Oracle Cloud Hosting and Delivery Policies

Effective Date: June 2022; Version 3.3

OVERVIEW

These Oracle Cloud Hosting and Delivery Policies (these "Delivery Policies") describe the Oracle Cloud

Services ordered by You. These Delivery Policies may reference other Oracle Cloud policy documents;

any reference to "Customer" in these Delivery Policies or in such other policy documents shall be

deemed to refer to "You" as defined in Your order.

References in these Delivery Policies to a Cloud Services' "data center region" refers to the geographic

region listed in Your order for such Services or, if applicable, the geographic region that You have

selected when activating the production instance of such Services. For purposes of the data center

region applicable to Your ordered Cloud Services, the following applies:

  • "Europe" refers to the member countries of the European Union, the United Kingdom, and Switzerland, collectively; and

  • "APAC" refers to the Asia-Pacific geography, except China as Oracle has no data centers in China

With respect to Your ordered Oracle Cloud Services, Your Content will be stored in the data center

region applicable to such services. Oracle may replicate Your Content to other locations within the

applicable data center region in support of data durability. Capitalized terms that are not otherwise

defined in these Delivery Policies shall have the meaning ascribed to them in the Oracle agreement,

Your order or the policy, as applicable. The Oracle Cloud Hosting and Delivery Policies are generally

updated on a biannual basis.

Your order or Oracle's Service Specifications (such as Oracle Cloud Service Pillar documentation or

Service Descriptions) may include additional details or exceptions related to specific Oracle Cloud

Services. The Oracle Cloud Service Pillar documentation, the Service Descriptions and the Program

Documentation for Oracle Cloud Services are available at www.oracle.com/contracts.

Oracle Cloud Services are provided under the terms of the Oracle agreement, Your order, and Service

Specifications applicable to such services. Oracle's delivery of the Oracle Cloud Services is conditioned

on Your and Your users' compliance with Your obligations and responsibilities defined in such

documents and incorporated policies. These Delivery Policies, and the documents referenced herein,

are subject to change at Oracle's discretion; however, Oracle policy changes will not result in a

material reduction in the level of performance, functionality, security, or availability of the Oracle

Cloud Services provided during the Services Period of Your order.

Oracle Cloud Services are deployed at data centers or third-party infrastructure service providers

retained by Oracle, with the exception of Oracle Cloud at Customer Services. Oracle Cloud at

Customer Services are Public Cloud Services that are deployed at Your data center or at a third-party

data center retained by You. You may purchase these services standalone or they may be deployed as

the underlying platform for other Oracle Cloud Services. For Oracle Cloud at Customer Services,

Oracle will deliver to Your data center certain hardware components, including gateway equipment,

needed by Oracle to operate these services. You are responsible for providing adequate space, power,

and cooling to deploy the Oracle hardware (including gateway equipment) and for ensuring adequate

network connectivity for Oracle Cloud Operations to access the services. Oracle is solely responsible

for maintenance of the Oracle hardware components (including gateway equipment).

These Delivery Policies do not apply to Oracle BigMachines Express, Oracle ETAWorkforce, or such

other Oracle Cloud offerings as specified by Oracle in Your order or the applicable Service Description.

1. ORACLE CLOUD SECURITY POLICY

1.1 Oracle Information Security Practices - General

Oracle has adopted security controls and practices for Oracle Cloud Services that are designed to

protect the confidentiality, integrity, and availability of Your Content that is hosted by Oracle in Your

Oracle Cloud Services environment and to protect Your Content from any unauthorized processing

activities such as loss or unlawful destruction of data. Oracle continually works to strengthen and

improve those security controls and practices.

Oracle Cloud Services operates under practices which are aligned with the ISO/IEC 27002 Code of

Practice for information security controls, from which a comprehensive set of controls are selected.

Oracle Cloud Services are aligned with National Institute of Standards and Technology ("NIST") 800-

53 and 800-171.

Oracle Cloud information security practices establish and govern areas of security applicable to Oracle

Cloud Services and to Your use of those Oracle Cloud Services. Oracle personnel (including

employees, contractors, and temporary employees) are subject to the Oracle information security

practices and any additional policies that govern their employment or the services they provide to

Oracle.

Oracle takes a holistic approach to information security, implementing a multilayered defense

security strategy where network, operating system, database, and software security practices and

procedures complement one another with strong internal controls, governance, and oversight.

For those Oracle Cloud Services which enable You to configure Your security posture, unless

otherwise specified, You are responsible for configuring, operating, maintaining, and securing the

operating systems and other associated software of these select Oracle Cloud Services (including

Your Content) that is not provided by Oracle. You are responsible for maintaining appropriate

security, protection, and backup of Your Content, which may include the use of encryption

technology to protect Your Content from unauthorized access and the routine archiving of Your

Content.

1.2 Physical Security Safeguards

Oracle employs measures designed to prevent unauthorized persons from gaining access to

computing facilities in which Your Content is hosted such as the use of security personnel, secured

buildings, and designated data center premises. Oracle provides secured computing facilities for both

office locations and production cloud infrastructure. Common controls between office locations and

Oracle controlled co-locations/data centers currently include, for example:

  • Physical access requires authorization and is monitored

  • All employees and visitors must visibly wear official identification while onsite

  • Visitors must sign a visitor's register and be escorted and/or observed while onsite

  • Possession of keys/access cards and the ability to access the locations is monitored. Staff leaving Oracle employment must return keys/cards

Additional physical security safeguards are in place for Oracle-controlled Cloud data centers, which

currently include safeguards such as:

  • Premises are monitored by CCTV

  • Entrances are protected by physical barriers designed to prevent unauthorized entry by vehicles

  • Entrances are manned 24 hours a day, 365 days a year by security guards who perform visual identity recognition and visitor escort management

  • Safeguards related to environmental hazards

  • Any physical movement of equipment is controlled by hand-delivered receipts and other authorized change control procedures

  • Network cables are protected by conduits and, where possible, avoid routes through public areas

This section does not apply to Oracle Cloud at Customer Services. You must provide Your own secure

computing facilities for the hosting and operation of the Oracle Cloud at Customer Services-related

hardware (including the gateway equipment) and network connections required for Oracle to provide

the Oracle Cloud at Customer Services.

1.3 System Access Controls

Oracle may, depending upon the particular Cloud Services ordered, apply among others the following

controls: authentication via passwords and/or multi-factor authentication, documented authorization

and change management processes, and logging of access. All remote access to the Oracle Cloud

Network by Oracle personnel that have access to Your Content is restricted through the use of a

Virtual Private Network which utilizes multi-factor authentication. In addition to the required use of a

Virtual Private Network, before Oracle personnel are granted access to the Oracle Cloud Network,

Oracle performs device posture checks and has in place controls, such as bastion hosts. Oracle

prohibits (through both policy and technical controls) the use of personal devices to access the Oracle

Cloud Network and the Services environment for the Cloud Services.

For Cloud Services hosted at Oracle: (i) log-ins to Cloud Services environments are logged and (ii) logical access to the data centers is restricted and protected.

1.4 Data Access Controls

For service components managed by Oracle, Oracle's access to Your Content is restricted to authorized

staff.

With respect to Oracle personnel accessing the Services environment for the Cloud Services (including

Your Content residing in the Cloud Services), Oracle enforces Role Based Access Controls (RBAC) and

employs the access management principles of "need to know", "least privilege" and "segregation of

duties." In addition, Oracle provides a mechanism by which You control Your access to Your Cloud

Services environment and to Your Content by Your authorized staff.

1.5 User Encryption for External Connections

Your access to Oracle Cloud Services is through a secure communication protocol provided by Oracle.

If access is through a Transport Layer Security (TLS) enabled connection, that connection is negotiated

for at least 128 bit encryption. The private key used to generate the cipher key is at least 2048 bits. TLS

is implemented or configurable for all web-based TLS-certified applications deployed at Oracle. It is

recommended that the latest available browsers certified for Oracle programs, which are compatible

with higher cipher strengths and have improved security, be utilized for connecting to web enabled

programs. The list of certified browsers for each version of Oracle Cloud Services will be made available

via a portal accessible to You or in the corresponding Service Description for the Oracle Cloud Services.

In some cases, a third party site that You wish to integrate with the Oracle Cloud Services, such as a

social media service, may not accept an encrypted connection. For Oracle Cloud Services where HTTP

connections with the third party site are permitted by Oracle, Oracle will enable such HTTP connections

in addition to the HTTPS connection.

1.6 Input Control

The source of Your Content is under Your control and Your responsibility, and integrating Your

Content into the Cloud Services environment, is managed by You.

1.7 Data and Network Segregation

Your Content is logically or physically segregated from the content of other customers hosted in the

Oracle Cloud Services environments. All Oracle Public Cloud networks are segregated from Oracle's

Corporate networks.

1.8 Confidentiality and Training

Oracle personnel that may have access to Your Content are subject to confidentiality agreements. All

Oracle personnel that have access to Your Content are required to complete information-protection

awareness training upon hiring. Thereafter, all Oracle personnel that have access to Your Content

must complete training in accordance with applicable Oracle security and privacy awareness training

documentation.

1.9 Asset Management

Oracle is responsible for the protection and inventory of Oracle's Cloud Services assets. The

responsibilities may include reviewing and authorizing access requests to those who have a business

need and maintaining an inventory of assets.

You are responsible for the assets You control that utilize or integrate with the Oracle Cloud services,

including: determining the appropriate information classification for Your Content, and whether the

documented controls provided by Oracle Cloud Services are appropriate for Your Content. You must

have or obtain any required consents or other legal basis related to the collection and use of

information provided by data subjects, including any such consents or other legal basis necessary for

Oracle to provide the Cloud Services.

1.10 Oracle Internal Information Security Policies

Oracle Cloud information security policies establish and govern areas of security applicable to Oracle

Cloud Services and to Your use of Oracle Cloud Services. Oracle personnel are subject to the Oracle

Corporate Information Security Policies and any additional policies that govern their employment or

the services they provide to Oracle. Oracle's Information Security Program ("ISP") is comprised of

documented policies that consider risk factors including cyber and security factors, with

accompanying derivative procedures, standards and guidelines required for the effective

operationalization of policy. Oracle's ISP is designed to ensure the confidentiality, integrity, privacy,

continuity and availability of Your Content that is hosted by Oracle in Your Oracle Cloud Services

through effective security management practices and controls. Oracle's ISP is reviewed annually by

the Oracle Security Oversight Committee and updated as required.

1.11 Internal Security Reviews and Enforcement

Oracle employs internal processes for regularly testing, assessing, evaluating and maintaining the

effectiveness of the technical and organizational security measures described in this section.

1.12 External Reviews

Oracle may conduct independent reviews of Cloud Services utilizing third parties in the following

areas (the scope of any such reviews may vary by service and country):

  • SOC 1 (based on Statement on Standards for Attestation Engagements (SSAE) No 18) and/or SOC 2 reports

  • Other independent third-party security testing to review the effectiveness of administrative and technical controls

Relevant information from these reviews may be made available to customers.

1.13 Oracle Software Security Assurance

Oracle Software Security Assurance (OSSA) is Oracle's methodology for building security into the

design, build, testing, and maintenance of its products and services, including the Oracle Cloud

Services. The OSSA program is described at https://www.oracle.com/corporate/security-

practices/assurance/.

1.14 Security Logs

Logs are generated for security-relevant activities on operating systems. Systems are configured to

log default security activities, access to information or programs, system events such as alerts,

console messages, and system errors. Oracle reviews logs for forensic purposes and incidents;

identified anomalous activities feed into the incident management process. Security logs are stored

within the Security Information and Event Management system (or equivalent system) in a native,

unaltered format and retained in accordance with Oracle's internal policies. Such logs are retained

online for a minimum of 1 year, or as otherwise required by an applicable regulatory framework.

These logs are retained and used by Oracle for our internal security operations for Cloud Services.

1.15 Other Customer Security Related Obligations

You are responsible for:

  • Implementing Your own comprehensive system of security and operational policies standards and procedures, according to Your risk-based assessments and business requirements

  • Ensuring that end-user devices meet web browser requirements and minimum network bandwidth requirements for access to the Oracle Cloud Services

  • Managing client device security controls, so that antivirus and malware checks are performed on data or files before importing or uploading data into the Oracle Cloud Services

  • Maintaining Customer-managed accounts according to Your policies and security best practices

  • Additionally, for Oracle Cloud at Customer Services, You are responsible for the following:

    • Adequate physical and network security

    • Security monitoring to reduce the risk of real time threats and prevent unauthorized access to Your Oracle Cloud Services from Your networks; this includes intrusion detection systems, access controls, firewalls and any other network monitoring, and any management tools managed by You.

2. ORACLE CLOUD SERVICE CONTINUITY POLICY

2.1 Oracle Cloud Services High Availability Strategy

Oracle deploys the Oracle Cloud Services on resilient computing infrastructure designed to maintain

service availability and continuity in the case of an incident affecting the services. Data centers

retained by Oracle to host Oracle Cloud Services have component and power redundancy with backup

generators in place, and Oracle may incorporate redundancy in one or more layers, including network

infrastructure, program servers, database servers, and/or storage.

2.2 Oracle Cloud Services Backup Strategy

Oracle periodically makes backups of Your Content in your production environment of the Oracle

Cloud Services for Oracle's sole use to minimize data loss in the event of an incident. Backups are

stored at the primary site used to provide the Oracle Cloud Services, and may also be stored at an

alternate location for retention purposes. A production backup is typically retained online or offline

for a period of at least 60 days after the date that the backup is made. Oracle typically does not

update, insert, delete or restore Your data on Your behalf. However, on an exception basis and subject

to written approval, Oracle may assist You to restore data which You may have lost as a result of Your

own actions.

For Oracle Cloud Services which enable You to configure backups in accordance with Your own policies,

You are responsible for performing backups and restores of Your data, non-Oracle software, and any

Oracle software that is not provided by Oracle as part of these services. Additionally, You are

encouraged to develop a business continuity plan to ensure continuity of Your own operations in the

event of a disaster.

3. ORACLE CLOUD SERVICE LEVEL AGREEMENT

3.1 Hours of Operation

The Oracle Cloud Services are designed to be available 24 hours a day, 7 days a week, 365 days a

year, except during maintenance periods, technology upgrades and as otherwise set forth in the

Oracle agreement, Your order and this Oracle Cloud Service Level Agreement.

3.2 Service Availability

Commencing at Oracle's activation of Your production Oracle Cloud Service, Oracle works to meet the

Target Service Availability Level, or Target Service Uptime of 99.9%. This is in accordance with the

terms set forth in the Cloud Service Pillar documentation for the applicable Oracle Cloud Service (or

such other Target Service Availability Level or Target Service Uptime specified by Oracle for the

applicable Oracle Cloud Service in such documentation).

The foregoing is contingent on Your adherence to Oracle's recommended minimum technical

configuration requirements for accessing and using the Oracle Cloud Services from Your network

infrastructure and Your user work stations as set forth in the Program Documentation for the

applicable Oracle Cloud Services.

3.2.1 Measurement of Availability

Following the end of each calendar month of the applicable Services Period, Oracle measures the

Service Availability Level or Service Uptime over the immediately preceding month by dividing the

difference between the total number of minutes in the monthly measurement period and any

Unplanned Downtime (as defined below) by the total number of minutes in the measurement period,

and multiplying the result by 100 to reach a percent figure.

3.2.2 Reporting of Availability

Oracle will provide You with access to a Customer notifications portal. This portal will provide metrics

on the Service Availability Level for Oracle Cloud Services that You purchased under Your order. For

those Oracle Cloud Services for which such metrics are not available via the Customer notifications

portal, Oracle will provide metrics on the Service Availability Level upon receipt of a Service Request

submitted by You to Oracle requesting the metrics.

3.2.3 Service Credits

You may receive Service Credits in the event that the Target Service Availability Level or Target

Service Uptime for Oracle Cloud Services that You purchased under Your order is below the defined

Target Service Availability Level or Target Service Uptime applicable to such Services. Service Credits

are defined in the Cloud Service Pillar documentation or Service Description applicable to Your

purchased Oracle Cloud Services. Notwithstanding the provisions of this section, if Your order with

Oracle or Service Specifications applicable to your order for a particular Oracle Cloud Service provides

a right to receive a higher amount of Service Credits, then You may receive the Service Credits under

the provision which provides for the highest amount of Service Credits to You, but You may not

recover Service Credits under multiple provisions for the same event.

3.3 Definition of Unplanned Downtime

Oracle Cloud Services are deployed in resilient computing facilities with resilient infrastructure,

redundant network connections, and power at each hosting facility.

"Unplanned Downtime" means any time during which a problem with the Oracle Cloud Services

prevents Your connectivity. Unplanned Downtime does not include any time during which the Oracle

Cloud Services or any Oracle Cloud Services component are not available due to: (i) scheduled

maintenance, (ii) circumstances outside of Oracle's control and other force majeure events (e.g.,

outages initiated at Your request, outages caused by non-Oracle infrastructure such as electrical,

network, telecommunication, or other connectivity equipment, security attacks, natural disasters, or

political events), (iii) any actions or inactions of You, Your Users or any third party (other than any

Oracle agents and contractors who Oracle has engaged to perform the applicable Oracle Cloud

Services) or (iv) any suspension by Oracle permitted under Your Oracle agreement or Your order. In

addition, with respect to Oracle Cloud at Customer Services, Unplanned Downtime also does not

include downtime or other unavailability (i) of Your data center (e.g., due to maintenance) or (ii)

occurring outside the on-site hours defined under Your order for Oracle Cloud Operations personnel

at Your data center.

3.4 Monitoring

Oracle uses a variety of software tools to monitor the availability and performance of the Oracle Cloud

Services and the operation of infrastructure and network components. Oracle does not monitor, or

address deviations experienced by any non-Oracle managed components used by You in the Oracle

Cloud Services, such as non-Oracle applications.

3.4.1 Monitored Components

Oracle monitors the hardware that supports the Oracle Cloud Services, and currently generates alerts

for monitored network components, such as CPU, memory, storage, database and other components.

Oracle Cloud Operations staff monitors alerts associated with deviations to Oracle defined thresholds,

and follows standard operating procedures to investigate and resolve underlying issues.

3.4.2 Customer Monitoring & Testing Tools

Oracle permits You to conduct limited functional testing for Oracle Cloud Services in Your test

environment. Specific rules for testing may be found in the Program Documentation.

Oracle regularly performs penetration and vulnerability testing and security assessments against

Oracle Cloud infrastructure, platforms, and applications in order to validate and improve the overall

security of Oracle Cloud Services. The Oracle Cloud Services Program Documentation outlines when

and how You may assess or test any components that You manage or create in Oracle Cloud Services,

including non-Oracle applications, non-Oracle databases, other applicable non-Oracle software, code,

or the use of data scraping tools.

Oracle reserves the right to remove or disable access to any tools or technologies that violate the

guidelines in this section or the applicable Oracle Cloud Services Program Documentation, without

any liability to You.

4. ORACLE CLOUD CHANGE MANAGEMENT POLICY

4.1 Oracle Cloud Change Management and Maintenance

Oracle Cloud Operations performs changes to cloud hardware infrastructure, operating software,

product software, and supporting application software that is provided by Oracle as part of the Oracle

Cloud Services, to maintain operational stability, availability, security, performance, and currency of

the Oracle Cloud Services. Oracle follows formal change management procedures to review, test, and

approve changes prior to application in the production service.

Changes made through change management procedures include system and service maintenance

activities, upgrades and updates, and customer specific changes. Oracle Cloud Services change

management procedures are designed to minimize service interruption during the implementation of

changes.

Oracle reserves specific maintenance periods for changes that may require the Oracle Cloud Services

to be unavailable during the maintenance period. Oracle works to ensure that change management

procedures are conducted during scheduled maintenance windows, while taking into consideration

low traffic periods and geographical requirements.

Oracle will provide prior notice of modifications to the standard maintenance period schedule. For

Customer-specific changes and upgrades, where feasible, Oracle will coordinate the maintenance

periods with You.

For changes that are expected to cause service interruption, the durations of the maintenance

periods for planned maintenance are not included in the calculation of Unplanned Downtime minutes

in the monthly measurement period for Service Availability Level (see the Oracle Cloud Service Level

Agreement above). Oracle uses commercially reasonable efforts to minimize the use of these

reserved maintenance periods and to minimize the duration of maintenance events that cause service

interruptions.

For Oracle Cloud Services which enable You to perform maintenance activities, You are responsible

for configuring and maintaining the operating systems and other associated software.

4.1.1 Emergency Maintenance

Oracle may be required to execute emergency maintenance in order to protect the security,

performance, availability, or stability of the Oracle Cloud Services. Emergency maintenance is

required to address an exigent situation (e.g., a hardware failure of the infrastructure underlying such

Service) with the Service or Oracle infrastructure that cannot be addressed except on an emergency

basis. Oracle works to minimize the use of emergency maintenance, and to the extent reasonable

under the circumstances as determined by Oracle, will work to provide 24 hours prior notice for any

emergency maintenance requiring a service interruption.

4.1.2 Major Maintenance Changes

To help ensure continuous stability, availability, security and performance of the Oracle Cloud

Services, Oracle reserves the right to perform major changes to its hardware infrastructure, operating

software, applications software and supporting application software under its control, typically no

more than twice per calendar year. Each such major change event is considered scheduled

maintenance and may cause the Oracle Cloud Services to be unavailable. Each such event is targeted

to occur at the same time as the scheduled maintenance period. Oracle will work to provide no less

than 60 days prior notice of a major change event.

4.1.3 Data Center Migrations

Oracle may migrate Your Oracle Cloud Services deployed in data centers retained by Oracle between

production data centers in the same data center region as deemed necessary by Oracle or in the case

of disaster recovery. For data center migrations for purposes other than disaster recovery, Oracle will

provide a minimum of 30 days notice to You.

4.2 Software Versioning

4.2.1 Software Updates

Oracle requires all Oracle Cloud Services customers to keep the software versions of the Oracle Cloud

Services current with the software versions that Oracle designates as Generally Available (GA) for

such Oracle Cloud Services. Software updates will follow the release of every GA release and are

required for the Oracle Cloud Services in order to maintain version currency. Oracle's obligations

under these Delivery Policies (including the Oracle Cloud Service Continuity Policy, the Oracle Cloud

Service Level Agreement, and the Oracle Cloud Support Policy) are dependent on You maintaining GA

version currency. Oracle is not responsible for performance, functionality, availability or security

issues experienced with Oracle Cloud Services that may result from running earlier versions.

4.2.2 End of Life

Oracle will host and support only the GA version of an Oracle Cloud Service. All other versions of the

Oracle Cloud Service are considered as "End of Life" (EOL). You are required to complete the Oracle

Cloud Services update to the latest version before the EOL of a given version. You acknowledge that

failure to complete the update prior to the EOL of an Oracle Cloud Service version may result in an

update automatically performed by Oracle or a suspension of the Oracle Cloud Services. In certain

circumstances where an Oracle Cloud Service version reaches EOL and Oracle does not make

available an updated version, Oracle may designate, and require You to transition to, a successor

Oracle Cloud Service.

5. ORACLE CLOUD SUPPORT POLICY

The support described in this Oracle Cloud Support Policy applies only for Oracle Cloud Services, and

is provided by Oracle as part of such Oracle Cloud Services under Your order. Oracle may make

available, and You may order for additional fees, additional support service offerings made available

by Oracle for the Oracle Cloud Services.

5.1 Oracle Cloud Support Terms

5.1.1 Support Fees

The fees paid by You for the Oracle Cloud Services under Your order include the support described in

this Oracle Cloud Support Policy. Additional fees are applicable for additional Oracle support services

offerings purchased by You.

5.1.2 Support Period

Oracle Cloud support becomes available upon the service start date and ends upon the expiration or

termination of the Services (the "support period"). Oracle is not obligated to provide the support

described in this Oracle Cloud Support Policy beyond the end of the support period.

5.1.3 Technical Contacts

Your technical contacts are the sole liaisons between You and Oracle for Oracle support for Oracle

Cloud Services. Those technical contacts must have, at a minimum, initial basic service training and,

as needed, supplemental training appropriate for specific role or implementation phase, specialized

service/product usage, and migration. Your technical contacts must be knowledgeable about the

Oracle Cloud Services in order to help resolve system issues and to assist Oracle in analyzing and

resolving service requests. When submitting a service request, Your technical contact should have a

baseline understanding of the problem being encountered and an ability to reproduce the problem in

order to assist Oracle in diagnosing and triaging the problem. To avoid interruptions in Oracle

support for Oracle Cloud Services, You must notify Oracle whenever technical contact responsibilities

are transferred to another individual.

5.1.4 Oracle Cloud Support

Oracle support for Oracle Cloud Services consists of:

  • Diagnoses of problems or issues with the Oracle Cloud Services

  • Reasonable commercial efforts to resolve reported and verifiable errors in the Oracle Cloud Services so that those Oracle Cloud Services perform in all material respects as described in the associated Program Documentation

  • Support during Change Management activities described in the Oracle Cloud Change Management Policy

  • Assistance with technical service requests 24 hours per day, 7 days a week

  • 24 x 7 access to a Cloud Customer Support Portal designated by Oracle (e.g., My Oracle Support) and Live Telephone Support to log service requests

  • Access to community forums

  • Non-technical Customer service assistance during normal Oracle business hours (8:00 to 17:00) local time

5.2 Oracle Cloud Customer Support Systems

5.2.1 Oracle Cloud Customer Support Portal

Oracle provides support for the Oracle Cloud Service acquired by You through the Cloud Customer

Support Portal designated for that Oracle Cloud Service. Access to the applicable Cloud Customer

Support Portal is governed by the Terms of Use posted on the designated support web site, which are

subject to change. Access to the Cloud Customer Support Portal is limited to Your designated

technical contacts and other authorized users of the Oracle Cloud Services. Where applicable, the

Cloud Customer Support Portal provides support details to Your designated technical contacts to

enable use of Oracle support for Oracle Cloud Services. All service notifications and alerts relevant to

Your Oracle Cloud Service are posted on this portal.

5.2.2 Live Telephone Support

Your technical contacts may access live telephone support via the phone numbers and contact

information found on Oracle's support web site at https://www.oracle.com/support/contact.html.

5.3 Severity Definitions

Service requests for Oracle Cloud Services may be submitted by Your designated technical contacts

via the Cloud Customer Support Portal noted above. The severity level of a service request submitted

by You is selected by both You and Oracle, and must be based on the following severity definitions:

5.3.1 Severity 1

Your production use of the Oracle Cloud Services is stopped or so severely impacted that You cannot

reasonably continue work. You experience a complete loss of service. The impacted operation is

mission critical to the business and the situation is an emergency. A Severity 1 service request has one

or more of the following characteristics:

  • Data corrupted

  • A critical documented function is not available

  • Service hangs indefinitely, causing unacceptable or indefinite delays for resources or response

  • Service crashes, and crashes repeatedly after restart attempts

  • Security Incident with the potential to impact the confidentiality, integrity or availability of the service

Oracle will use reasonable efforts to respond to Severity 1 service requests within fifteen (15) minutes.

Oracle will work 24x7 until the Severity 1 service request is resolved, a reasonable work-around is put

in place, or as long as useful progress can be made. You must provide Oracle with a technical contact

during this 24x7 period to assist with data gathering, testing, and applying fixes. You are required to

propose this severity classification with great care, so that valid Severity 1 situations obtain the

necessary resource allocation from Oracle.

5.3.2 Severity 2

You experience a severe loss of service. Important features of the Oracle Cloud Services are

unavailable with no acceptable workaround; however, operations can continue in a restricted fashion.

5.3.3 Severity 3

You experience a minor loss of service. The impact is an inconvenience, which may require a

workaround to restore functionality.

5.3.4 Severity 4

You request information, enhancement, or documentation clarification regarding the Oracle Cloud

Services, but there is no impact on the operation of such service. You experience no loss of service.

5.4 Change to Service Request Severity Level

5.4.1 Initial Severity Level

At the time Oracle accepts a service request, Oracle will record an initial severity level of the service

request based on the above severity definitions. Oracle's initial focus, upon acceptance of a service

request, will be to resolve the issues underlying the service request. The severity level of a service

request may be adjusted as described below.

5.4.2 Downgrade of Service Request Levels

If, during the service request process, the issue no longer warrants the severity level currently

assigned based on its current impact on the production operation of the applicable Oracle Cloud

Service, then the severity level will be downgraded to the severity level that most appropriately

reflects its current impact.

5.4.3 Upgrade of Service Request Levels

If, during the service request process, the issue warrants the assignment of a higher severity level

than that currently assigned based on the current impact on the production operation of the

applicable Oracle Cloud Service, then the severity level will be upgraded to the severity level that most

appropriately reflects its current impact.

5.4.4 Adherence to Severity Level Definitions

You shall ensure that the assignment and adjustment of any severity level designation is accurate

based on the current impact on the production operation of the applicable Oracle Cloud Service. You

acknowledge that Oracle is not responsible for any failure to meet performance standards caused by

Your misuse or mis-assignment of severity level designations.

5.5 Service Request Escalation

For service requests that are escalated, the Oracle support analyst will engage the Oracle service

request escalation manager who will be responsible for managing the escalation. The Oracle service

request escalation manager will work with You to develop an action plan and allocate the appropriate

Oracle resources. If the issue underlying the service request continues to remain unresolved, You may

contact the Oracle service request escalation manager to review the service request and request that

it be escalated to the next level within Oracle as required. To facilitate the resolution of an escalated

service request, You are required to provide contacts within Your organization that are at the same

level as that within Oracle to which the service request has been escalated.

6. ORACLE CLOUD SUSPENSION AND TERMINATION POLICY

6.1 Termination of Oracle Cloud Services

For a period of 60 days upon termination of the Oracle Cloud Services, Oracle will make available, via

secure protocols and in a structured, machine-readable format, Your Content residing in the

production Cloud Services environment, or keep the service system accessible, for the purpose of

data retrieval by You.

For free trials of Cloud Services, Oracle will make Your Content available for a period of 30 days

following termination of the trial. During this retrieval period, Oracle's Cloud Service Level Agreement

does not apply and the service system may not be used for any production activities. Oracle has no

obligation to retain Your Content after this retrieval period.

If You need assistance from Oracle to obtain access to or copies of Your Content, You must create a

service request in the Cloud Customer Support Portal applicable to the service (e.g., My Oracle

Support).

Data retrieval and any related assistance by Oracle is not applicable for Oracle Cloud Services that do

not store Your Content. You are responsible for ensuring that if those Oracle Cloud Services are

dependent on separate Oracle Cloud Services (such as Storage Cloud Service or Database Cloud

Services) for the storage of data, those separate Oracle Cloud Services must have a valid duration

through the end of the terminating Oracle Cloud Service to enable data retrieval, or for otherwise

taking appropriate action to back up or otherwise store separately Your Content while the Production

Cloud Services environment is still active prior to termination.

Following expiry of the retrieval period, Oracle will delete Your Content from the Oracle Cloud

Services environments (unless otherwise required by applicable law).

For Oracle Cloud at Customer Services, You must make available for retrieval by Oracle any Oracle

Cloud at Customer Service-related hardware components (including the gateway equipment)

provided by Oracle in good working order and the same condition as at the start of the Oracle Cloud

at Customer Services subject to reasonable wear and tear for appropriate use.

6.2 Termination of Pilot Environments

This Oracle Cloud Suspension and Termination Policy applies to production pilots of Oracle Cloud

Services. Production pilots are not available for all Oracle Cloud Services.

7 USE OF SERVICES

Services may not be delivered to or accessed by Users in Venezuela, nor may the Services or any

output from the Services be used for the benefit of any individuals or entities in Venezuela including,

without limitation, the Government of Venezuela.