The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Oracle Announces PCI DSS Attestation of Compliance (AoC) for Oracle Cloud Infrastructure

Yuecel Karabulut
Director of Product Management

Data security has never been more important and enterprises must continue to improve their security posture to meet strict compliance requirements and protect their businesses. Oracle Cloud Infrastructure is continuing to invest to provide services to help our customers more easily meet their security and compliance needs.  We recently announced ISO/IEC 27001 Certification and the availability of Service Organization Controls (SOC) 1, 2 and 3 Reports, and are pleased to announce that, effective May 1, 2018, Oracle has received a Payment Card Industry Data Security Standard (PCI DSS) Attestation of Compliance (AoC) covering Oracle Cloud Infrastructure services.

Oracle Cloud Infrastructure provides Infrastructure as a Service (IaaS) that enables customers to build, deploy and maintain reliable, secure, scalable environments. As a PCI Level 1 Service Provider, customers can now use these services for workloads that store, process or transmit cardholder data.

Conducted by independent third party Schellman & Company, LLC, Oracle Cloud Infrastructure’s AoC demonstrates compliance with all PCI DSS requirements applicable to a Service Provider and enables customers to run payment-card related applications and workloads on Oracle’s PCI compliant Cloud Infrastructure services.

Oracle Cloud Infrastructure services covered in our AoC include Compute, Networking, Load Balancing, Block Volumes, Object Storage, Archive Storage, File Storage, Data Transfer Service, Database, Exadata, Container Engine for Kubernetes, Registry, FastConnect, and Governance Services.

The development, deployment, configuration and management of underlying services, infrastructure and systems are the responsibility of Oracle Cloud Infrastructure. Customers are responsible to maintain and manage their PCI DSS compliance with respect to applications and workloads they use on Oracle Cloud Infrastructure.  For details about Oracle Cloud Infrastructure security capabilities, see the Oracle Cloud Infrastructure Security white paper and other security and compliance resources.

PCI DSS is a globally recognized security standard for payment workloads, including the storage, processing or transmission of cardholder data. The issuance of Oracle Cloud Infrastructure’s PCI DSS AoC reaffirms our commitment to security and data protection. Customers may use this PCI DSS AoC to assess how Oracle's cloud services can meet their payment card related compliance needs.

Join the discussion

Comments ( 1 )
  • Jose David Alvarez Friday, February 15, 2019
    Is it possible to have a copy of AOC or your registry /seal somewhere in your webpage as reference for PCI DSS compliance?
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha