Oracle Cloud Compliance

 

Compliance

Oracle has been engaging with external assessment entities and independent auditors to meet a broad set of international and industry-specific compliance standards for service deployments in Oracle Cloud such as ISO 27001, SOC1, SOC2, PCI DSS, HIPAA/HITECH, and FedRAMP.

Select Region
Select Country
 
CJIS
Criminal Justice Information Services
 
The Criminal Justice Information Services (CJIS) Security Policy establishes guidelines for specific security precautions to protect criminal justice information (CJI), e.g. fingerprints and criminal backgrounds.

Oracle has obtained a third-party assessment of available security controls for certain Cloud Services against the technical requirements of Criminal Justice Information Services (CJIS) within our Oracle Government Cloud environments.
 
  • Oracle Cloud Infrastructure Classic
    • Compute Classic
    • Object Storage Classic
  •  
  • Oracle PaaS
    • Big Data Cloud Service - Compute Edition
    • Database Backup Cloud Service
    • Database Cloud Service
    • Exadata Cloud Service
    • Golden Gate Cloud Service
    • Java Cloud Service
  • Oracle SaaS
    • Fusion (HCM, CRM, ERP, SCM)
    • Service Cloud (OPA & RightNow CX)
 
Cloud Security Principles
 
 
The UK National Cyber Security Centre (NCSC) was created to improve the security of and protect the UK internet and critical services from cyber attacks. The NCSC's 14 HMG Cloud Security Principles outline the requirements that cloud services should meet including considerations for data in-transit protection, supply chain security, identity and authentication and secure use of the service.

Oracle provides Assertion Statements which outline how UK Gov Cloud offerings align with the UK National Cyber Security Centre (NCSC) Cloud Security Principles.
 
  • Oracle SaaS
    Oracle has achieved HMG Cloud Security Principles Assertion for the following services for the UK Gov Cloud only:
    • Enterprise Performance Management (EPM): Account Reconciliation
    • EPM: Enterprise Performance Reporting
    • EPM: Enterprise Planning and Budgeting
    • EPM: Financial Consolidation and Close
    • EPM: Planning and Budgeting
    • EPM: Profitability and Cost
    • EPM: Tax Reporting
    • Fusion (HCM, CRM, ERP)
    • Service Cloud (OPA & RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)
 
Cyber Essentials Plus
 
Cyber Essentials is a UK government-backed model that identifies the technical security controls an organization needs within their IT systems to defend against common cyber threats. It can help demonstrate that an organization can identify and mitigate potential cyber risks, has adopted security controls to protect customer data, and is compliant with UK government requirements to bid for UK government contracts. Cyber Essentials PLUS covers the same requirements as Cyber Essentials, but the tests of the systems are carried out by an authorized, external certifying body.

Oracle has obtained Cyber Essentials Plus Certification for our UK Gov Cloud offerings.
 
  • Oracle SaaS
    Oracle has achieved Cyber Essentials Plus Certification for the following services for the UK Gov Cloud only:
    • Enterprise Performance Management (EPM): Account Reconciliation
    • EPM: Enterprise Performance Reporting
    • EPM: Enterprise Planning and Budgeting
    • EPM: Financial Consolidation and Close
    • EPM: Planning and Budgeting
    • EPM: Profitability and Cost
    • EPM: Tax Reporting
    • Fusion (HCM, CRM, ERP)
    • Service Cloud (OPA & RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)
 
DISA SRG
Defense Information Systems Agency, Security Requirements Guide
 
The Defense Information Systems Agency (DISA) Cloud Computing Security Requirements Guide (CC SRG) outlines how the DoD will assess the security posture of non-DoD cloud service providers (CSPs) and how non-DoD CSPs can show they meet the security controls and requirements. These baseline cloud security requirements are required before handling any DoD data.

All cloud computing is required to take place in the U.S and are based off of impact levels:
  • Impact Level 2 - data cleared for public release (note: Level 1 was combined with Level 2)
  • Impact Level 4 – controlled unclassified information (CUI) over NIPRNet. CUI includes protected health information (PHI), privacy information (PII) and export controlled data (note: Level 3 was combined with Level 4)
  • Impact Level 5 – higher sensitivity CUI, mission critical information, or NSS over NIPRNet
  • Impact Level 6 – Classified data over SIPRNet
 
For select services Oracle has received Department of Defense (DoD) Provisional Authorizations at Impact Levels 5, 4, and 2.
 
  • Oracle SaaS
    Oracle has achieved a DISA SRG Level 4 Accreditation for the following services within the Oracle DoD Cloud:
    • Service Cloud (OPA & RightNow CX)
     
    Oracle has achieved a DISA SRG Level 4 Authorization for the following services within the Gov Cloud:
    • Service Cloud (OPA & RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)
 
FedRAMP
Federal Risk and Authorization Management Program
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide program that provides a standard approach to the security assessment, authorization and continuous monitoring for cloud products and services. U.S. Federal agencies are directed by the Office of Management and Budget (OMB) to leverage FedRAMP to ensure security is in place when accessing cloud products and services.

FedRAMP uses the NIST Special Publication 800-53, which provides a catalog of security controls for all U.S. Federal information systems. FedRAMP requires cloud service providers (CSP) to receive an independent security review performed by a third party assessment organization (3PAO) to ensure authorizations are compliant with the Federal Information Security Management Act (FISMA).

The following Oracle Cloud Services have received US Federal Risk and Authorization Management Program (FedRAMP) P-ATOs and ATOs up to the High baseline level defined by FedRAMP.
 
  • Oracle SaaS
    Oracle has achieved FedRAMP Moderate (baseline) Authorizations to Operate for the following services within the Oracle US Gov Cloud:
    • Service Cloud (OPA & RightNow CX)
    • Oracle Talent Acquisition Cloud (Taleo)
  •  
  • Oracle has achieved FedRAMP High (baseline) Authorization to Operate for the following Oracle US Gov Cloud offering:
    • Oracle Government Cloud – Common Controls
  •  
  • Oracle has achieved FedRAMP Ready Status for the following service:
    • Fusion (HCM, CRM, ERP, SCM)
 
FIPS 140-2
Federal Information Processing Standards Publication 140-2
 
Oracle has obtained a third-party assessment of available security controls for certain Cloud Services against the technical requirements of US Federal Info Processing Standard (FIPS 140-2) within our Oracle Government Cloud environments.

The Federal Information Processing Standard Publication 140-2 (FIPS 140-2) is a US government security standard that specifies the security requirements related to the design and implementation of cryptographic modules protecting sensitive data. Cryptographic module protection within a security system is needed to maintain the confidentiality and integrity of the data protected by the module.
 
  • Oracle Cloud Infrastructure Classic
    • Compute Classic
    • Object Storage Classic
  •  
  • Oracle PaaS
    • Big Data Cloud Service - Compute Edition
    • Database Backup Cloud Service
    • Database Cloud Service
    • Exadata Cloud Service
    • Golden Gate Cloud Service
    • Java Cloud Service
  • Oracle SaaS
    • Oracle Talent Acquisition Cloud (Taleo)
    • Service Cloud (OPA & RightNow CX)
 
FISC
Financial Industry Information Systems
The Center for Financial Industry Information Systems (FISC), created by the Japanese Ministry of Finance, consists of financial institutions, insurance companies and securities firms, as well as computer manufacturers and telecommunication companies. The organization established the FISC Security Guidelines in 1985. These guidelines provide basic standards in architecture and operation on information systems for banking and other related financial institutions.

Oracle has obtained a third-party assessment against the Financial Industry Information Systems (FISC) v8 security guidelines in select facilities in Japan.
 
  • Oracle PaaS
    • Application Container Cloud Service
    • Database Backup Service
    • Database Cloud Service (DBCS)
    • Java Cloud Service (JCS / JaaS)
    • SOA Suite Cloud Service
 
GDPR
General Data Protection Regulation
 
Oracle offers a wide range of security solutions to help customers meet requirements of the GDPR, including services for administrative access controls, network security controls, logging, and encryption.
 
HIPAA
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is US legislation that provides data privacy and security provisions for safeguarding Protected Health Information (PHI). HIPAA applies to covered entities and business associates. A covered entity is any organization that collects, creates, or transmits PHI electronically such as health care providers, health care clearinghouses, and health insurance providers. A business associate is any organization that encounters PHI in any way over the course of work that it has been contracted to perform on behalf of a covered entity.

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of protected health information (PHI). The HIPAA Breach Notification Rule requires covered entities and their business associates to provide notification following a breach of unsecured PHI. By law, the Privacy Rule applies only to covered entities (e.g., health plans, health care clearinghouses and certain health care providers). However, parts may be applicable to business associates.

Oracle has obtained a third-party assessment of available security controls for certain Cloud Services against the requirements of Health Insurance Portability & Accountability Act (HIPAA) and offers Business Associate Agreements (BAAs) for these services.
 
  • Oracle Cloud Infrastructure
    • Archive Storage
    • Audit
    • Block Volumes
    • Bulk Data Upload
    • Compute
    • Database
    • Database – Exadata
    • Database 2-Node RAC
    • FastConnect
    • File Storage Service
    • Identity and Access Management
    • Load Balancing
    • Networking
    • Object Storage
    • Virtual Cloud Networks (VCN)
  •  
  • Oracle Cloud Infrastructure Classic
    Oracle has successfully completed third party HIPAA assessments for the following services within both commercial and US Gov datacenters located in Chicago (Illinois) and Ashburn (Virginia):
    • Compute Classic
    • Storage Classic
    • Container Service Classic
  • Oracle PaaS
    Oracle has successfully completed third party HIPAA assessments for the following services within both commercial and US Gov datacenters located in Chicago (Illinois) and Ashburn (Virginia):
    • Oracle API Platform Cloud Service
    • Oracle Analytics Cloud (OAC)
    • Oracle Big Data Cloud Service - Compute Edition
    • Oracle Database Backup Cloud Service
    • Oracle Database Cloud Service
    • Oracle Event Hub Cloud
    • Oracle Exadata Cloud Service (OEDCS)
    • Oracle Golden Gate Cloud Service
    • Oracle Identity Cloud Service (IDCS)
    • Oracle Internet of Things (IoT) Cloud
    • Oracle Java Cloud Service
    • MySQL Cloud Service
    • Oracle Data Integrator Cloud Service
    • Service-Oriented Architecture (SOA) Suite
  •  
  • Oracle SaaS
    Oracle has successfully completed third party HIPAA assessments for the following services:
    • Eloqua Marketing Cloud Service
    • Fusion ERP/HCM/CRM/SCM
    • Service Cloud (OPA & RightNow CX)
 
IRS 1075
Internal Revenue Service Publication 1075
 
The Internal Revenue Service Publication 1075 (IRS 1075) is a US government guideline to ensure effective security controls are in place to protect Federal Tax Information (FTI). The IRS 1075 assessment report provides information on the available technical safeguards intended to adequately protect the confidentiality and integrity of FTI.

Oracle has obtained a third-party assessment of available security controls for certain Cloud Services against the technical requirements of US Internal Revenue Service Publication 1075 within our Oracle Government Cloud environments.
 
  • Oracle Cloud Infrastructure Classic
    • Compute Classic
    • Object Storage Classic
  •  
  • Oracle PaaS
    • Big Data Cloud Service - Compute Edition
    • Database Backup Cloud Service
    • Database Cloud Service
    • Exadata Cloud Service
    • Golden Gate Cloud Service
    • Java Cloud Service
  • Oracle SaaS
    • Fusion (HCM, CRM, ERP, SCM)
    • Service Cloud (OPA & RightNow CX)
 
ISO 27001
International Organization for Standardization 27001
ISO 27001:2013 is an international standard that covers the planning, implementation, monitoring, and improvement of an Information Security Management System. This widely adopted global security standard sets out requirements and best practices for a systematic approach to managing company and customer information based on periodic security risk assessments.

Oracle has achieved International Standards Organization (ISO)/International Electrotechnical Commission (IEC) 27001:2013 certification for the Oracle Cloud Information Security Management System (ISMS), additionally, ISO 27017 has been included within scope of our ISO/IEC 27001:2013 certification.
 
  • Oracle Cloud Infrastructure
    • Oracle has successfully completed an ISO/IEC 27001:2013 audit for Oracle Cloud Infrastructure.
    • Additionally, Oracle Cloud Infrastructure Edge Services successfully completed an ISO/ IEC 27001:2013 audit
    • Conducted by EY/CertifyPoint BV, Amsterdam, Netherlands, Oracle Cloud Infrastructure’s ISO/IEC 27001:2013 audit provides assurance that Oracle Cloud Infrastructure has designed and implemented an Information Security Management System (ISMS) in accordance with information security standard ISO 27002:2013 (Information technology – Security techniques – Code of practice for information security management).
  •  
  • Oracle PaaS
    • Oracle has achieved ISO/IEC 27001:2013 certification for the Oracle Cloud Information Security Management System (ISMS) consumed by all SaaS, PaaS, and Oracle Cloud Infrastructure Classic services, in all datacenters where these services reside. Additionally, ISO 27017 has been included within scope of our ISO/IEC 27001:2013 certification.
  • Oracle SaaS
    • Oracle has achieved International Standards Organization (ISO)/International Electrotechnical Commission (IEC) 27001:2013 certification for the Oracle Cloud Information Security Management System (ISMS), additionally, ISO 27017 has been included within scope of our ISO/IEC 27001:2013 certification.
 
MARS-E
Minimum Acceptable Risk Standards for Exchanges
 
The Minimum Acceptable Risk Standards for Exchanges (MARS-E) is a suite of documents assembled by the Centers for Medicare & Medicaid Services (CMS). The CMS has oversight responsibility of Exchange information technology (IT) systems. The suite of documents defines a risk-based Security and Privacy Framework for Exchange information technology (IT) system design and implementation. The document suite includes guidance, requirements, and templates that address the mandates of the Patient Protection and Affordable Care Act of 2010 (ACA).

Oracle has obtained a third-party assessment of available security controls for certain Cloud Services against the technical requirements of US Minimum Acceptable Risk Standards for Exchanges (MARS-E) within our Oracle Government Cloud environments.
 
  • Oracle Cloud Infrastructure Classic
    • Compute Classic
    • Object Storage Classic
  •  
  • Oracle PaaS
    • Big Data Cloud Service - Compute Edition
    • Database Backup Cloud Service
    • Database Cloud Service
    • Exadata Cloud Service
    • Golden Gate Cloud Service
    • Java Cloud Service
  • Oracle SaaS
    • Service Cloud (OPA & RightNow CX)
 
NIST 800-171/DFARS 252.7012
National Institute of Standards and Technology Special Publication 800-171 / Defense Federal Acquisition Regulation Supplement 252.7012
 
The National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” provides security requirements for protecting the confidentiality of Controlled Unclassified Information (CUI). Federal agencies use the requirements in contractual vehicles or other agreements established between those agencies and nonfederal organizations. The requirements apply to all nonfederal information systems and organizations that process, store, or transmit CUI.

Oracle has obtained a third-party assessment of available security controls for certain Cloud Services against the technical requirements of NIST 800-171 and DFARS 252.7012 within our Oracle Government Cloud environments.
 
  • Oracle Cloud Infrastructure Classic
    • Compute Classic
    • Object Storage Classic
  •  
  • Oracle PaaS
    • Big Data Cloud Service - Compute Edition
    • Database Backup Cloud Service
    • Database Cloud Service
    • Exadata Cloud Service
    • Golden Gate Cloud Service
    • Java Cloud Service
  • Oracle SaaS
    • Fusion (HCM, CRM, ERP, SCM)
    • Oracle Talent Acquisition Cloud (Taleo)
    • Service Cloud (OPA & RightNow CX)
 
PCI DSS
Payment Card Industry Data Security Standard
 
The Payment Card Industry Data Security Standard (PCI DSS) is a global set of security standard designed to encourage and enhance cardholder data security and promote the adoption of consistent data security measures around the technical and operational components related to cardholder data.

Oracle has successfully completed a Payment Card Industry Data Security Standard (PCI DSS) audit and received an Attestation of Compliance (AoC) covering several Oracle Cloud Infrastructure services and the Oracle RightNow Service Cloud Service. As a PCI Level 1 Service Provider, customers can now use these services for workloads that store, process or transmit cardholder data.
 
  • Oracle Cloud Infrastructure
    • Archive Storage
    • Block Volumes
    • Compute
    • Containers
    • Data Transfer Service
    • Database
    • Database – Exadata
    • Database 2-Node RAC
    • FastConnect
    • File Storage Service
    • Governance
    • Key Management
    • Load Balancing
    • Networking
    • Object Storage
    • Registry
  • Oracle SaaS
    • Commerce Cloud
    • Service Cloud (OPA & RightNow CX)
 
SOC 1
System and Organization Controls 1
SOC 1 is a report on a service organization controls relevant to internal control over financial reporting. A “type 1” report focuses on the suitability of the system's design of its controls to achieve the control objectives. A “type 2” report includes the “type 1” report opinions; additionally, it includes an opinion on the operating effectiveness of the controls to achieve the control objectives as well as a description of the service auditor’s tests of the controls and results.

Oracle Cloud Services have been assessed using the American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements (SSAE) No. 18 (System and Organization Controls (SOC) 1) and the International Auditing and Assurance Standards Board (IAASB) International Standard of Assurance Engagements (ISAE) 3402 standards for the suitability of the design and operating effectiveness of the specified controls.
 
  • Oracle Cloud Infrastructure - SOC 1 Type 2
    • Archive Storage
    • Audit
    • Block Volumes
    • Bulk Data Upload
    • Compute
    • Database
    • Database – Exadata
    • Database 2-Node RAC
    • DNS (Edge Services)
    • Email Delivery (Edge Services)
    • FastConnect
    • File Storage Service
    • Identity and Access Management
    • Load Balancing
    • Networking
    • Object Storage
    • Virtual Cloud Networks (VCN)
  •  
    Oracle Cloud Infrastructure Classic - SOC 1 Type 2
    • Compute Classic
    • Storage Classic
     
    Oracle PaaS - SOC 1 Type 1
    • Oracle API Platform Cloud Service
    • Oracle Data Integrator Cloud Service (ODICS)
  • Oracle PaaS - SOC 1 Type 2
    • MySQL Cloud Service
    • Oracle Analytics Cloud (OAC)
    • Oracle API Catalog Cloud Service
    • Oracle API Platform Cloud Service
    • Oracle Application Container Cloud Service
    • Oracle Big Data Cloud Service - Compute Edition
    • Oracle Big Data Cloud Service (OBDCS)
    • Oracle Big Data Discovery Cloud Service (OBDDCS)
    • Oracle Big Data Preparation Cloud Service (OBDPCS)
    • Oracle Business Intelligence Cloud Service
    • Oracle Cloud Infrastructure - VPN Classic for Engineered Systems
    • Oracle Content and Experience Cloud Service
    • Oracle Data Integrator Cloud Service
    • Oracle Data Visualization Cloud Service
    • Oracle Database Backup Cloud Service
    • Oracle Database Cloud Service
    • Oracle Database Exadata Cloud Service
    • Oracle Database Schema Service
    • Oracle Event Hub Cloud Service
    • Oracle Exadata Express Cloud Service
    • Oracle GoldenGate Cloud Service
    • Oracle Identity Cloud Service (IDCS)
    • Oracle Integration Cloud Service
    • Oracle Internet of Things (IoT) Cloud Service
    • Oracle Java Cloud Service
    • Oracle Java Cloud Service for Software as a Service Extensions
    • Oracle Management Cloud Service
    • Oracle Messaging Cloud Service
    • Oracle Mobile Cloud Service
    • Oracle Process Cloud Service
    • Oracle Service Oriented Architecture Cloud Service
    • Oracle Visual Builder Cloud Service
    • Oracle WebCenter Portal Cloud Service
     
    Oracle SaaS - SOC 1 Type 2
    • BigMachines CPQ Cloud Service
    • Cobrowse Cloud Service (LiveLook)
    • Eloqua Marketing Cloud Service
    • Enterprise Performance Management (EPM): Account Reconciliation
    • EPM: Enterprise Performance Reporting
    • EPM: Enterprise Planning and Budgeting
    • EPM: Financial Consolidation and Close
    • EPM: Planning and Budgeting
    • EPM: Profitability and Cost
    • EPM: Tax Reporting
    • Field Service Cloud Service (TOA)
    • Fusion ERP/HCM/CRM/SCM
    • Maxymiser
    • Responsys Marketing Platform Cloud Service
    • Service Cloud (OPA & RightNow CX)
    • Social Relationship Management Cloud Service (SRM)
    • Oracle Talent Acquisition Cloud (Taleo)
    • Transportation Management Cloud Service (OTM)
    • Warehouse Management Cloud (fka LogFire)
 
SOC 2
System and Organization Controls 2
SOC 2 is a report on a service organization controls relevant to security, availability, processing integrity, confidentiality, or privacy using up to five trust principles. A given SOC 2 report may be based on one or more trust principles. Similar to a SOC 1 report, SOC 2 also have type 1 or type 2 available.

Oracle Cloud Services have been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) for the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.
 
  • Oracle Cloud Infrastructure - SOC 2 Type 2
    • Archive Storage
    • Audit
    • Block Volumes
    • Bulk Data Upload
    • Compute
    • Database
    • Database – Exadata
    • Database 2-Node RAC
    • DNS (Edge Services)
    • Email Delivery (Edge Services)
    • FastConnect
    • File Storage Service
    • Identity and Access Management
    • Load Balancing
    • Networking
    • Object Storage
    • Virtual Cloud Networks (VCN)
  •  
  • Oracle Cloud Infrastructure Classic - SOC 2 Type 2
    • Oracle Block Storage Classic Service
    • Oracle Archive Storage Classic Service
    • Oracle Compute Classic
    • Oracle Container Classic Service
    • Oracle Network Cloud Service
    • Oracle Object Storage Classic Service
    • Oracle Dedicate Compute Classic Service
    • Oracle Load Balancer Classic Service
  •  
  • Oracle PaaS - SOC 2 Type 1
    • Oracle API Platform Cloud Service
    • Oracle Data Integrator Cloud Service (ODICS)
  • Oracle PaaS - SOC 2 Type 2
    • MySQL Cloud Service
    • Oracle Analytics Cloud (OAC)
    • Oracle API Catalog Cloud Service
    • Oracle API Platform Cloud Service
    • Oracle Application Builder Cloud Service (OABCS)
    • Oracle Application Container Cloud Service
    • Oracle Big Data Cloud Service - Compute Edition
    • Oracle Big Data Cloud Service (OBDCS)
    • Oracle Big Data Discovery Cloud Service (OBDDCS)
    • Oracle Big Data Preparation Cloud Service (OBDPCS)
    • Oracle Business Intelligence Cloud Service
    • Oracle Cloud Access Security Broker (CASB) Cloud Service
    • Oracle Cloud Infrastructure - VPN Classic for Engineered Systems
    • Oracle Content and Experience Cloud Service
    • Oracle Data Integrator Cloud Service
    • Oracle Data Visualization Cloud Service
    • Oracle Database Backup Cloud Service
    • Oracle Database Cloud Service
    • Oracle Database Exadata Cloud Service
    • Oracle Database Schema Service
    • Oracle Event Hub Cloud Service
    • Oracle Exadata Express Cloud Service
    • Oracle GoldenGate Cloud Service
    • Oracle Identity Cloud Service (IDCS)
    • Oracle Integration Cloud Service
    • Oracle Internet of Things (IoT) Cloud Service
    • Oracle Java Cloud Service
    • Oracle Java Cloud Service for Software as a Service Extensions
    • Oracle Management Cloud Service
    • Oracle Messaging Cloud Service
    • Oracle Mobile Cloud Service
    • Oracle Process Cloud Service
    • Oracle Service Oriented Architecture Cloud Service
    • Oracle Visual Builder Cloud Service
    • Oracle WebCenter Portal Cloud Service
    • Service-Oriented Architecture (SOA) Suite
  •  
  • Oracle SaaS - SOC 2 Type 2
    • BigMachines CPQ Cloud Service
    • Cobrowse Cloud Service (LiveLook)
    • Eloqua Marketing Cloud Service
    • Enterprise Performance Management (EPM): Account Reconciliation
    • EPM: Enterprise Performance Reporting
    • EPM: Enterprise Planning and Budgeting
    • EPM: Financial Consolidation and Close
    • EPM: Planning and Budgeting
    • EPM: Profitability and Cost
    • EPM: Tax Reporting
    • Field Service Cloud Service (TOA)
    • Fusion ERP/HCM/CRM/SCM
    • Maxymiser
    • Responsys Marketing Platform Cloud Service
    • Service Cloud (OPA & RightNow CX)
    • Social Relationship Management Cloud Service (SRM)
    • Oracle Talent Acquisition Cloud (Taleo)
    • Transportation Management Cloud Service (OTM)
    • Warehouse Management Cloud (fka LogFire)
 
SOC 3
System and Organization Controls 3
SOC 3 is a report, like the SOC 2, on a service organization controls relevant to security, availability, processing integrity, confidentiality, or privacy. However, a SOC 3 can be distributed for general use and only states whether the or not the entity has achieved the Trust Service criteria, without any description of tests, results or opinions.

Oracle Cloud Services have been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) for the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles. The SOC 3 general use report for whether or not the Trust Service criteria was achieved is available for the following services.
 
  • Oracle Cloud Infrastructure
    • Archive Storage
    • Audit
    • Block Volumes
    • Bulk Data Upload
    • Compute
    • Database
    • Database – Exadata
    • Database 2-Node RAC
    • FastConnect
    • File Storage Service
    • Identity and Access Management
    • Load Balancing
    • Networking
    • Object Storage
    • Virtual Cloud Networks (VCN)
 
 
 
×
Call us now
1-800-633-0738 (United States)

Contact
×
Call us now
1-800-633-0738 (United States)

Technical Support

Oracle Cloud Discussion Forums