The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

ISO 27001 Certificate and SOC 1, 2 and 3 Attestations for Oracle Cloud Infrastructure

Yuecel Karabulut
Director of Product Management

I’m Yuecel Karabulut, Director of Product Management for the Oracle Cloud Infrastructure Security & Compliance team.

Oracle is continuously investing time and resources to meet customers’ strict requirements for internal control over financial reporting and data protection across variety of highly regulated industries. 
We’re pleased to announce that Oracle has successfully completed ISO/IEC 27001 Stage 2 and Service Organization Control (SOC) 1, 2 and 3 audits for Oracle Cloud Infrastructure.  


Oracle Cloud Infrastructure includes multiple services, including Compute, Storage, Block Volumes, Networking, Database, Governance, and Load Balancing. The audits cover Oracle Cloud Infrastructure regions in Phoenix (Arizona), Ashburn (Virginia), and Frankfurt am Main (Germany).  


Conducted by EY/CertifyPoint BV, Amsterdam, Netherlands, Oracle Cloud Infrastructure’s ISO/IEC 27001:2013 Stage 2 audit provides assurance that Oracle Cloud Infrastructure has designed and implemented an Information Security Management System (ISMS) in accordance with information security standard ISO 27002:2013 (Information technology – Security techniques – Code of practice for information security management).  Effective November 28, 2017, EY/CertifyPoint has issued ISO/IEC 27001:2013 certificate number 2017-024.


Conducted by Ernst & Young LLP, San Francisco, California, Oracle Cloud Infrastructure’s SOC 1 Type 2 examination provides assurance that controls relevant to internal control over financial reporting are designed and operating effectively; the SOC 2 Type 2 examination provides assurance that controls relevant to the AICPA Trust Services Security and Availability Principles are designed and operating effectively, and the SOC 3 examination provides assurance that Oracle Cloud Infrastructure maintained effective controls relevant to the security and availability of its IaaS offerings.


Independent assurance promotes trust and builds confidence in third-party service provider relationships. In particular, Oracle Cloud Infrastructure’s ISO 27001:2013 certification, SOC 1 Type 2 and SOC 2 Type 2 attestations as well as SOC 3 attestation offer customers the highest forms of independent assurance available with respect to internal control, data protection and regulatory compliance. These assurance reports play an important role in customers’ internal corporate governance, risk management processes, vendor management programs and regulatory oversight.


The issuance of these assurance reports reaffirms our commitment to internal control and data protection. Customers may use these third party audits to assess how Oracle's cloud services can meet their compliance and data-processing needs.


Please reach out with any questions or feedback. To learn more, check out the Compliance page on our website.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha