X

The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Oracle expands scope for foundational cloud compliance programs

Agnieszka Walkowiak
Senior Manager, Regulated Markets Compliance & Assurance

Co-authored by Christine Graham.

Oracle is continuously working to meet customers’ strict regulatory requirements for data protection across various highly regulated industries. We’re pleased to announce that Oracle Cloud Infrastructure (OCI) has successfully completed audits for the compliance programs listed in this post. With these new compliance achievements, we’ve added over 20 new services to each program and expanded our regional scope to include Cardiff, UK, Dubai, UAE, and Santiago, Chile.

Cloud Computing Compliance Controls Catalog (C5)

C5 is produced by the German Ministry for Information Security (BSI), and is a set of minimum controls that cloud providers need with the goal of establishing a baseline for cloud security.

New services

  • Analytics Cloud

  • Autonomous Database on Dedicated Cloud at Customer Exadata Infrastructure (ADB-D)

  • Autonomous Database on Dedicated Exadata Infrastructure (ADB-D)

  • Autonomous Database on Shared Exadata Infrastructure (ADB-S)

  • Blockchain Platform

  • Client Log service for SaaS Extensions and VB Studio

  • Cloud Guard

  • Content and Experience

  • Data Catalog

  • Data Integration

  • Data Safe

  • Fusion Analytics Warehouse

  • Integration

  • Logging Analytics

  • Logging

  • Management Agent

  • OS Management

  • Operations Insights

  • Optimizer

  • Search or Resource Query Manager

  • Service Connector Hub

  • Tagging

  • Gen2 Exadata Cloud@Customer

New regions

  • Chile Central (Santiago)

  • UAE East (Dubai)

  • UK West (Cardiff)

Cloud Security Alliance (CSA) Security Trust, Assurance and Risk (STAR) Level 2

OCI has been assessed by an independent auditor against the CSA STAR Level 2 framework. STAR attestation uses a rigorous assessment performed by an independent, third party that affirms OCI has implemented necessary security controls.

New services

  • Analytics Cloud

  • Autonomous Database on Dedicated Cloud at Customer Exadata Infrastructure (ADB-D)

  • Autonomous Database on Dedicated Exadata Infrastructure (ADB-D)

  • Autonomous Database on Shared Exadata Infrastructure (ADB-S)

  • Blockchain Platform

  • Client Log service for SaaS Extensions and VB Studio

  • Cloud Guard

  • Content and Experience

  • Data Catalog

  • Data Integration

  • Data Safe

  • Fusion Analytics Warehouse

  • Integration

  • Logging Analytics

  • Logging

  • Management Agent

  • OS Management

  • Operations Insights

  • Optimizer

  • Search or Resource Query Manager

  • Service Connector Hub

  • Tagging

  • Gen2 Exadata Cloud@Customer

New regions

  • Chile Central (Santiago)

  • UAE East (Dubai)

  • UK West (Cardiff)

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a US legislation that provides data privacy and security provisions for safeguarding Protected Health Information (PHI). HIPAA applies to covered entities and business associates. Oracle Cloud Infrastructure has successfully completed third-party HIPAA assessments for new services within our data centers.

New services

  • Analytics Cloud

  • Autonomous Database on Dedicated Cloud at Customer Exadata Infrastructure (ADB-D)

  • Autonomous Database on Dedicated Exadata Infrastructure (ADB-D)

  • Autonomous Database on Shared Exadata Infrastructure (ADB-S)

  • Blockchain Platform

  • Client Log service for SaaS Extensions and VB Studio

  • Cloud Guard

  • Content and Experience

  • Data Catalog

  • Data Integration

  • Data Safe

  • Fusion Analytics Warehouse

  • Integration

  • Logging Analytics

  • Logging

  • Management Agent

  • OS Management

  • Operations Insights

  • Optimizer

  • Search or Resource Query Manager

  • Service Connector Hub

  • Tagging

  • Gen2 Exadata Cloud@Customer

New regions

  • Chile Central (Santiago)

  • UAE East (Dubai)

  • UK West (Cardiff)

System and Organization Controls (SOC) 1, 2, and 3

SOC 1 is a report on a service organization controls relevant to internal control over financial reporting. SOC 2 and SOC 3 are reports on a service organization controls relevant to security, availability, processing integrity, confidentiality, or privacy using up to five trust principles. OCI was assessed using criteria outlined in AICPA, SSAE, IAASB, and ISAE standards for controls, suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.

New services

  • Analytics Cloud

  • Application Performance Monitoring

  • Autonomous Database on Dedicated Cloud at Customer Exadata Infrastructure (ADB-D)

  • Autonomous Database on Dedicated Exadata Infrastructure (ADB-D)

  • Autonomous Database on Shared Exadata Infrastructure (ADB-S)

  • Blockchain Platform

  • Client Log service for SaaS Extensions and VB Studio

  • Cloud Guard

  • Content and Experience

  • DNS

  • Data Catalog

  • Data Integration

  • Data Safe

  • Fusion Analytics Warehouse

  • Identity Cloud Service (IDCS)

  • Integration

  • Logging Analytics

  • Logging

  • Management Agent

  • NoSQL Database

  • OS Management

  • Operations Insights

  • Optimizer

  • Search or Resource Query Manager

  • Security Zones

  • Service Connector Hub

  • Storage Gateway

  • Tagging

New regions

  • Chile Central (Santiago)

  • UAE East (Dubai)

  • UK West (Cardiff)

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is a global set of security standard designed to enhance cardholder data security and promote the adoption of consistent security measures related to cardholder data. OCI has successfully completed a PCI DSS audit and received an Attestation of Compliance (AoC).

New services

  • Analytics Cloud

  • Autonomous Database on Dedicated Cloud at Customer Exadata Infrastructure (ADB-D)

  • Autonomous Database on Shared Exadata Infrastructure (ADB-S)

  • Blockchain Platform

  • Cloud Guard

  • Content and Experience

  • Data Integration

  • Data Safe

  • Fusion Analytics Warehouse

  • Integration

  • Logging Analytics

  • Logging

  • Management Agent

  • NoSQL Database

  • OS Management

  • Operations Insights

  • Optimizer

  • Search or Resource Query Manager

  • Security Zones

  • Service Connector Hub

  • Tagging

  • Web Application Firewall (WAF)

  • Client Logging Service

New regions

  • Chile Central (Santiago)

  • UAE East (Dubai)

  • UK West (Cardiff)

The pursuit and achievement of these assurance compliance offerings reaffirms our commitment to internal control and data protection. Customers can use these third-party audits to assess how Oracle’s cloud services can meet their compliance and data-processing needs.

For a comprehensive list of each program’s in-scope services, visit the Oracle Cloud Compliance webpage.