In May 2021, we announced the release of our PCI-compliant reference architecture that was validated by a third-party auditor, Schellman & Company. This preassessed web application reference architecture enables you to deploy a fully functioning PCI-compliant e-commerce site and reduce both time and cost when obtaining your own PCI certification.
Today, we’re back with more good news! We have successfully completed third-party ISO 27001 and SOC 2 assessments for our preassessed web application reference architecture.
Your workloads can use an architecture that incorporates security, availability, and integrity to process information that maintains confidentiality and privacy configurations. These features provide assurance that your systems are configured within the security and controls within an ISO 27001 and SOC-2 compliant manner. You might even reduce audits as your systems utilize a compliant automated mechanism for your systems. By following the recommendations in this preassessed web application reference architecture, you can maintain and manage your ISO 27001 and SOC-2 compliance for applications and workloads that you use on the cloud.
A custom ISMS
With the addition of ISO 27001 and SOC-2 controls, the reference architecture now includes a fully scoped and documented Information Security Management System (ISMS) that has been vetted by an ISO-certified auditor and an American Institute of Certified Public Accountants (AICPA) CPA. The ISMS was developed to be easily adaptable to your environment. This reference architecture also includes guidance on configuring controls to secure your workloads on OCI and prepare for an audit.
What’s next?
The preassessed web application reference architecture joins over 200 existing reference architectures, Quick Starts, and solutions playbooks from Oracle and our partners. Read more about the preassessed web application reference architecture by visiting Oracle’s Architecture Center.
To get started, fork the reference architecture on GitHub.