Systems and Organizational Controls Report, SOC Report, Security Assessment Report, Disaster Recovery Evidence Document

Accessing Compliance Reports

Oracle conducts regular third-party security assessments to ensure the effectiveness of its administrative and technical controls. The resulting compliance documentation includes:

SOC 1 Report (based on SSAE No 18)
SOC 2 Report
Bridge Letter
ISO Certificate
Disaster Recovery Evidence Document
Security Assessment Report

Who Can Access Compliance Reports?

By default, only Service Administrators can access compliance reports. To grant access to users without the Service Administrator role, add them to an IAM group and define the following policies for that group:

Allow group GROUP_NAME to {EPM_COMPLIANCEDOC_INSPECT, EPM_COMPLIANCEDOC_READ} in tenancy

Allow group GROUP_NAME to
                {EPM_PLANNING_COMPLIANCEDOC_INSPECT EPM_PLANNING_COMPLIANCEDOC_READ} in
                tenancy

Example:

Allow group CompDocsGroup to {EPM_COMPLIANCEDOC_INSPECT, EPM_COMPLIANCEDOC_READ} in tenancy

Allow group CompDocsGroup to {EPM_PLANNING_COMPLIANCEDOC_INSPECT,EPM_PLANNING_COMPLIANCEDOC_READ} in tenancy

For more information, see Creating Policies for Users and Groups.

Downloading Compliance Reports

To download a compliance report:

Sign in to the Oracle Cloud Console.
Go to the Navigation menu, search for Identity & Security, and click Compliance.
The Compliance Documents page displays all documents you have permission to view.
Find the document you want to download, click the Actions icon (three dots), and then click Download.
Review the Terms of Use.
Check the box labeled I have reviewed and accept these terms and conditions, then click Download File.