Compliance
Learn about the compliance certifications and service management responsibilities Oracle Database@AWS.
Shared Responsibility Between Oracle and AWS
Oracle Database@AWS is an Oracle Cloud Infrastructure (OCI) database service that runs Oracle Database workloads in a customer's AWS environment. When the customer implements this solution, they deploy resources in two cloud environments: database resources are in AWS, while the database administration control plane is in OCI. This lets the customer deploy Oracle Database products in their AWS environment while OCI maintains administration capabilities.
AWS-based applications access Oracle Databases directly from within the customer's AWS environment. The customer performs most database administration operations in the AWS console as well. Maintaining the database control plane in OCI lets Oracle Database@AWS be easily managed and upgraded with the latest operational and administrative capabilities.
All hardware for Oracle Database@AWS uses AWS networking. Oracle’s responsibility for monitoring the data center control environments is included within the scope of the System. Oracle Database@AWS uses AWS's Identity and Access Management integration to manage user and group access for the customer's Oracle database resources. AWS networking and Identity and Access Management are not within the scope of the System.
While an OCI tenancy is required, day-to-day operations and visibility are centralized within the AWS environment, reflecting a shared responsibility model between Oracle and AWS.
Oracle Database@AWS Compliance Certifications
As of July 8,the following compliance certifications have been completed for Oracle Database@AWS:
Table 1-3
Audit Program | Location | Scope for Oracle Database@AWS |
---|---|---|
SOC 1 (System and Organization Controls 1) | Global | Supported |
SOC 2 (System and Organization Controls 2) | Global | Supported |
SOC 3 (System and Organization Controls 3) | Global | Supported |
HIPAA (Health Insurance Portability and Accountability Act) | Global | Supported |
C5 (Cloud Computing Compliance Controls Catalogue – Germany) | Global | Supported |
CSA STAR Attestation | Global | Supported |
CSA STAR Certification | Global | Supported |
HDS (Hébergement de Données de Santé – France) | Global | Supported |
ISO/IEC 9001, 20000-1, 27001, 27017, 27018, 27701 | Global | Supported |
ISO/IEC 22301 (Business Continuity Management) | Global | Supported |
PCI DSS (Payment Card Industry Data Security Standard) | Global | Supported |
HITRUST (Health Information Trust Alliance) | Global | Supported |