Accessing Compliance Reports
Oracle conducts regular third-party security assessments to ensure the effectiveness of its administrative and technical controls. The resulting compliance documentation includes:
- SOC 1 Report (based on SSAE No 18)
- SOC 2 Report
- Bridge Letter
- ISO Certificate
- Disaster Recovery Evidence Document
- Security Assessment Report
Who Can Access Compliance Reports?
By default, only Service Administrators can access compliance reports. To grant access to users without the Service Administrator role, add them to an IAM group and define the following policies for that group:
Allow group GROUP_NAME to {EPM_COMPLIANCEDOC_INSPECT,
EPM_COMPLIANCEDOC_READ} in tenancy
Allow group GROUP_NAME to
{EPM_PLANNING_COMPLIANCEDOC_INSPECT EPM_PLANNING_COMPLIANCEDOC_READ} in
tenancy
Example:
Allow group CompDocsGroup to
{EPM_COMPLIANCEDOC_INSPECT, EPM_COMPLIANCEDOC_READ} in
tenancy
Allow group CompDocsGroup to
{EPM_PLANNING_COMPLIANCEDOC_INSPECT,EPM_PLANNING_COMPLIANCEDOC_READ} in
tenancy
For more information, see Creating Policies for Users and Groups.
Downloading Compliance Reports
To download a compliance report:- Sign in to the Oracle Cloud Console.
- Go to the Navigation menu, search for Identity &
Security, and click Compliance.
The Compliance Documents page displays all documents you have permission to view.
- Find the document you want to download, click the Actions icon (three dots), and then click Download.
- Review the Terms of Use.
- Check the box labeled I have reviewed and accept these terms and conditions, then click Download File.