Oracle continuously strives to build trust and help customers meet strict regulatory requirements and respond to critical business demands. We’re pleased to announce that Oracle Cloud Infrastructure (OCI) has successfully completed audits for the compliance programs listed in this post. These assessments have added 10 or more new services to each program and expanded the regional scope to include the Vinhedo, Brazil data region.

Cloud computing compliance controls catalog (C5)

The cloud computing compliance control catalog (C5) is the IT security standard for cloud computing produced by the German Federal Office for Information Security (BSI). C5 assessment report provides customers assurance that baseline security controls have been implemented.

Cloud Security Alliance Security, Trust, Assurance, and Risk (CSA STAR) Level 2

The CSA is a non-profit organization that promotes best practices for providing security assurance in cloud computing. This achievement verifies that OCI has been assessed by an independent auditor against the CSA STAR Cloud Control Matrix (CCM) and received a CSA STAR Level 2 attestation that affirms the necessary security controls have been implemented.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a US legislation that provides data privacy and security provisions for safeguarding Protected Health Information (PHI). HIPAA applies to covered entities and business associates. OCI has successfully completed a third-party assessment that confirms effective controls have been implemented to meet the requirements of the HIPAA Security, Breach Notification, and Privacy Rules.

System and organization controls (SOC) 1, 2, and 3

SOC 1 is a report on a service organization controls relevant to internal control over financial reporting. SOC 2 and SOC 3 are reports on a service organization controls relevant to security, availability, processing integrity, confidentiality, or privacy using up to five trust principles. OCI was assessed using criteria outlined in AICPA, SSAE, IAASB, and ISAE standards for controls, suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.

New services for C5, CSA STAR, HIPAA, and SOC

  • Application Performance Monitoring

  • Bastion

  • Database Management

  • Database Migration

  • Decisions: Artificial intelligence

  • GoldenGate

  • Java Management

  • Network load balancer

  • Security zones

  • VPN Connect

  • Vulnerability scanning

New region

  • Brazil Southeast, Vinhedo

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is a global set of security standard designed to enhance cardholder data security and promote the adoption of consistent security measures related to cardholder data. OCI has successfully completed a PCI DSS audit and received an Attestation of Compliance (AoC).

New services for PCI DSS

  • Application Performance Monitoring

  • Bastion

  • Database Management

  • Database Migration

  • Decisions: Artificial Intelligence

  • GoldenGate

  • Java Management

  • Network load Balancer

  • VPN Connect

  • Vulnerability scanning

New region

  • Brazil Southeast, Vinhedo

Have other compliance questions?

The pursuit and achievement of these assurance compliance offerings reaffirms our commitment to internal control and data protection. Customers can use these third-party audits to assess how Oracle Cloud Infrastructure services can meet their compliance and data-processing needs. Customers can view and download compliance documents from the Console. The Console displays compliance documents available in a customer’s tenancy for the currently selected region.

For a comprehensive list of Oracle’s compliance programs, visit the Oracle Cloud Compliance webpage.