As a global cloud provider, we need to ensure that the compliance programs we offer keep pace with our regional expansion efforts. Today, we’re pleased to announce that Oracle Cloud Infrastructure (OCI) has completed third-party audits for key compliance programs, which include Cloud Computing Compliance Controls Catalog (C5), Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Level 2, Health Insurance Portability and Accountability Act (HIPAA), Systems and Organization Controls (SOC) 1, 2, and 3, and Payment Card Industry Data Security Standard (PCI DSS).

OCI is working diligently to provide our customers with the information that they need to understand and trust our information security practices. Independent third parties regularly assess our technical and administrative controls to ensure proper implementation. This assessment period added 15 or more OCI services and seven cloud regions to the scope of critical international compliance programs.

The following lists give a summary of the new regions and services, or you can access attestation certificates on-demand using the Compliance Documents service in the Oracle Cloud Console. The SOC 3 Report is also available, and HIPAA Assessed Services and Regions is available on our site.

New regions in scope for C5, CSA STAR, HIPAA, SOC, and PCI

  • France South (Marseille)

  • Israel Central (Jerusalem)

  • Italy Northwest (Milan)

  • Singapore (Singapore)

  • South Africa Central (Johannesburg)

  • Sweden Central (Stockholm)

  • UAE Central (Abu Dhabi)

New services in scope for C5, CSA STAR, HIPAA, and SOC

  • Accounts Management

  • Artifact Registry

  • Certificates

  • Data Labeling

  • Database Tools

  • DevOps: Build service

  • DevOps: Deployment pipelines

  • DevOps: Project service

  • DevOps: Source code management

  • Language

  • NoSQL Database

  • Operator Access Control

  • Speech

  • Threat Intelligence

  • Vision

New services in scope for PCI

  • Accounts Management

  • Artifact Registry

  • Certificates

  • Data Labeling

  • Database Tools

  • DevOps: Build service

  • DevOps: Deployment pipelines

  • DevOps: Project service

  • DevOps: Source code management

  • Language

  • NoSQL Database

  • Operator Access Control

  • Speech

  • Threat Intelligence

  • Vision

  • Visual Builder Cloud service

  • Visual Builder Studio

Learn More

We’re deeply committed to making our customers successful in the cloud and continue to invest in features and services to help address customers’ security and compliance needs. For more information on OCI compliance programs, see Oracle Cloud Compliance.

If you have other questions on using Oracle Cloud Infrastructure, contact one of our representatives for more information.