Data security has never been more important and enterprises must continue to improve their security posture to meet strict compliance requirements and protect their businesses. Oracle Cloud Infrastructure is continuing to invest to provide services to help our customers more easily meet their security and compliance needs. We recently announced ISO/IEC 27001 Certification and the availability of Service Organization Controls (SOC) 1, 2 and 3 Reports, and are pleased to announce that, effective May 1, 2018, Oracle has received a Payment Card Industry Data Security Standard (PCI DSS) Attestation of Compliance (AoC) covering Oracle Cloud Infrastructure services.
Oracle Cloud Infrastructure provides Infrastructure as a Service (IaaS) that enables customers to build, deploy and maintain reliable, secure, scalable environments. As a PCI Level 1 Service Provider, customers can now use these services for workloads that store, process or transmit cardholder data.
Conducted by independent third party Schellman & Company, LLC, Oracle Cloud Infrastructure’s AoC demonstrates compliance with all PCI DSS requirements applicable to a Service Provider and enables customers to run payment-card related applications and workloads on Oracle’s PCI compliant Cloud Infrastructure services.
Oracle Cloud Infrastructure services covered in our AoC include Compute, Networking, Load Balancing, Block Volumes, Object Storage, Archive Storage, File Storage, Data Transfer Service, Database, Exadata, Container Engine for Kubernetes, Registry, FastConnect, and Governance Services.
The development, deployment, configuration and management of underlying services, infrastructure and systems are the responsibility of Oracle Cloud Infrastructure. Customers are responsible to maintain and manage their PCI DSS compliance with respect to applications and workloads they use on Oracle Cloud Infrastructure. For details about Oracle Cloud Infrastructure security capabilities, see the Oracle Cloud Infrastructure Security white paper and other security and compliance resources.
PCI DSS is a globally recognized security standard for payment workloads, including the storage, processing or transmission of cardholder data. The issuance of Oracle Cloud Infrastructure’s PCI DSS AoC reaffirms our commitment to security and data protection. Customers may use this PCI DSS AoC to assess how Oracle's cloud services can meet their payment card related compliance needs.