Compliance
Learn about the compliance certifications and service management responsibilities Oracle Database@AWS.
Shared Responsibility Between Oracle and AWS
Oracle Database@AWS is an Oracle Cloud Infrastructure (OCI) database service that runs Oracle Database workloads in a customer's AWS environment. When the customer implements this solution, they deploy resources in two cloud environments: database resources are in AWS, while the database administration control plane is in OCI. This lets the customer deploy Oracle Database products in their AWS environment while OCI maintains administration capabilities.
AWS-based applications access Oracle Databases directly from within the customer's AWS environment. The customer performs most database administration operations in the AWS console as well. Maintaining the database control plane in OCI lets Oracle Database@AWS be easily managed and upgraded with the latest operational and administrative capabilities.
All hardware for Oracle Database@AWS uses AWS networking. Oracle’s responsibility for monitoring the data center control environments is included within the scope of the System. Oracle Database@AWS uses AWS's Identity and Access Management integration to manage user and group access for the customer's Oracle database resources. AWS networking and Identity and Access Management are not within the scope of the System.
While an OCI tenancy is required, day-to-day operations and visibility are centralized within the AWS environment, reflecting a shared responsibility model between Oracle and AWS.
Oracle Database@AWS Compliance Certifications
As of July 8,the following compliance certifications have been completed for Oracle Database@AWS:
Table 1-3
| Audit Program | Location | Scope for Oracle Database@AWS |
|---|---|---|
| SOC 1 (System and Organization Controls 1) | Global | Supported |
| SOC 2 (System and Organization Controls 2) | Global | Supported |
| SOC 3 (System and Organization Controls 3) | Global | Supported |
| HIPAA (Health Insurance Portability and Accountability Act) | Global | Supported |
| C5 (Cloud Computing Compliance Controls Catalogue – Germany) | Global | Supported |
| CSA STAR Attestation | Global | Supported |
| CSA STAR Certification | Global | Supported |
| HDS (Hébergement de Données de Santé – France) | Global | Supported |
| ISO/IEC 9001, 20000-1, 27001, 27017, 27018, 27701 | Global | Supported |
| ISO/IEC 22301 (Business Continuity Management) | Global | Supported |
| PCI DSS (Payment Card Industry Data Security Standard) | Global | Supported |
| HITRUST (Health Information Trust Alliance) | Global | Supported |
Listing and Downloading Compliance Documents
List a Compliance Document
- From the OCI Console, select Identity and Security, and then select Compliance. From the Compliance Documents page, you can view all the documents that you have permission.
- By default, the Compliance Documents page shows documents sorted alphabetically by name. To sort the list differently, choose one of the following options:
- Select the arrow next to Name field. You can sort the list alphabetically by the name. From the default order, selecting the Name field again will reverse the list to show documents in reverse alphabetical order.
- Select the arrow next to Doc Type field. You can sort the list alphabetically by document type.
- Select the arrow next to Created field. You can sort the list by the document’s creation date and time.
Download a Compliance Document
- From the OCI Console, select Identity and Security, and then select Compliance.
- From the Compliance Documents page, select the document that you want to download , and then select the actions menu (
⋮). Select the Download option. - From the Agree to Terms and Conditions page, review the terms of use.
- Once you complete, select the I have reviewed and accept these Terms and Conditions checkbox, and then select the Download File.
- For a PDF file, use PDF reader software (such as Adobe Acrobat Reader) to view it instead of opening it in a browser. If necessary, when opening the PDF, select I Accept on the Oracle Confidential page.
- You can provide the document to your organization's compliance team using the method recommended by that team. If the compliance team prefers to download compliance documents directly, an administrator can create the necessary user accounts for them.