Global Business Units Cloud Services Pillar C O N T R A C T U A L D O C U M E N T A T I O N JULY 2016



Similar documents
SaaS Listing CA Cloud Service Management

Oracle Cloud Enterprise Hosting and Delivery Policies

Information Services Hosting Arrangements

Systems Support - Extended

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

Symantec User Authentication Service Level Agreement

GUIDANCE FOR BUSINESS ASSOCIATES

ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide

Database Services - Extended

Serv-U Distributed Architecture Guide

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

WEBSITE MAINTENANCE CONTRACT

Cloud Services Frequently Asked Questions FAQ

Service Level Agreement Distributed Hosting and Distributed Database Hosting

Electronic Data Interchange (EDI) Requirements

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

MaaS360 Cloud Extender

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

TrustED Briefing Series:

Security Services. Service Description Version Effective Date: 07/01/2012. Purpose. Overview

System Business Continuity Classification

Unified Communications

First Global Data Corp.

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

Service Level Agreement

expertise hp services valupack consulting description security review service for Linux

Deployment Overview (Installation):

Introduction to Mindjet MindManager Server

IT Account and Access Procedure

Instant Chime for IBM Sametime Quick Start Guide

Cloud Services MDM. Windows 8 User Guide

This documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as

Service Continuity Plan for Desktop Services

Monthly All IFS files, all Libraries, security and configuration data

Using PayPal Website Payments Pro UK with ProductCart

FINRA Regulation Filing Application Batch Submissions

High Speed Internet Services

IT Help Desk Service Level Expectations Revised: 01/09/2012

Cyber Security: Simulation Platform

Service Level Agreement

STANDARD MAINTENANCE & SUPPORT POLICY

Datasheet. PV4E Management Software Features

Internet Service Definition. SD012v1.1

DISASTER RECOVERY PLAN TEMPLATE

Enterprise IT Migration Overview & FAQ

BackupAssist SQL Add-on

HIPAA HITECH ACT Compliance, Review and Training Services

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Employee Self Service (ESS) Quick Reference Guide ESS User

How To Install An Orin Failver Engine On A Network With A Network Card (Orin) On A 2Gigbook (Orion) On An Ipad (Orina) Orin (Ornet) Ornet (Orn

Learn More Cloud Extender Requirements Cheat Sheet

WatchDox Server. Administrator's Guide. Version 3.8.5

S&T IT Change Management Policy and Procedure

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

CENTURIC.COM ONLINE DATA BACKUP AND DISASTER RECOVERY SOLUTION ADDENDUM TO TERMS OF SERVICE

NERC-CIP Cyber Security Standards Compliance Documentation

Password Reset for Remote Users

Serv-U Distributed Architecture Guide

Optimal Payments Extension. Supporting Documentation for the Extension Package v1.1

MITEL INTEROP CERTIFICATION OVERVIEW FOR MSA DEVELOPER PARTNERS AND SIP SERVICE PROVIDERS

Helpdesk Support Tickets & Knowledgebase

System Business Continuity Classification

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE Savision B.V. savision.com All rights reserved.

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

VCU Payment Card Policy

Loss Share Data Specifications Change Management Plan

Juniper Networks Product End-of-Life

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

ScaleIO Security Configuration Guide

Customer no.: enter customer no. Contract no.: enter contract no.

BASIC TECHNICAL FEATURE DESCRIPTION

An Oracle White Paper January Oracle WebLogic Server on Oracle Database Appliance

iphone Mobile Application Guide Version 2.2.2

Consumer ebanking Account and Services Agreement

Implementing SQL Manage Quick Guide

Installation Guide Marshal Reporting Console

OITS Service Level Agreement

DATA REQUEST GUIDELINES

Managed Firewall Service Definition. SD007v1.1

BLACKBOARD LEARN MANAGED HOSTING TERMS, SPECIFICATIONS & SERVICE LEVELS

AvePoint Privacy Impact Assessment 1

Installation Guide Marshal Reporting Console

IT CHANGE MANAGEMENT POLICY

Corente Cloud Services Exchange (CSX) Corente Cloud Services Gateway Site Survey Form

Software Distribution

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

Intrado Technical Support and Maintenance Terms for 911 Enable (Enterprise) 911 Products and Services Version

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Intel Hybrid Cloud Management Portal Update FAQ. Audience: Public

Offer Specifications Dell Management Services (EMS): Policy Based Encryption-E

ABELMed Platform Setup Conventions

The Relativity Appliance Installation Guide

This documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as

service description Colocation of Equipment Infrastructure as a Service

CallRex 4.2 Installation Guide

CSC IT practix Recommendations

Merchant Processes and Procedures

Transcription:

Glbal Business Units Clud Services Pillar C O N T R A C T U A L D O C U M E N T A T I O N JULY 2016

Table f Cntents Scpe 2 Service Availability 2 Oracle Clud Security Plicy 3 Change Management 3 Disaster Recvery 4 Infrmatin Transfer 5 Cmpliance 6.

Scpe This dcument is applicable t Oracle Clud Services fr Industry (OCI) and Oracle Hspitality and Oracle Retail Clud (OHRC). OCI supprts the clud fferings prvided by the Cmmunicatins Glbal Business Unit, Financial Services Glbal Business Unit, the Health Sciences Glbal Business Unit, the Cnstructin and Engineering Glbal Business Unit, and the Utilities Glbal Business Unit. OHRC supprts the clud fferings prvided by the Hspitality Glbal Business Unit and the Retail Glbal Business Unit except fr the fllwing Retail Glbal Business Unit Clud fferings which are hsted by OCI: Oracle Retail Advanced Science Engine Fundatin Clud Service Oracle Retail Advanced Clustering Clud Service Oracle Retail Assrtment and Space Optimizatin Clud Service Oracle Retail Custmer Decisin Tree and Demand Transference Science Clud Service Oracle Retail Insights Oracle Retail Merchandising Insights Clud Service Oracle Retail Custmer Insights Clud Service Oracle Retail Market Basket Insights Clud Service Oracle Retail Merchandise Financial Planning Clud Service Oracle Retail Demand Frecasting Clud Service This dcument is a supplement t the Oracle Clud Hsting & Delivery Plicies and Oracle Practice dcuments. Its purpse is t accunt fr exceptins and additinal terms specific t the Oracle Glbal Business Units. Service Availability Fr purpses f calculating the Service Availability Level f the Oracle Clud Services, Available r Availability means that Yu and Yur Users are able t lg in and access the OLTP r transactinal prtin f Clud Services. Fllwing the end f each calendar mnth f the Services Perid under an rdering dcument, Oracle measures the System Availability Level ver the immediately preceding mnth. Unless therwise defined in the Service Descriptin, Oracle measures the System Availability Level by dividing the difference between the ttal number f minutes in the mnthly measurement perid and any Unplanned Dwntime by the ttal number f minutes in the measurement perid, and multiplying the result by 100 t reach a percent figure. Target Service Availability Level bjectives are as utlined in the Oracle Clud Service Level Objective Plicy sectin in the Oracle Clud Hsting & Delivery Plicies dcument, r in the applicable Service Descriptin related t the specific Glbal Business Unit clud service.

Oracle wrks t meet a Target System Availability Level fr the measurement perid f each calendar mnth, cmmencing at Oracle s activatin f the prductin envirnment. Reprting f Availability Oracle will prvide Availability reprts fr a specific perid upn request. Oracle Clud Security Plicy Additinal infrmatin regarding Oracle s security practices fr Oracle Glbal Business Unit Clud Services is available upn request. Change Management Applicatin Upgrades and Updates Oracle requires all Clud Services custmers t keep their Services current with the sftware versins that Oracle designates as generally available (GA) fr such Services. Sftware updates r upgrades will fllw the release f every GA release and are required fr the Services in rder t maintain versin currency. Fr certain Clud Services, Oracle perfrms upgrades by upgrading Yur nnprductin envirnment t the latest versin f the Clud prduct befre upgrading the prductin envirnment. Oracle Clud Hsting and Delivery Plicies, such as Service Levels Objective Plicy, the Disaster Recvery Service Plicy bjectives, and the Supprt Plicy, are dependent n Yu maintaining GA versin currency. Oracle is nt respnsible fr perfrmance r security issues encuntered with the Clud Services that may result frm running earlier versins. Oracle will prvide prir ntice fr updates r upgrades that invlve service interruptin t Yu. OCI schedules applicatin upgrades every 2 nd and 4 th Friday f the mnth between 21:00-06:00 data center lcal time. If Yu are eligible t select Yur wn upgrade windw, Yu will either be cntacted by Oracle t crdinate the upgrade change windw, r Yu will be able t select target hur and date with the exceptin f blcked time perids that Oracle reserves fr cre system maintenance. OHRC will assign an upgrade slt t Yu at cmpletin f prvisining and where pssible, at a time t minimize impact t Yur business. Upgrade windws will be scheduled between 20:00-06:00 data center lcal time, Mnday t Sunday. Applicatin Changes Access t prductin servers at the perating system and database level is restricted t Oracle Clud fr Industry Services and Applicatin Management grups. Custmer changes t the applicatin are allwed nly via the defined user interface, web service, r a standardized API. Alteratin r extensin f the underlying base applicatin cde is nt allwed as a mechanism f custmizing the applicatin. Cre System Maintenance Cre system maintenance invlves changes t hardware, netwrk systems, security systems, perating systems, strage systems, r general supprting sftware f the clud infrastructure. Cre system maintenance may result in service interruptin. Oracle wrks t limit any service interruptin due t cre system maintenance t less than 2 hurs during a scheduled service perid. Oracle may elect nt t schedule a cre system maintenance event.

Fr OCI, the scheduled service perid fr cre system maintenance is n Fridays and will be scheduled by Oracle between 21:00-06:00 data center lcal time. This is a standing maintenance windw and Yu will nt receive ntificatins f the upcming cre system maintenance. Fr OHRC, the scheduled service perid fr cre system maintenance is n Tuesdays and will be scheduled by Oracle between 21:00-06:00 data center lcal time. Oracle will prvide prir ntice fr upcming cre system maintenance that invlves service interruptin t Yu. Rutine Infrastructure Maintenance Oracle manages rutine infrastructure maintenance activities fr the purpse f prviding envirnment currency, capacity, and stability. Rutine maintenance is nt expected t result in a service interruptin. When pssible, rutine infrastructure maintenance will be perfrmed during the Cre System Maintenance windw and fllw the same ntificatin plicy. End f Life fr Oracle Business Unit Clud Services Specific Clud Services may have EOL Plicy infrmatin. Where applicable, the dcumentatin is available here: http://www.racle.cm/us/crprate/cntracts/clud-services Disaster Recvery Disaster Recvery services are intended t prvide service restratin capability in the case f a majr disaster, as declared by Oracle that leads t lss f a data center and crrespnding service unavailability. Fr the purpses f this Plicy, a disaster means an unplanned event r cnditin that causes a cmplete lss f access t the primary site used t prvide the Oracle Clud Services such that the Custmer prductin envirnments at the primary site are nt available. The Recvery Time Objectives (RTO) and Recvery Pint Objectives (RPO) d nt apply t Yur custmizatins that depend n external cmpnents r third-party sftware. During an active failver event, nn-critical fixes and enhancement requests are nt supprted. Yu will be slely respnsible fr issues arising frm third party sftware and custmizatins t Oracle prgrams and services. The RTO and RPO Level bjectives are as utlined in the applicable Service Descriptin related t the specific Glbal Business Unit clud service. Upn Oracle s declaratin f a disaster, Oracle will cmmence the Disaster Recvery Plan t recver prductin data t the mst recent available state t recnstitute the prductin envirnments f the affected Clud Services with the Recvery Time and Recvery Pint Objectives as defined in the Service Descriptin fr the applicable Glbal Business Unit clud service. Prductin services may perate in a degraded state f perfrmance fr the duratin f the disaster event. A Recvery Time Objective (RTO) is Oracle s bjective fr the maximum perid f time between Oracle s decisin t activate the recvery prcess t the secndary site due t a declared disaster, and the pint at which Yu can resume prductin peratins in the secndary prductin envirnment. If the decisin t failver is made during the perid in which an upgrade is in prcess at the secndary site, the RTO extends t include the time required t cmplete the upgrade.

A Recvery Pint Objective (RPO) is Oracle s bjective fr the maximum pssible length f time during which data culd be lst in the event f a disaster. The RPO time excludes any data lads that may be under way when the disaster is ccurring. Infrmatin Transfer Secure File Transfer Prtcl (sftp) The secure file transfer prtcl (sftp) services are limited-access systems fr the purpse f uplading r dwnlading data files in a secure manner. sftp dwnlads/uplads are recrded in an electrnic audit lg that includes: date and time, user name, and name f file up/dwnladed. Traceability f user requests fr sftp access and mdificatins t access rights is prvided thrugh change cntrl prcesses. Accunt Usage Oracle reserves the right t restrict access, limit use f the sftp Service, r remve access fr any nncnfrming users, sites, r Custmers, withut prir ntificatin, whenever the use f the service is nt in cmpliance with the terms f use. Access is granted n each accunt t specific directries using the principle f least privilege. Custmer accunts have full read-write access t the data in each directry t which the user has access. Technical cntrls in place are designed t ensure cnfidentiality f data and t prevent unauthrized access t ther accunts data. Attempts t access directries nt authrized fr a given accunt are a vilatin f the terms f use, and the accunt may be suspended. Oracle is nt respnsible fr unauthrized Custmer access t data within a directry by an accunt which has authrized and apprved access. Accunt Prvisining Currently sftp accunts are created with a strng 10-character passwrd. The accunt passwrd will be sent in an email t the address assciated with the accunt. Fr this reasn, the email address assciated with an accunt must be a valid individual email and may nt be a shared accunt r cmpany e-mail distributin list. Inactive accunts will be disabled, and then deleted under the fllwing schedule: Accunts that are inactive fr 3 mnths will be disabled. Accunts that are inactive fr 6 mnths will be deleted. Custmer must submit a request via the ticketing system t terminate accunts that are n lnger required r need t be revked. Accunt Authenticatin Passwrds are autmatically generated and cannt be changed by the accunt hlder r recvered by Oracle. If a passwrd needs t be changed r reset, the accunt hlder must submit a frmal change request via the ticketing system t have a new passwrd generated. The updated accunt passwrd will be sent in an email t the address assciated with the accunt. Accunt Authenticatin Alternate Autmatin Methds

The sftp service supprts public key authenticatin; a methd f autmatic passwrd-less lgin. Each accunt has a public key directry. By generating a lcal private and public key pair, uplading the public key file t this directry, and cnfiguring the client sftware t use public key authenticatin, an accunt can lg in withut being prmpted fr a passwrd. Multiple public key files per accunt are supprted by Oracle. Acceptable Usage All data transferred via the sftp service must be fr the specific business purpse and functin f supprting the Custmer hsted envirnment(s). The sftp service may nt be used fr data backups, temprary strage, unlicensed cpyrighted materials, r ther illegal materials. Custmer integratins emplying the use f autmated data transfer agents r 'scripts' are permitted, hwever they shuld either run manually r n a peridic schedule nt t exceed a sftp cnnectin rate f 10 times per hur. The use f autmated prcesses that aggressively cnnect, r that d nt prperly cnnect, authenticate, perfrm an apprpriate file transfer peratin, r prperly discnnect, is a vilatin f the terms f use. Data Strage Data stred n the sftp server will autmatically be deleted after 60 days. All incming and utging sftp data is cnsidered transient data and nt subject t backup retentin. The nly exceptin is that the directry structure and any ssh lgin key file infrmatin is retained and nt autmatically deleted Paylad Encryptin Requirements Data-at-Rest If the service ffering is subject t external regulatry requirements such as PCI DSS that mandates data-at-rest encryptin, the cnfiguratin f the Oracle sftp service fr the deplyment will emply the use f whle disk encryptin, r the service will be designed t accept incming encrypted data files with an Oracle prvided public key r x.509 certificate. Cnversely, if the service ffering has utbund data and file transfer integratins, then the Custmer must prvide Oracle with a bnafide x.509 certificate fr sftp data integratins. Encryptin Requirements Transprt Industry security standards and Oracle security plicies mandate end-t-end (scket-t-scket) based transprt encryptin fr data exchange. Use f FTP ver SSL (FTPS) and FTP des nt guarantee transprt encryptin is either prperly enfrced r negtiated during the initiatin f the data cnnectin, and the latter prtcl (FTP) is cmpletely lacking any transprt encryptin. Therefre, Oracle data transfer standards is limited t sftp with the gal t ensure cnfidentiality f data transfers between Oracle and the Custmer. Cmpliance Audit Reprts Audit reprts and letters f cmpliance f Oracle Clud Services are peridically published by Oracle s third party auditrs. Reprts and letters may nt be available fr all services r at all times. Custmer may request t receive a cpy f the current published audit reprt r letter available fr a particular Oracle Clud Service, as applicable, by cntacting its Oracle Sales Representative r designated Oracle accunt cntact and prviding the fllwing infrmatin: Cmpany name Cntact name

Title Recipient e-mail address Request justificatin (e.g., purpse and intended use descriptin) Oracle Crpratin, Wrld Headquarters Wrldwide Inquiries 500 Oracle Parkway Phne: +1.650.506.7000 Redwd Shres, CA 94065, USA Fax: +1.650.506.7200 C O N N E C T W I T H U S blgs.racle.cm/racle Cpyright 2016, Oracle and/r its affiliates. All rights reserved. facebk.cm/racle twitter.cm/racle racle.cm

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information