle Human Capital Management
    • Oracle Supply Chain Management
    • Oracle Customer Experience Cloud
    • Oracle B2C Service (Service Cloud, OPA, RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)

    Read the white paper: National Cyber Security Centre (NCSC) Cloud Security Principles (PDF)