Show
Oracle is committed to helping customers operate globally in a fast-changing business environment and address the challenges of an ever more complex regulatory environment. Shared Management ModelCloud computing is fundamentally different from traditionally on-premises computing. In the traditional model, organizations are typically in full control of their technology infrastructure located on-premises (e.g., physical control of the hardware, and full control over the technology stack in production). In the cloud, organizations leverage resources and practices that are under the control of the cloud service provider, while still retaining some control and responsibility over other components of their IT solution. As a result, managing security and privacy in the cloud is often a shared responsibility between the cloud customer and the cloud service provider. The distribution of responsibilities between the cloud service provider and customer also varies based on the nature of the cloud service (IaaS, PaaS, SaaS). Before deploying Oracle cloud services, Oracle strongly recommends that cloud customers formally analyze their cloud strategy to determine the suitability of using the applicable Oracle cloud services in light of their own legal and regulatory compliance obligations. Making this determination remains solely the responsibility of customers. AttestationsOracle provides information about frameworks for which an Oracle line of business has achieved a third-party attestation or certification for one or more of its services in the form of “attestations.” These attestations can assist in your compliance and reporting, providing independent assessment of the security, privacy and compliance controls of the applicable Oracle cloud services. In reviewing these third-party attestations, it is important that you consider they are generally specific to a certain cloud service and may also be specific to a certain data center or geographic region. Clicking on a compliance framework retrieves the relevant detail. Please note that this information is subject to change and may be updated frequently, is provided “as-is” and without warranty and is not incorporated into contracts. Customers can obtain more information about available attestations by contacting their Oracle sales representative. GlobalAmericasEurope, Middle East, and AfricaAsia PacificAdvisoriesOracle provides general information and technical recommendations for the use of its cloud services in the form of “advisories.” These advisories are provided to help you in your determination of the suitability of using specific Oracle cloud services as well as to assist you in implementing specific technical controls that may help you meet your compliance obligations. Please note that these advisories are not legal advice and you remain solely responsible for determining if a specific Oracle cloud service and/or configuration meets your legal and regulatory obligations. GlobalGxPGxP Good Practice Guidelines
AmericasBACENCentral Bank of Brazil (BACEN) Resolution 4893 Digital Service Requirements
CCPACalifornia Consumer Privacy Act
For more information, see https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375
CJISCriminal Justice Information Services Security Policy
DFARS Parts 7010 and 7012Defense Federal Acquisition Regulation Supplement (DFARS) Parts 7010 and 7012 FFIEC Cybersecurity Assessment ToolFederal Financial Institutions Examination Council (FFIEC) Cybersecurity
Assessment ICD 503Intelligence Community (IC) Information Technology Systems Security Risk Management Directive 503 IRS 1075Internal Revenue Service
Publication 1075
ITARInternational Traffic in Arms Regulations LGPDLei Geral de Proteção de Dados (LGPD) Federal Law
13,709/18
LGPDPPSOGeneral Law for the Protection of Personal Data in the possession of Obliged Subjects
MARS-EMinimum Acceptable Risk Standards for Exchanges NERC CIPNorth American Electric Reliability Corporation Critical Infrastructure Protection NIST SP 800-171NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations PIPEDAPersonal Information Protection and Electronic Documents Act
Protected BCanadian Security Requirements for Protected B information SEC Rule 17a-4(f), FINRA Rule 4511(c), CFTC Rule 1.31(c)-(d) Electronic Records Retention RequirementsSecurities and Exchange Commission (SEC), the Financial Industry Financial Authority (FINRA), and the Commodities
Futures Trading Commission (CFTC) Electronic Records Retention Requirements Europe, Middle East, and AfricaCITC CCRFCommunications and Information Technology Commission Cloud Computing Regulatory Framework (CCRF) Directive 3 of 2018 (D3/2018)Prudential Authority Cloud Computing
and Offshoring of Data Directive 3 of 2018
Directive 159.A.iFinancial Services Board Outsourcing of Insurance Business Directive 159.A.i
DSPTUK NHS Data Security and Protection Toolkit EBAEuropean Banking Authority Guidelines on Outsourcing Arrangements
ENISA Cloud Computing IAFEuropean Union Agency for Cybersecurity Information Assurance Framework
For more information, see https://www.enisa.europa.eu/publications/cloud-computing-information-assurance-framework ESMA MiFID II & MiFIR 600/2014ESMA Markets in Financial Instruments Directive MiFID II & MiFIR 600/2014
FINMAFinancial Market Supervisory Authority Circular 2018/3
FCA HandbookFinancial Conduct Authority’s Handbook of Rules and Guidance
G-CloudUK Government G-Cloud Framework GDPRGeneral Data Protection Regulation
Guidance Note 5 of 2014 (G5/2014)Office of the Registrar of Banks Outsourcing Functions within a Bank and Cyber Resilience Guidance Note 4 of 2014
Guidance Note 4 of 2017 (G4/2017)Office of the Registrar of Banks Outsourcing Functions within a Bank and Cyber Resilience Guidance Note 4 of 2017
Guidance Note 5 of 2018 (G5/2018)Prudential Authority Cloud Computing and Offshoring of Data Guidance Note 5 of 2018
IT GrundschutzIT Grundschutz: Security Information System assessment against BSI standards
For more information, see https://www.bsi.bund.de ITHCNational Cyber
Security Centre IT Health Check (ITHC) MiFID Org RegulationCommission Delegated
Regulation (EU) 2017/565
NCA ECCNational Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) POPIAProtection of Personal Information Act (POPIA)
PRA SS2/21Prudential Regulation Authority’s Supervisory Statement 2/21 on Outsourcing and Third-Party Risk Management
SAMA CSFSaudi
Arabian Monetary Authority Cyber Security Framework SAMA Outsourcing RulesSaudi Arabian Monetary Authority Rules on Outsourcing
Solvency II Delegated RegulationCommission Delegated Regulation (EU) 2015/35
UAE Federal Law No. 2 of 2019United Arab Emirates (UAE) Federal Law No. 2 of 2019
UK NCSC Cloud Security PrinciplesUK
National Cyber Security Centre (NCSC) Cloud Security Principles Asia PacificABS GuideAssociation of Banks in Singapore (ABS) Cloud Computing Implementation Guide
APRA CPS 231Australian Prudential Regulations for Outsourcing: CPS 231, SPS 231 and HPS 231 FISCFinancial Industry Information Systems Security Guidelines FSI Cloud GuidelinesFinancial Security Initiative (FSI) Cloud Guidelines IRDAI Regulation /5/142/2017, Outsourcing of Activities by Indian InsurersInsurance Regulatory and Development Authority of India (IRDAI) Regulation /5/142/2017, Outsourcing of Activities by Indian Insurers
MAS TRMMonetary Authority of Singapore (MAS) Technology Risk Management Guidelines
MAS 655Monetary Authority of Singapore (MAS) Cyber Hygiene Requirements Notice 655
My Number ActFinancial Market Supervisory Authority Circular 2018/3
NISCNational Center of Incident Readiness and Strategy for Cybersecurity RBI BCSF for UCBs (2018)Reserve Bank of India
(RBI) Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) (2018)
RBI CSF in Banks (2016)Reserve Bank of India (RBI) Cyber Security
Framework in Banks safeguarding use of Information Technology (2016)
RBI Guidelines on Information SecurityReserve Bank of India (RBI) Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds
RBI Guidelines on Outsourcing (2006)Reserve Bank of India (RBI) Guidelines on Managing Risks and Code of
Conduct in Outsourcing of Financial Services by banks (2006)
SEBI Circular on Outsourcing (2015)Securities and Exchange Board of India (SEBI) Circular on Outsourcing by
Depositories (2015)
SEBI Circular on Outsourcing (2017)Securities and
Exchange Board of India (SEBI) Circular on Outsourcing of Activities by Stock Exchanges and Clearing Corporations (2017)
SEBI Guidelines on Outsourcing (2011)Securities and Exchange Board of India (SEBI) Guidelines on Outsourcing of Activities by Intermediaries (2011)
Three MinistriesGuidelines by Three Ministries for Healthcare Data 알아보기
새로운 소식
문의하기
What is SRG in security?security requirements guide (SRG)
What is a DISA SRG?DISA publishes both Secure Requirements Guides (SRG), and Secure Technical Implementation Guides (STIG). An SRG is the general list of requirements that a product (OS, Database, Application, etc) needs to meet in order to be deployed on a Department of Defense (DoD) network.
Who published Stigs?The Defense Information Systems Agency recently released the draft Windows 11 Security Technical Implementation Guide (STIG)…
Who is responsible for the security of database?Each database can have an administrator, referred to as the security administrator, who is responsible for implementing and maintaining the database security policy If the database system is small, the database administrator can have the responsibilities of the security administrator.
|