Derya Sözen Esen | Senior Manager | EMEA / LAD SaaS Compliance | November 28, 2022
Oracle Fusion Cloud Applications Suite achieved a Type 2 attestation for BIO on October 7, 2022.
Schellman & Company, LLC completed an examination to assess Oracle Fusion Cloud (“Oracle”) internal controls against the criteria within the Baseline Informatiebeveiliging Overheid (BIO) version 1 information security in government standard part 2 framework controls with additional governmental actions (BIO part 2 framework). The examination covers the period from June 1, 2021 to May 31, 2022. The examination focused on Oracle’s information security program supporting Oracle Fusion Cloud Applications Suite, including Oracle Fusion Cloud Enterprise Performance Management (EPM), and Oracle European Union Restricted Access (EURA) Cloud Service for Oracle Fusion Applications and Oracle Cloud EPM and related Oracle controls that assist Oracle customers in meeting their own requirements set forth in BIO. Oracle itself is not directly subject to compliance with BIO requirements.
Schellman conducted the examination in accordance with attestation standards established by the AICPA SSAE 18, Attestation Standards: Clarification and Recodification and in accordance with ISAE 3000, Assurance Engagements Other than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Standards Board. Based on the examination, Schellman did not identify any testing exceptions for Oracle’s controls related to how customers subject to the BIO part 2 framework may be compliant when using the Oracle Fusion Applications, Oracle Cloud EPM, and Oracle EURA Cloud Service for Oracle Fusion Applications and Oracle Cloud EPM, as noted in their opinion dated October 7, 2022. Schellman compiled a formal report following the examination.
Customers are solely responsible for determining the suitability of a cloud service in the context of BIO. The information in the report compiled by Schellman is provided to aid Dutch customers in their evaluation of Oracle Fusion Applications. The reports are available both in English and Dutch.
Please reach out to your Sales Representative and/or Account Manager to request access to the attestation report. To learn more of our compliance activities, check out the Compliance page on our website and Compliance Considerations for Cloud Services blogpost.
IT regulatory compliance senior manager with a profound technical background with over 13 years of experience in the field. Derya Sözen Esen manages IT regulatory compliance activities across the EMEA and LAD regions for Oracle Cloud Applications. Derya is actively participating in working groups for development of new regulations/standards and running a doctoral research on Artificial Intelligence compliance and auditing.