7 Frequently Asked Questions

This chapter includes a number of specific questions related to security that are frequently asked by prospects, customers and implementers.

Table 7-1 Frequently Asked Questions

Question Answer

Does Supplier Evaluation Cloud Service support data encryption?

Yes. All data is stored in encrypted tablespace at rest, and is encrypted in transit. Supplier Evaluation Cloud Service uses TLS for secure transport of data.

Does Supplier Evaluation Cloud Service provide network segregation?

Yes. The Oracle Cloud network is isolated from the Oracle corporate network.

Does Supplier Evaluation Cloud Service provide secure backups?

Yes. Backup is a standard process for Supplier Evaluation Cloud Service. Database and application servers are backed up both incrementally (daily) and fully (weekly). Backups are stored for at least 60 days.

Does Supplier Evaluation Cloud Service provide centralized logging?

Yes. All application and infrastructure logs are forwarded to a centralized Security Information and Event Management system.

Does Supplier Evaluation Cloud Service provide anti-virus?

Yes. All files uploaded into Supplier Evaluation Cloud Service are scanned by anti-virus and anti-malware software. All hosts in the cloud service are regularly patched with the latest critical patch updates.

Does Supplier Evaluation Cloud Service provide strong authentication options such as 2-factor, one-time Password?

Multi-Factor Authentication is an option if a customer chooses to license the Standard Tier of IDCS or OCI IAM.

Does Supplier Evaluation Cloud Service include a configurable warning banner which is presented upon login?

Terms of Use is an option if a customer chooses to license the Standard Tier of IDCS or OCI IAM. It presents disclaimers and acceptable use policies to users.

The Supplier Evaluation application also allows for the configuration of portal specific terms and conditions, which are presented for the user to accept or reject upon first login.

Does Supplier Evaluation Cloud Service implement access lists to secure each tier of the solution?

Yes. Communication between tiers within Supplier Evaluation Cloud Service is limited by subnet ingress security lists.

Does Supplier Evaluation Cloud Service include and support the capability to change default account passwords?

All user password management occurs in IDCS or OCI IAM.

Does Supplier Evaluation Cloud Service support Roles with defined access levels?

Yes. Oracle Retail Enterprise roles span Oracle Retail applications. Within Supplier Evaluation Cloud Service, privileges and duties can be assigned to roles to define what is accessible to certain types of users.

Does Supplier Evaluation Cloud Service support synchronizing with an external time source?

All hosts within the solution are synchronized to the same time source.

Does Supplier Evaluation Cloud Service provide strong password options such as complexity, history, aging, and account lockout?

IDCS or OCI IAM provides robust password policy management functionality. When a user creates a password, IDCS or OCI IAM validates the password against the password policies.

More information about password policies is available at https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/manage-oracle-identity-cloud-service-password-policies1.html.