Administrator Guide - Introduction
Purpose of This Guide
This guide supports administrators responsible for deploying, configuring, and maintaining Oracle Agriculture Intelligence. It provides practical guidance for managing the SaaS platform running in Oracle Cloud Infrastructure (OCI), including user and role administration, data pipeline oversight, and system security.
Administrators play a critical role in connecting the application to the broader operational and governance structures within a ministry or national agency. This guide focuses on the practical steps and workflows required to keep the system running smoothly and to support analysts, agronomists, and policymakers who rely on the platform for accurate, timely information.
Responsibilities of an Administrator
System administrators ensure that the platform is deployed correctly, data is flowing as expected, and users can access the features they need. Because Oracle Agriculture Intelligence serves as a national-scale monitoring system, administrators help maintain trust in the data by ensuring that inputs, access controls, and system settings remain consistent and properly governed.
System administrators typically manage tasks such as user onboarding, security configuration, and oversight of data health. They also act as the primary point of contact when coordinating with Oracle Support or IT teams for system updates, integrations, or troubleshooting.
As new integrations and extensibility capabilities are made available in Oracle Agriculture Intelligence, system administrators will face additional responsibilities to ensure that such integrations meet organizational standards and are secured with the same level of protection as the application itself.
Overview of the Deployment Architecture
Oracle Agriculture Intelligence is deployed as a fully managed SaaS application in Oracle Cloud Infrastructure (OCI). The platform ingests satellite imagery, weather feeds, and reference datasets into a secure cloud environment, where automated pipelines transform this data into insights, forecasts, and geospatial layers.
Oracle manages the underlying infrastructure, including performance, availability, and scaling. Administrators are responsible for configuration, access control, and governance of the environment.
Administrators primarily interact with Oracle Cloud Infrastructure (OCI) to configure and manage the environment. Key administrative tasks, such as user management, identity federation, and access control, are performed through the OCI Console, rather than through application-specific interfaces.
Oracle Agriculture Intelligence is designed to minimize operational overhead by relying on OCI-native capabilities for security and configuration. This approach ensures consistency with enterprise IT standards while allowing administrators to manage the platform using familiar tools and processes.
Key Concepts
Understanding a few core architecture concepts helps administrators navigate the system effectively.
Oracle Cloud Infrastructure (OCI) Topology
OCI Region — When deploying the platform, you select a region based on data residency, latency, and regulatory requirements. Oracle Agriculture Intelligence also supports cross-region failover, allowing customers to configure both a primary and backup region for high availability.
OCI Availability Domain (AD) — Within each region, there are one or more Availability Domains: isolated data-centre facilities connected with low-latency, high-bandwidth network links. OCI uses ADs to provide fault tolerance and redundancy.
OCI Fault Domain (FD) — Inside an Availability Domain, Fault Domains partition hardware and infrastructure to reduce the risk that a single hardware failure affects multiple resources. By distributing compute and storage across different fault domains, the architecture improves overall resilience and uptime.
OCI Tenancy — Oracle Agriculture Intelligence is deployed across two tenancies:
- A customer tenancy, where administrators manage security and access
- An Oracle-managed tenancy, which hosts core application services and is not directly accessible
This separation ensures security, scalability, and clear responsibility boundaries.
Oracle Agriculture Intelligence Concepts
Oracle Tenancy is an Oracle-managed environment that hosts the core services of the application. It is not directly accessible to customers. Oracle operates and maintains all services in this environment in accordance with SLA commitments.
Customer Tenancy is fully accessible through the OCI Console and is primarily used to manage identity and access through Oracle Identity and Access Management (IAM).
User Roles determine what a user can see and do within the application. The system uses role-based access control to ensure that sensitive features such as projects, insights, crop forecasts, or admin tools are only available to authorized users.
Region Assignments allow administrators to limit the administrative regions a user can access. A user may be granted nationwide access or restricted to one or more specific regions (inheriting access to all subregions within those assigned regions). When users attempt to view data for a region they are not authorized to access, sensitive information, such as crop production estimates and forecasts, will not be displayed. Public or non-sensitive datasets, such as weather and environmental conditions, may still remain visible to the user.
Deployment Guide
Understanding the Oracle Cloud Infrastructure (OCI) Deployment Model
Oracle Agriculture Intelligence is delivered as a managed SaaS solution on OCI. Oracle handles infrastructure, system reliability, data processing pipelines, scaling, and continuous updates, allowing administrators to focus on configuration, governance, and user access rather than deployment engineering. The platform is designed to integrate smoothly into existing government IT environments while maintaining the security and performance guarantees of OCI.
Administrators interact primarily with Oracle Cloud Infrastructure (OCI), using the OCI Console to configure identity, access control, and integration settings. Because the service is fully managed, administrators do not provision compute resources, maintain servers, or perform system patching.
This approach reduces operational burden and allows administrators to focus on governance, user access, and alignment with organizational IT policies.
1. Provisioning the Service
Once a ministry or agency subscribes to Oracle Agriculture Intelligence, Oracle provisions two OCI tenancies:
- An Oracle-managed tenancy, where application services are hosted and operated
- A customer tenancy, where identity and access management is configured
Administrators access the customer tenancy through the OCI Console to configure users, groups, and identity federation.
After provisioning, administrators sign in to the OCI Console to begin configuring identity and access. At this stage, administrators validate that authentication is working correctly and that users can successfully access the application. System-level components do not require configuration, as Oracle manages the underlying architecture.
Configuring Multiple Environments
Oracle Agriculture Intelligence includes multiple environments, such as a testing environment for validating new configurations and a production environment for daily operational use.
These environments mirror each other in structure, but they may not always reflect identical data conditions, since satellite processing and forecasting pipelines run continuously. Administrators should treat test environments as places to validate settings, not as replicas of production data.
Access to different environments is typically controlled through separate endpoints and IAM configurations defined in OCI.
Network and Access Requirements
Administrators may need to allow access to Oracle Cloud Infrastructure (OCI) service endpoints to access the application. Because Oracle Agriculture Intelligence is a SaaS service, access typically occurs over secure HTTPS connections. In environments using single sign-on or identity federation, administrators may also need to coordinate with internal identity management teams to confirm that authentication flows are properly configured.
If the agency uses IP allowlists or strict network segmentation, administrators may need to include Oracle endpoints to ensure uninterrupted access. These configurations depend on internal IT policies and may vary across ministries or agencies.
2. Loading data and fine-tuning models
Initial configuration of Oracle Agriculture Intelligence includes loading local datasets and fine-tuning AI models. This process is conducted in collaboration with Oracle’s Data Science team rather than directly through OCI administrative interfaces.
This process begins with a data-sharing agreement and the establishment of a regular working cadence between your project’s data leads and Oracle’s Data Science team. Together, you will determine which crops to target first and define a plan for sharing locally sourced ground-truth data. This ground-truth data is essential for properly tuning the crop detection models and ensuring accuracy across regions and seasons.
Additional government datasets, such as administrative boundaries, soil maps, and other environmental layers, accelerate the creation of the national digital twin that powers crop monitoring, production forecasting, and risk identification. Oracle’s Data Science team will guide you through the full list of required datasets and the preferred formats for each.
3. Configuring your Identity Provider
Identity configuration is performed in Oracle Cloud Infrastructure Identity and Access Management (OCI IAM). Administrators use the OCI Console to define users, groups, and authentication methods.
Federating Identity from Your Identity Provider(s)
Most organizations prefer to integrate OCI IAM with an existing corporate directory. Federating your identity provider avoids maintaining separate identity repositories and keeps access management centralized. With federation enabled, users continue signing in with their existing enterprise credentials, while OCI IAM relies on those identities for authentication and authorization.
OCI IAM supports SAML-based federation and just-in-time provisioning. This means user accounts are automatically created or updated the first time a federated user signs in, eliminating manual provisioning steps.
4. Defining User Roles
After configuring identity, administrators define access by mapping OCI IAM groups to Oracle Agriculture Intelligence application roles (Administrator, Contributor, Viewer).
The recommended approach is to use just-in-time provisioning with group mapping. Administrators map groups from the identity provider to OCI IAM groups and associate those groups with application roles. When a user signs in, IAM automatically assigns the appropriate access based on their group membership.
5. Verifying Successful Deployment
Once the system is provisioned and configured, administrators should perform a quick validation to ensure the service is ready for daily use. This typically includes confirming that users can log in, that map layers and insights are loading correctly, and that forecasting and crop monitoring features are displaying current data.
A deployment is considered fully operational when:
- Administrators can access the OCI Console and manage identity and access configurations
- Users can be created and assigned roles
- The dashboard displays active map layers and insights
- Crop Production and Crop Forecasts views are functioning normally
- Historical data and reference boundaries appear as expected
- Federated login works as expected (if it applies)
This validation ensures that analysts, agronomists, and policymakers can begin using the platform without interruption.
Managing Users and Roles
User and role management is one of the core responsibilities of an administrator. Oracle Agriculture Intelligence uses role-based access control (RBAC) to ensure that sensitive features, such as production forecasts, crop insights, and project management tools, are accessible only to authorized users.
All user, authentication, and access management is performed through Oracle Cloud Infrastructure Identity and Access Management (OCI IAM). Administrators use the OCI Console to manage user identities, assign roles, and control access to the application.
Understand the Role-Based Access Model (RBAC)
RBAC ensures that each user has the appropriate level of access based on their job function. Oracle Agriculture Intelligence uses a small, clearly defined set of roles to keep administration simple and predictable. Roles determine what users can see, which features they can interact with, and whether they can create or modify content such as projects.
By centralizing RBAC within OCI IAM, the system ensures consistent access control across all environments and enables integration with enterprise identity systems. Changes to a user’s identity or group membership are automatically reflected in their access to Oracle Agriculture Intelligence.
Review the Default Application Roles
The platform includes several predefined roles that align with common responsibilities inside agricultural ministries and related agencies. Although names may vary by deployment, the most common application roles include Administrator, Contributor, and Viewer. Roles are mapped to OCI IAM groups and policies, allowing administrators to manage access centrally through IAM rather than within the application.
Application roles are designed to be simple and intuitive:
- Administrator – Full access to system configuration tools, role assignments, and all application features.
- Contributor – Ability to create and manage projects, view insights, explore map layers, and access crop production and forecast data.
- Viewer – Read-only access to dashboards, map layers, insights, and crop visualizations.
These roles are intentionally broad to reduce administrative overhead. Most users can be assigned to one of these categories without custom configurations.
Understand What Each Role Can Do
Each application role maps to specific capabilities. For example, only Contributors and Administrators can create and update projects, while Viewers may access map layers and insights but cannot modify content.
| Permission | Description | Administrator | Contributor | Viewer |
|---|---|---|---|---|
| Access Agriculture Intelligence (Insights Landing Page) | Enables users to view the Agriculture Intelligence (Insights Landing Page). | X | X | X |
| Access Crop Performance | Enables the user to access Crop Health Performance in Visual Explorer. | X | X | X |
| Access Crop Production | Enables the user to access Crop Production in Visual Explorer. | X | X | X |
| Access Insights | Enables users to access the Insight Details screen by clicking on the insight description within Agriculture Intelligence. | X | X | X |
| Access Project Overview | Enables the user to access the “Projects” tabs from the taskbar or from Ask Oracle. | X | X | X |
| Access Visual Explorer | Enables the user to access Visual Explorer. Restricting access removes access from all entry points. | X | X | X |
| Add Action to Existing Project | Enables the ability to add an action to an existing project. | X | X | |
| Add Comment on Project | Enables the ability to add a comment on a project. | X | X | |
| Add Custom Action | Enables the ability to create new custom actions. | X | X | |
| Archive Insights | Enables user to archive insights. Insights must not have ongoing events or active projects. | X | ||
| Archive Project | Enables the ability to archive a project. | X | X | |
| Assign Regions (Country, County, Subcounty, Ward) | Enables the ability to assign user to a region. | X | ||
| Assign Roles | Enables the ability to assign roles. | X | ||
| Create New Project | Enables the ability to create a new project. | X | X | |
| Create/Edit Users | Enables the ability to create users and edit their profiles. | X | ||
| Deactivate Users | Enables the ability to deactivate a user account. | X | ||
| Edit All Projects | Enables the ability to edit all project details. | X | ||
| Edit My Project | Enables the ability to edit my project details. | X | X | |
| Hard Reset Password and 2FA | Enables a user to hard reset another user’s password or 2FA. | X | ||
| Modify Action Status | Enables the ability to change the status of an action. | X | X | |
| Remove Users | Enables the ability to remove a user account (if not associated with any actions). | X | ||
| Reopen an Archived Project | Enables the ability to reopen a project. | X | ||
| Share | Enables the ability to use share functionality. | X | X | |
| View Archived Insights | Enables the ability to view archived insights. | X | X | X |
| View Comments on Project | Enables the ability to view comments on a project. | X | X | X |
| View Project | Enables the ability to view a project. | X | X | X |
| Visual Explorer | (No description provided in source.) | X | X | X |
These permissions are enforced by the application but are assigned and managed through OCI IAM role and group configurations.
These restrictions help protect sensitive information while enabling broad access to general-purpose datasets such as weather layers or environmental conditions.
Creating and Managing Users
User management is performed through OCI IAM and depends on how your organization manages identities.
Option A: Federated identity (recommended)
If your organization uses an enterprise identity provider (such as Active Directory, Azure AD, or another SAML/OIDC provider):
- Users are created and managed in your corporate directory
- OCI IAM automatically provisions users when they first sign in
- Group memberships are synchronized from the enterprise directory
Administrators typically do not manually create users in OCI IAM in this model, although some users, like systems administrators or external users, could be managed directly in OCI IAM.
Option B: OCI IAM as the primary directory
If OCI IAM is your primary identity store:
- Administrators manually create users in the OCI Console
- Temporary credentials are issued
- User attributes and lifecycle events are managed directly in IAM
In both cases, access to Oracle Agriculture Intelligence is always granted through IAM role assignments.
Assigning and Modifying Roles
Role assignment can be performed at either the user or group level. However, group-based assignment is recommended for easier management and scalability. Administrators associate IAM groups with the appropriate application roles and then manage user membership within those groups through either the enterprise directory or OCI IAM.
Recommended approach
Role assignment is configured in OCI IAM using groups and policies.
- Create IAM groups that align with job functions (for example, Ag-Admins, Ag-Contributors, Ag-Viewers)
- Associate each group with the appropriate application role
- Add or remove users from groups via:
- Your enterprise directory (if federated), or
- OCI IAM (if IAM is the primary directory)
This approach ensures that:
- Every user inherits correct permissions based on their directory membership
- Access can be managed in bulk by adding or removing group members
- Role changes follow established identity governance policies
When a user’s responsibilities change, updating their group membership automatically adjusts their permissions in Oracle Agriculture Intelligence without requiring additional configuration.
Handling User Lifecycle Tasks
Administrators are responsible for managing user lifecycle events such as onboarding, updates to permissions, and deactivation. When federation is enabled, onboarding typically requires no action from administrators beyond ensuring that the user belongs to the appropriate directory group. Deactivation is similarly handled by removing the user from the enterprise directory group or disabling their federated account.
Lifecycle management tasks may include:
- Ensuring new staff are added to correct user groups
- Updating group memberships when job roles change
- Removing access for users who leave the organization
- Auditing active accounts to ensure alignment with governance policies
Centralizing lifecycle management in the identity provider ensures that access to Oracle Agriculture Intelligence remains consistent and up to date.
Auditing User Activity and Access Logs
As part of governance and compliance responsibilities, administrators may need to review access logs or audit user activity. OCI IAM provides audit trails showing authentication events, role assignments, and identity provider interactions. OCI provides audit logs and access records that allow administrators to monitor authentication events, role assignments, and identity provider interactions. Additional usage insights may be available through platform analytics or reporting tools, depending on the deployment.
Regular audits help ensure that:
- Access controls remain aligned with policy
- Sensitive data is only accessible by authorized users
- IAM configurations reflect current organizational roles
These reviews support accountability and strengthen the security posture of the deployment.
Limiting Access to Sentitive Data by Region (Region Assignment)
Region Assignment provides an additional layer of access control by restricting the geographic scope of data available to a user. Administrators define region access as part of user role configuration, ensuring that users can only view and interact with data relevant to their assigned areas (such as countries, counties, or districts).
Users assigned to specific regions can access insights, projects, forecasts, and visualizations only for those areas. Sensitive data outside their assigned regions is not displayed. This approach supports both operational focus and data security by ensuring that access is limited to authorized geographic scopes.
Region assignments are managed as part of the overall access control configuration and should align with organizational structures and data governance policies.
Data Governance and Configuration
Effective data governance is essential for ensuring that Oracle Agriculture Intelligence produces accurate and consistent outputs across regions and seasons. Administrators play a key role in coordinating the datasets that power the system and ensuring alignment with national data standards.
In the current version of the platform, key tasks, such as data onboarding, preprocessing, and model configuration, are performed by Oracle’s Data Science team. Administrators do not directly upload or configure datasets through the application or OCI. Instead, they are responsible for defining data requirements, coordinating data provision, and maintaining governance processes to ensure the national digital twin remains accurate and up to date.
Understanding Data Inputs (Satellite, Weather, Reference Data)
Oracle Agriculture Intelligence integrates a diverse set of data sources to produce insights, forecasts, and geospatial visualizations. Core inputs, such as satellite imagery and weather data, are managed entirely by Oracle. These streams refresh automatically and require no operational maintenance by administrators.
Other foundational datasets come from government stakeholders and must be provided as part of onboarding. These datasets enrich the digital twin and allow the platform to interpret agricultural conditions efficiently and accurately. Examples include administrative boundaries, crop lists, soil maps, and environmental datasets.
Administrators should remain aware of:
- Which datasets originate from government sources
- How frequently those datasets change
- Which ministry teams are responsible for maintaining each dataset
Clear ownership ensures that updates are coordinated smoothly throughout the life of the deployment.
Administrators are not responsible for managing these data pipelines directly in OCI or the application. Instead, they ensure that the correct datasets are identified, maintained, and shared with Oracle according to agreed processes.
Managing Administrative Boundary Datasets
Accurate administrative boundaries are a foundational element of the system. Boundaries determine how insights, crop production estimates, and forecasts are aggregated, displayed, and assigned to specific regions. During onboarding, administrators provide the authoritative set of administrative units: country, region, municipality, or other levels used within the national statistical system.
These datasets are shared with Oracle’s Data Science team for validation, transformation, and integration into the platform. When boundaries are updated due to administrative restructuring, administrators should alert Oracle so the dataset can be replaced or expanded without disrupting existing data pipelines.
Because all downstream analytics depend on the accuracy of these boundaries, administrators should verify that the authoritative dataset is complete, internally consistent, and reflects current government definitions.
Configuring Crop Lists and Season Definitions
Crops and season definitions guide many aspects of model tuning, performance monitoring, and forecasting. Administrators collaborate with agronomist teams and Oracle Data Science specialists to identify:
- Which crops are widely grown and should be included in monitoring
- The names and hierarchical groupings used internally by the ministry
- Season start and end dates for each crop
- Any region-specific variations in planting or harvest cycles
These inputs are shared with Oracle during onboarding. The Data Science team uses this information to tune crop detection models, establish baselines for comparison, and configure seasonal workflows in the application.
When crop lists change, administrators should initiate an update cycle with Oracle to ensure the system remains aligned with national priorities.
These configurations are not managed directly within the application interface but are implemented by Oracle based on the agreed definitions.
Providing Ground Truthing for Crop Detection
Ground-truthing data is essential for accurately detecting crops and fine-tuning the AI models that support monitoring and forecasting in Oracle Agriculture Intelligence. These datasets provide real-world examples of crop locations, planting dates, field boundaries, and crop types, allowing Oracle’s Data Science team to calibrate and validate the system for local conditions.
Administrators help coordinate the collection and transfer of this data, although the actual fieldwork is typically performed by agronomists, extension officers, or remote-sensing specialists within the ministry or partner agencies. During onboarding, Oracle’s Data Science team will outline the exact formats, fields, and metadata required for model training.
Ground truthing files should include:
- Crop associated with ground truth data
- Field boundaries (shape files) or sample points (geo coordinates)
- Planting and harvest dates associated with ground truth
- Any notes on mixed-cropping or intercropping patterns
- Photographs or field survey documentation (if part of the customer workflow)
Administrators do not upload or manage these datasets directly in the system but coordinate their collection, validation, and transfer to Oracle, who then validate and preprocess them before integrating them into the model training workflow.
Because crop patterns, growing seasons, and agricultural practices can evolve over time, ground-truth updates may be needed periodically. Administrators should maintain clear lines of communication with agronomist teams and designate data owners who can provide updated observations as required. Ensuring consistent ground-truth data quality improves model accuracy, enhances insight detection, and strengthens confidence in the platform’s monitoring outputs.
Managing Soil, Environmental, and Biome Datasets
Environmental datasets help explain why crop conditions are changing and support more accurate interpretation of stress signals. Examples include soil type maps, soil texture classifications, climate zones, ecological regions, and hydrological layers. These datasets are highly recommended to enrich the digital twin and improve analytical depth.
Oracle Agriculture Intelligence preloads a set of free environmental data. However, this data is often less precise or up-to-date than data countries manage internally. We recommend that administrators share the most precise, up-to-date environmental data to build out the digital twin.
Administrators coordinate the provision of authoritative datasets before tranfering them to Oracle for integration into the digital twin. They then validate their interpretation once integrated.
Clear documentation of each dataset, its source, update cycle, and responsible ministry, ensures that environmental layers remain current and trustworthy over time.
Data Retention Policies and Historical Archives
Oracle Agriculture Intelligence retains historical satellite-derived indicators, insights, forecasts, and crop performance metrics to support long-term trend analysis. Administrators determine how this data is managed in line with government policies.
While Oracle manages the underlying storage and retention mechanisms, administrators define retention expectations in line with government policies and coordinate with Oracle to ensure these requirements are implemented.
These decisions ensure alignment with national regulatory frameworks, including data sovereignty and archival policies.
Ensuring Data Quality and Consistency
Maintaining high-quality data is a shared responsibility between the government and Oracle. Administrators ensure that all government-provided datasets are authoritative and clearly documented, while Oracle validates structure, alignment, and integrity during ingestion.
Data quality considerations include:
- Ensuring administrative boundaries do not overlap or contain gaps
- Verifying that crop lists match internal ministry terminology
- Confirming that soil and environmental datasets use consistent coordinate systems
- Checking that metadata is included for each dataset
When issues arise, such as inconsistent geometry, missing values, or ambiguous category definitions, Oracle’s team will work with administrators to resolve them before integration.
Consistent, well-governed data enables the platform’s AI models to perform accurately and gives users confidence in the insights, forecasts, and analytics they rely on for decision-making.
Administrators play a key role in identifying issues and coordinating resolution but do not directly modify datasets within the system.
Security and Compliance
Overview of Security Approach
Oracle Agriculture Intelligence is built on a multi-layered security model that spans infrastructure, application design, identity management, and data protection. The platform is delivered as a managed SaaS service on Oracle Cloud Infrastructure (OCI), where Oracle is responsible for securing the underlying infrastructure and operating the platform.
Security responsibilities are shared between Oracle and customer administrators. Oracle ensures that the platform is secure, resilient, and continuously monitored, while administrators are responsible for configuring access controls, aligning the system with organizational policies, and supporting governance and compliance requirements.
Shared Responsibility Model
Security in Oracle Agriculture Intelligence follows a shared responsibility model that clearly defines the roles of Oracle and customer administrators.
Oracle Responsibilities
- Infrastructure security (OCI data centers, compute, storage, and networking)
- Platform operations, monitoring, and incident response
- Data processing pipelines and system performance
- Application-level security controls and updates
Administrator Responsibilities
- Managing users, roles, and access policies through OCI IAM
- Configuring identity federation (SSO) with enterprise identity providers
- Defining and enforcing data governance policies
- Monitoring access and usage patterns
- Ensuring compliance with national regulations and internal policies
This model ensures a strong security posture while allowing administrators to maintain control over access and governance.
Identity and Access Security
Identity and access management is the primary security control available to administrators and is managed entirely through Oracle Cloud Infrastructure Identity and Access Management (OCI IAM).
Key Controls
- Role-Based Access Control (RBAC) using predefined application roles
- Group-based access assignment for scalability and consistency
- Identity federation with enterprise identity providers (SSO)
- Least-privilege access policies
All user authentication, role assignment, and access control are configured through OCI IAM. No user or role management is performed within the application interface.
Administrators should ensure that:
- Users are assigned to appropriate groups based on job function
- Privileged roles are limited to authorized personnel
- Access is reviewed regularly and updated as responsibilities change
Data Security and Encryption
Oracle Agriculture Intelligence protects data using industry-standard encryption and secure handling practices.
Key Protections
- Encryption at rest using OCI-managed storage encryption
- Encryption in transit using TLS-secured communication
- Secure credential and secret storage using OCI Vault
- Isolation of customer environments within OCI
Administrators do not configure encryption directly but are responsible for ensuring that data handling practices align with organizational and regulatory requirements.
Data Privacy and Compliance
The platform supports compliance with international and national data protection standards, including principles aligned with GDPR and similar frameworks.
Key Capabilities
- Data minimization to limit collection of personal information
- Support for data subject rights (access, correction, deletion)
- Defined data retention and lifecycle policies
- Secure handling of cross-border data transfers
Administrators are responsible for ensuring that:
- Platform usage aligns with applicable legal and regulatory requirements
- Data governance policies reflect national standards
- Sensitive data is appropriately restricted and managed
Security Monitoring and Audit
Oracle continuously monitors the platform using centralized logging and Security Information and Event Management (SIEM) systems.
Oracle Capabilities
- 24/7 monitoring by dedicated security operations teams
- Centralized log collection across infrastructure and services
- Automated alerting for suspicious or anomalous activity
Administrator Responsibilities
- Review audit logs available through OCI
- Validate user access and authentication patterns
- Support internal audits and compliance reviews
- Investigate anomalies in coordination with Oracle Support
Audit logs include authentication events, role assignments, and system access records, enabling traceability and accountability.
Secure Deployment and Operations
Oracle applies security best practices across deployment and operational processes to ensure the integrity of the platform.
Key Controls
- Infrastructure deployed using Infrastructure as Code (IaC)
- Secure CI/CD pipelines with integrated vulnerability scanning
- Isolated and ephemeral build environments
- Least-privilege service accounts for automation
- Change management processes for infrastructure updates
These controls are managed entirely by Oracle and do not require administrator configuration.
Incident Response and Service Continuity
Oracle maintains formal incident response and recovery processes to ensure service continuity and minimize disruption.
Key Metrics
- Recovery Time Objective (RTO): 24 hours
- Recovery Point Objective (RPO): 1 hour
- Target Service Availability: 99.5%
In the event of a security or service incident:
- Oracle is responsible for detection, response, and recovery
- Administrators should coordinate with Oracle Support as needed
- Administrators may need to validate user access or communicate with internal stakeholders
Compliance and Certifications
Oracle Cloud Infrastructure complies with internationally recognized security standards, including ISO/IEC 27002 and related frameworks.
Third-party audit reports and compliance documentation are periodically published and available through Oracle. These certifications provide assurance that the platform meets established industry standards for security and operational control.
Additional Resources
- Oracle Cloud Hosting and Delivery Policies
- Oracle Cloud Service Contracts
- OCI Identity and Access Management Documentation
- OCI Audit and Logging Documentation
Administrators are encouraged to review these materials to better understand the broader security framework supporting Oracle Agriculture Intelligence.