Oracle Cloud Hosting And Delivery Policies

OVERVIEW

These Oracle Cloud Hosting and Delivery Guidelines (the “Delivery Guidelines”) outline the Oracle Cloud Services you have requested. These Delivery Guidelines may point to other Oracle Cloud policy documents; any mention of “Customer” in these Delivery Guidelines or such other policy documents will be interpreted as referring to “You” as specified in Your order. All obligations mentioned in these Delivery Guidelines apply to production Cloud Services unless stated otherwise.

References in these Delivery Guidelines to a Cloud Services’ “Data Center Region” pertain to (i) the specific geographic region specified in Your order for these Services or, (ii) if relevant, the nation or broader geographic area related to the data center location You selected when activating the instance of these Services. Regarding the Data Center Region for Your ordered Cloud Services, the following definitions apply:

• “Europe” encompasses the EU member countries, the United Kingdom, and Switzerland collectively; and
• “APAC” signifies the Asia-Pacific area, excluding China since Oracle does not operate data centers within China.
• “North America” includes regions made up of the contiguous United States and Canada; except when the purchasing entity decides to be initially set up in Mexico, in which event, North America refers to regions consisting of the continental United States, Canada, and Mexico.

For Your ordered Oracle Cloud Services, Your Content will be stored in the relevant Data Center Region for those Services. Oracle may copy Your Content to additional sites within the designated Data Center Region to ensure data redundancy. Terms in capitalization not defined elsewhere in these Delivery Guidelines will carry the meanings assigned to them in the Oracle agreement, Your order, or the policy itself, as relevant. These Delivery Guidelines receive updates biannually.

Your order or the Service Specifications from Oracle (as outlined in Your agreement for Oracle Cloud Services which includes Oracle Cloud Services Pillar documentation, Service Descriptions, and other definitions included in the Oracle Cloud Services Agreement) may provide further details or exceptions about specific Oracle Cloud Services. The Oracle Cloud Service Pillar documentation, the Service Descriptions, and the Program Documentation for Oracle Cloud Services can be found at www. oracle. com/contracts.

You agree to perform any actions requested by Oracle and to furnish Oracle with the information, access, and support reasonably needed for Oracle to implement and sustain the Oracle Cloud Services, which includes Oracle’s execution of any modifications to the Oracle Cloud Services as detailed in the Oracle Cloud Change Management Policy section.

Oracle Cloud Services are offered based on the Oracle agreement, your order, and the Service Specifications relevant to these Services. The provision of Oracle Cloud Services by Oracle depends on your compliance and that of your users with the obligations and responsibilities outlined in these documents and associated policies. These Delivery Policies and the documents mentioned here can be modified at Oracle’s discretion; however, changes in Oracle’s policies will not lead to a significant decrease in the performance, functionality, security, or availability of the Oracle Cloud Services during the service period of your order.

Oracle Cloud Services are hosted at data centers or third-party infrastructure providers selected by Oracle, except for Oracle Cloud at Customer Services. Oracle Cloud at Customer Services consists of Public Cloud Services that are set up at your data center or at a third-party data center chosen by you. You have the option to buy these Services separately or to have them served as the foundational platform for other Oracle Cloud Services. For Oracle Cloud at Customer Services, Oracle will supply hardware components to your data center, including gateway devices, necessary for Oracle to deliver these Services. You must ensure sufficient space, power, and cooling for the deployment of Oracle hardware (including gateway devices) and provide adequate network connectivity for Oracle Cloud Operations to access the services. Oracle is entirely responsible for the maintenance of the Oracle hardware components (including gateway devices).

These Delivery Policies do not apply to Oracle BigMachines Express or other Oracle Cloud products as specified by Oracle in your order or the related Service Descriptions.

1 ORACLE CLOUD SECURITY POLICY

1. 1 General Information Security Practices of Oracle

Oracle has implemented security measures and practices for Oracle Cloud Services aimed at safeguarding the confidentiality, integrity, and availability of your Content hosted by Oracle within these Services and preventing any unauthorized processing activities, including data loss or illegal destruction. Oracle is committed to continually enhancing its security measures and practices.

Oracle Cloud Services adhere to security practices that align with ISO/IEC 27002 Information security controls, from which a broad array of controls have been chosen. These Services also conform to the standards set by the National Institute of Standards and Technology (“NIST”) 800-53 and 800-171.

The information security practices for Oracle Cloud lay out and regulate the relevant security areas for Oracle Cloud Services and your utilization of those Services.

Oracle staff members (including employees, contractors, and temporary personnel) are required to follow the Oracle information security practices and any additional policies relevant to their employment or the services they render to Oracle.

Oracle takes a comprehensive approach to safeguarding information, applying a multi-tiered security strategy where the security measures for networks, operating systems, databases, and software support each other through robust internal controls, governance, and oversight. For those Oracle Cloud Services that allow you to customize your security setup, you are accountable for configuring, operating, maintaining, and protecting the operating systems and related software of these chosen Oracle Cloud Services (including your content) that Oracle does not supply. You are responsible for ensuring adequate security and backup for your content, which might involve using encryption technology to safeguard it from unauthorized access and regularly archiving it.

1. 2 Physical Security Measures
   Oracle has established protocols to keep unauthorized individuals from accessing computer facilities managed by Oracle, where your content is stored. These include the presence of security personnel, locked buildings, and secured data center locations. All Oracle-operated office spaces and cloud infrastructure facilities are protected. Oracle also mandates that its suppliers secure their own facilities that host your content similarly. Standard security measures across office sites and Oracle-managed co-locations/data centers currently include, for instance:

• Access to physical locations needs authorization and is monitored.
• All employees, subcontractors, and approved visitors must display official ID while they are on-site.
• Visitors must sign in and be accompanied by Oracle staff within Oracle premises.
• The distribution of keys and access cards and the ability to enter the premises is monitored. Employees who leave Oracle must return their keys or access cards.
  This section is not applicable to Oracle Cloud at Customer Services. You are required to secure your own computing facilities for hosting and operating the hardware related to Oracle Cloud at Customer Services (including gateway equipment) and the network connections necessary for Oracle to deliver these services.

1. 3 Access Control Measures
   Oracle policies stipulate the use of multi-factor authentication (MFA), documented access permissions, and logging of access. MFA is compulsory for all users accessing Oracle Cloud Services. If available for an Oracle Cloud Service, you must activate and enforce the option for MFA provided by Oracle. If you utilize a third-party identity provider with an Oracle Cloud Service, you must set it up to require MFA for all users accessing those services. You are entirely responsible for any adverse impacts to you or your users related to your Cloud Services that could have been prevented by using the Oracle-supplied MFA option, where applicable.

All remote entry to the Oracle Cloud Network by Oracle employees with access to Your Content is limited through the use of a Virtual Private Network that incorporates Multi-Factor Authentication. Besides the mandatory use of a Virtual Private Network, Oracle conducts device posture assessments and implements measures like bastion hosts before granting Oracle staff any access to the Oracle Cloud Network. Oracle forbids the use of personal devices to connect to the Oracle Cloud Network and Oracle Cloud Services, enforced through both policies and technical measures.

1. 4 Data Access Controls
   For service components overseen by Oracle, access to Your Content is reserved for authorized employees only. When it comes to Oracle staff using the Oracle Cloud Services (including Your Content stored there), Oracle applies Role Based Access Controls (RBAC) and adheres to access management principles such as “need to know,” “least privilege,” and “segregation of duties. ” Additionally, Oracle offers a way for You to manage Your Users’ permissions to use the Oracle Cloud Services and access Your Content.
2. 5 User Encryption for External Connections
   Your entry to Oracle Cloud Services is secured through a communication protocol offered by Oracle. When accessing via a Transport Layer Security (TLS) connection, that link ensures a minimum of 128-bit encryption. The private key that creates the cipher key has at least 2048 bits. TLS is utilized or can be set up for all web applications hosted by Oracle. It is advisable to use the most up-to-date browsers that support stronger cipher settings and enhanced security features when connecting to the Cloud Services. The list of suggested browsers for each Oracle Cloud Services release will be accessible through a portal available to You or in the relevant Service Description for the Oracle Cloud Services. In certain situations, a third-party site that You want to integrate with the Oracle Cloud Services, like a social media platform, may not support an encrypted connection. For those Oracle Cloud Services that allow HTTP connections with the third-party site, Oracle will facilitate such HTTP connections in addition to the secure HTTPS connection.
3. 6 Input Control
   You maintain control and responsibility for the source of Your Content, and the incorporation of Your Content into the Oracle Cloud Services is managed by You.
4. 7 Data and Network Segregation
   Your Content is either logically or physically separated from the content of other clients hosted in the Oracle Cloud Services. All Oracle Cloud networks are distinct from Oracle’s corporate networks.

1. 8 Confidentiality and Training
   Employees at Oracle are bound by confidentiality agreements and must undergo information protection training when they start their employment. Following this initial training, all Oracle staff are required to participate in training sessions periodically according to the relevant Oracle policies on security and privacy awareness.
2. 9 Asset Management
   Oracle adheres to established procedures for monitoring, handling, securing, and retiring its assets. The duties associated with this may involve evaluating and granting access requests for individuals who have legitimate business needs, as well as keeping a record of the assets.

You are accountable for the assets you manage that use or connect with Oracle Cloud Services. This includes making decisions regarding the suitable classification of information for your content and assessing whether the controls provided by Oracle Cloud Services are fitting for your content.

1. 10 Oracle Internal Information Security Policies
   The information security policies for Oracle Cloud outline and regulate the security aspects that relate to Oracle Cloud Services and your use of them. Oracle employees must comply with the Oracle Corporate Information Security Policies and any additional policies relevant to their employment or the services they offer to Oracle. The Information Security Program at Oracle consists of documented policies that take into account risk elements such as cybersecurity concerns, along with necessary procedures, standards, and guidelines needed for the proper implementation of policy. Oracle’s ISP aims to maintain the confidentiality, integrity, privacy, continuity, and reliability of your content hosted by Oracle within your Oracle Cloud Services through effective security management practices and protocols. The Oracle Security Oversight Committee reviews the ISP on an annual basis and updates it as necessary.
2. 11 Internal Security Reviews and Enforcement
   Oracle has internal mechanisms in place for regularly testing, assessing, and ensuring the efficiency of the technical and organizational security measures detailed in this section.
3. 12 External Reviews
   Oracle may carry out independent assessments of Oracle Cloud Services with the help of third parties in specific areas (the extent of these assessments may differ based on the service and country):

• SOC 1 reports (according to Statement on Standards for Attestation Engagements No. 18) and/or SOC 2 reports (based on Trust Services Criteria)
• Other independent security evaluations conducted by third parties to assess the efficiency of administrative and technical controls.

During the term of the services, you can access the current Service Organization Control (SOC) report(s) through methods made available to you (for example, self-service console or Service Request), as long as such reports are kept up-to-date for the relevant Cloud Services. These reports include a review.

of the safeguards implemented and may include SOC 1 and/or SOC 2 reports. You acknowledge that you will safeguard Oracle’s SOC Reports and all information within them as Oracle’s Confidential Information, following the conditions in the nondisclosure sections of your Agreement. You also recognize and agree that (1) you will use the SOC Reports solely to assess Oracle’s security measures; (2) the SOC Reports are given without any guarantees; and (3) Oracle maintains all rights to the SOC Reports.

1. 13 Oracle Software Security Assurance
   Oracle Software Security Assurance (OSSA) outlines Oracle’s approach to incorporating security into the design, development, testing, and upkeep of its products, regardless of whether they are operated on-premises by clients or provided via Oracle Cloud. More information about the OSSA program can be found at https://www. oracle. com/corporate/security-practices/assurance/.
2. 14 Security Logs
   Oracle monitors specific security-related actions on operating systems, applications, databases, and network devices. These systems are set up to record standard security activities, access to data or programs, and system occurrences such as alerts, console messaging, and system malfunctions. Oracle examines these logs for investigating security incidents and forensic analysis. Discovered unusual activities are incorporated into the security event management system. Security logs are kept in the Security Information and Event Management system (or a similar system) in their original, unmodified form and are preserved according to Oracle’s internal regulations. Security logs are maintained online for at least one year. Oracle uses and retains these logs as part of our internal security procedures.
3. 15 Other Customer Security Related Obligations
   You bear the responsibility for:

• Establishing your own detailed security system, operational policies, standards, and procedures
• Conducting integrity and security assessments, which include checking for vulnerabilities, viruses, malware, and other harmful indicators in (i) your data and files before transferring or uploading them into Oracle Cloud Services; (ii) your Content, as part of Oracle Cloud Services allowing you to set up your security stance; and (iii) your custom modifications and integrations
• Managing customer accounts in line with your policies and industry best practices
• Furthermore, for Oracle Cloud at Customer Services, the following responsibilities lie with you:
  o Ensuring sufficient physical and network security
  o Implementing security measures and network supervision to mitigate risks that could compromise the confidentiality, availability, or integrity of data

2 ORACLE CLOUD SERVICE CONTINUITY POLICY

2. 1 High Availability Strategy for Oracle Cloud Services
   Oracle utilizes a robust computing framework for its Oracle Cloud Services, aimed at ensuring that service availability and continuity are upheld during incidents. The data centers selected by Oracle for hosting these services feature component redundancy and power backups, along with emergency generators. Oracle may also implement redundancy across various levels, which can include network systems, application servers, database servers, and/or storage solutions.
3. 2 Backup Strategy for Oracle Cloud Services
   Oracle regularly creates backups of Your Content within your specific instance of Oracle Cloud Services solely for Oracle’s use, aiming to reduce the risk of data loss during incidents. These backups are typically stored at the main site offering the Oracle Cloud Services, with potential storage at a secondary location for retention. Usually, backups are kept online or offline for no less than 60 days from their creation date. Oracle generally does not modify, add, delete, or recover Your data on Your behalf. Nevertheless, in exceptional circumstances and with written consent, Oracle might provide assistance in restoring data You may have unintentionally lost due to Your actions. For Oracle Cloud Services that allow You to set backup preferences according to Your policy, You are accountable for backing up and restoring Your Content. Furthermore, it is recommended that You create a business continuity strategy to ensure the ongoing operation of Your activities during a disaster.
4. 3 Oracle’s Commitment to Business Continuity
   Oracle will consistently maintain a strategy related to its internal processes aimed at minimizing any interruption to the Services in the event of a disaster, disruption, or any force majeure situation (referred to as the “BC Plan”). The BC Plan lays out, records, and enacts protocols, procedures, and controls to guarantee that Oracle’s business functions facilitating Oracle Cloud Services are preserved if the BC Plan is activated. The goal of the BC Plan is to ensure resilience in Oracle’s internal operations, thereby securing the continuity of Oracle Cloud Services regardless of the cause of disruption.
5. ORACLE CLOUD SERVICE LEVEL AGREEMENT
6. 1 Operational Hours
   The Oracle Cloud Services are intended to be accessible 24 hours a day, 7 days a week, 365 days a year, except during scheduled maintenance, technological updates, or as otherwise outlined in the Oracle agreement, Your order, and this Oracle Cloud Service Level Agreement.

3. 2 Service Availability
   Starting with the initiation of Your Oracle Cloud Service, Oracle aims to achieve a Target Service Availability Level, or a Target Service Uptime of 99. 9%. This commitment follows the guidelines established in the Oracle Cloud Service Pillar documentation pertaining to the relevant Oracle Cloud Service, or any other Target Service Availability Level or Target Service Uptime that Oracle specifies for that service in the documentation.
4. 2. 1 Measurement of Availability
   At the conclusion of each calendar month during the applicable Services Period, Oracle evaluates the Service Availability Level or Service Uptime for the previous month. This is calculated by taking the total minutes in the month, subtracting any Unplanned Downtime (as described below), and then dividing that figure by the total minutes in the month. The result is then multiplied by 100 to express it as a percentage.

Total minutes in a 30-day month = 30 days * 24 hours per day * 60 minutes per hour
Unplanned minutes in that month = minutes of unplanned downtime as defined in the section “Definition of Unplanned Downtime. ”
Example: For June, which has 30 days, this gives 302460 = 43,200 minutes in that month.
If there are 90 minutes of unplanned downtime during June, the calculation would be:
((43,200 − 90)/43,200) * 100 = 99. 8% Service Level Availability

3. 2. 2 Reporting of Availability
   Oracle will supply you with information regarding the Service Availability Level for the Oracle Cloud Services you purchased, either through a self-service option or by submitting a Service Request to Oracle asking for these metrics.
4. 2. 3 Service Credits
   You may qualify for Service Credits if the Service Availability Level or Service Uptime for the Oracle Cloud Services you purchased falls short of the established Target Service Availability Level or Target Service Uptime that applies to those services. Service Credits are outlined in the Oracle Cloud Service Pillar documentation or Service Descriptions relevant to your purchased Oracle Cloud Services. Regardless of this section’s stipulations, if your order with Oracle or the Service Specifications for your order allows for a greater amount of Service Credits for a specific Oracle Cloud Service, you may claim those Service Credits under the provision with the highest amount available. However, you cannot claim Service Credits under more than one provision for the same situation.

3. 3 Explanation of Unplanned Downtime (Unavailability)

Oracle Cloud Services are hosted in robust computing environments with reliable infrastructure, backup network connections, and power supplies available at each hosting location.

“Unplanned Downtime” refers to any instance when an issue with the relevant Oracle Cloud Services hinders Your access to Your production instance of those Cloud Services. Unplanned Downtime excludes periods when the Oracle Cloud Services or any of their components are unavailable due to: (i) scheduled maintenance, (ii) factors beyond Oracle’s control and other unforeseen events, (iii) any actions or lack thereof on Your part, Your Users, or any third parties (except for Oracle agents and contractors engaged to assist with the Services), or (iv) any approved suspension from Oracle.

Furthermore, regarding Oracle Cloud at Customer Services, Unplanned Downtime also does not account for unavailability (i) of Your data center (for example, due to maintenance) or (ii) incidents that happen outside the defined on-site hours for Oracle Cloud Operations personnel in Your data center as stated in Your order.

3. 4 Oversight

Oracle employs various software tools to oversee the availability and performance of the Cloud Services, as well as the functionality of infrastructure and network elements (like CPU, memory, storage, databases, and other parts). Oracle generates alerts for any deviations from established limits, and its personnel investigate and resolve any detected underlying problems. Oracle does not monitor or address deviations arising from any components not managed by Oracle that You use in the Oracle Cloud Services, such as non-Oracle applications.

3. 4. 1 Customer Monitoring and Testing Resources

Oracle allows You to perform limited functional testing of Oracle Cloud Services in Your testing environment. Specific regulations regarding testing can be found in Oracle’s Corporate Security Practices at https://www. oracle. com/corporate/security-practices/.

Oracle routinely conducts penetration and vulnerability assessments along with security evaluations on the Oracle Cloud infrastructure, platforms, and applications to confirm and enhance the overall security of Oracle Cloud Services. The Oracle Cloud Services Program Documentation details when and how You can examine or assess any components You manage or create within Oracle Cloud Services, including non-Oracle applications, non-Oracle databases, and other relevant non-Oracle software, code, or data scraping tools.

Oracle retains the right to remove or restrict access to any tools or technologies that contravene the guidelines in this section or the relevant Oracle Cloud Services Program Documentation, with no liability towards You.

4 ORACLE CLOUD CHANGE MANAGEMENT POLICY

4. 1 Oracle Cloud Change Management and Maintenance
   Oracle implements modifications to the cloud hardware infrastructure, operating systems, product software, and application software provided as part of Oracle Cloud Services. This is done to ensure the ongoing stability, availability, security, performance, and relevance of the Oracle Cloud Services. Oracle adheres to established change management protocols to review, test, and authorize changes before they are applied to the service.
   Modifications made through these change management processes encompass system maintenance tasks, upgrades, updates, and changes specific to customers. The procedures for managing changes in Oracle Cloud Services aim to reduce service interruptions during the implementation of these changes.
   Oracle allocates specific time frames for maintenance where Oracle Cloud Services might not be accessible. The company strives to execute change management within these scheduled maintenance windows (with advance notice provided by Oracle), while also considering times of low usage and regional factors. Notifications will be given ahead of time regarding any alterations to the maintenance schedule. For changes and upgrades tailored to customers, Oracle will, when possible, align the maintenance intervals with your availability.
   In instances where changes are anticipated to disrupt services, the time allocated for scheduled maintenance is excluded from the calculation of Unplanned Downtime minutes during the monthly assessment for Service Availability Level (refer to the Oracle Cloud Service Level Agreement above). Oracle makes commercially reasonable attempts to limit the frequency of scheduled maintenance and to reduce the length of maintenance periods that lead to service interruptions. If you have Oracle Cloud Services that allow you to conduct maintenance activities, you are responsible for setting up and managing the operating systems along with other relevant software.
5. 1. 1 Security Maintenance
   In certain urgent cases, such as a security vulnerability, Oracle might need to carry out additional security maintenance outside of the planned maintenance times to resolve a critical issue concerning the Oracle Cloud Service or Oracle infrastructure. Oracle aims to minimize the necessity for additional security maintenance that causes service interruptions outside of the scheduled windows and, when feasible, will try to give 24 hours’ notice prior to such maintenance.
6. 1. 2 Data Center Migrations
   Oracle may migrate Your Oracle Cloud Services deployed in data centers retained by Oracle betweendata centers in the same Data Center Region as deemed necessary by Oracle. Oracle will provide aminimum of 30 days’ notice to You for data center migrations; provided that, such advance notice obligation does not apply to disaster recovery scenarios or to ensure Service continuity, as further described, where applicable, in the relevant Oracle Cloud Services Pillar documentation.

4. 1. 3 Software Updates
   Oracle provides Oracle Cloud Services using a continuous update approach and only supports the versions of software that Oracle identifies as acceptable for those services. You are responsible for maintaining your Cloud Services on these approved versions and for taking any necessary actions to ensure that your software remains current. You recognize that not completing the required updates by the end of support for the relevant version may lead to Oracle either automatically implementing the update or restricting your access to the impacted Oracle Cloud Services. Oracle’s responsibilities under these Delivery Policies, which include the Oracle Cloud Service Continuity Policy, the Oracle Cloud Service Level Agreement, and the Oracle Cloud Support Policy, are valid only when you are using supported versions. Oracle bears no responsibility for any performance, functionality, availability, or security problems related to Oracle Cloud Services that arise from using outdated versions.
5. 1. 4 End of Life
   Whenever feasible, Oracle will give at least 12 months’ notice before declaring that an Oracle Cloud Service is at the End of Life (EOL) and will be discontinued. Oracle Cloud Services marked as EOL will no longer be regularly accessible, will lack support, and will not receive any technical assistance or updates, including security patches, bug corrections, or compliance updates, and will not fall under SLA coverage. If an Oracle Cloud Service reaches EOL, Oracle may introduce a replacement Oracle Cloud Service and require you to move to that new service.
6. ORACLE CLOUD SUPPORT POLICY
   The support outlined in this Oracle Cloud Support Policy pertains solely to Oracle Cloud Services and is provided by Oracle as part of the services ordered by you. Oracle may offer additional support services for the Oracle Cloud Services at extra costs, which you may choose to purchase.
7. 1 Oracle Cloud Support Terms
8. 1. 1 Support Fees
   The payments you make for the Oracle Cloud Services you ordered include the support specified in this Oracle Cloud Support Policy. Additional charges will apply for any extra Oracle support services you choose to acquire.
9. 1. 2 Support Period
   Oracle Cloud support starts on the date that the Oracle Cloud Services begin and concludes when the Services expire or are terminated (the “support period”). Oracle is not required to extend the support provided in this Oracle Cloud Support Policy beyond the conclusion of the support period.
10. 1. 3 Technical Contacts
    Your designated technical contacts act as the exclusive representatives between you and Oracle regarding Oracle support for Oracle Cloud Services. These technical contacts must possess at least basic initial service training and,as necessary, additional training tailored for particular positions or implementation stages, specialized usage of services/products, and migration. Your technical representatives should be well-versed in the Oracle Cloud Services to effectively address system issues and support Oracle in examining and resolving service requests. When you file a service request, your technical representative ought to possess a fundamental grasp of the issue at hand and be able to replicate the problem to aid Oracle in identifying and prioritizing the issue. To prevent disruptions in Oracle support for Oracle Cloud Services, you are required to inform Oracle whenever the responsibilities of your technical representative are passed to someone else.

5. 1. 4 Oracle Cloud Support
   The support provided by Oracle for Oracle Cloud Services includes:

• Identifying problems or issues associated with Oracle Cloud Services
• Making reasonable commercial efforts to fix reported and confirmable errors within the Oracle Cloud Services to ensure they operate as outlined in the related Service Specifications
• Assistance during the Change Management processes as outlined in the Oracle Cloud Change Management Policy (refer to previous section)
• Help with technical service inquiries available 24 hours a day, seven days a week, throughout the year
• Round-the-clock access to a Cloud Customer Support Portal specified by Oracle for logging service inquiries
• Availability of forums for community discussion
• General customer service help during standard Oracle business hours (from 8:00 to 17:00) local time

5. 2 Oracle Cloud Customer Support Systems
6. 2. 1 Oracle Cloud Customer Support Portal
   Oracle offers support for the Oracle Cloud Service you have purchased under an order through a designated Cloud Customer Support Portal for that specific service. Although Oracle Cloud Support and the associated portals (including any services they might offer) may be included in your order, they are not classified as an Oracle Cloud Service offering and can be provided globally. Access to these portals is regulated by the Terms of Use available on the relevant portal websites, which may change over time. If the portals allow you to upload information, it is your responsibility to ensure that you and your users do not enter any government-issued identification numbers, sensitive health, financial, payment card, controlled unclassified information, or any other private data unless explicitly allowed by the support portal terms or your specific Cloud Services order. Access to the support portal is restricted to your specified technical contacts and other authorized users of the Oracle Cloud Services. When applicable, the support portal supplies support information to your designated technical contacts to facilitate usage of Oracle support for the Oracle Cloud Services. Notifications and updates regarding your service requests can be found in the support portal.

5. 2. 2 Live Support
   Your technical representatives can access live support through Oracle’s online customer service systems or by phone, whenever applicable.
6. 3 Severity Definitions
   Your specified technical contacts can submit service requests for Cloud Services through the support portal. The severity of each service request is determined by your input, following these severity levels:
7. 3. 1 Severity 1 (Critical Outage)
   Your use of Oracle Cloud Services for production purposes is completely halted or is so severely hindered that you cannot reasonably proceed with your work. You are facing a total service outage. The affected function is essential for business operations, making this situation urgent. A Severity 1 service request includes one or more of these criteria:

• Data has been compromised
• An essential documented feature is inaccessible
• The service is frozen indefinitely, leading to unacceptable or endless waits for resources or responses
• The service crashes and continues to do so after attempts to restart
• A security incident arises that could jeopardize the confidentiality, integrity, or availability of the service
  Oracle commits to making reasonable efforts to respond to Severity 1 service requests in fifteen (15) minutes or less. During the time Oracle is addressing a Severity 1 request, you agree to keep your technical contact available 24/7. Oracle will continue to work around the clock until the Severity 1 request is resolved, a practical workaround is established, an approved action plan is created, or your 24/7 contact is unavailable. You must provide Oracle with a technical contact throughout this 24/7 period to assist with gathering data, testing, and applying solutions. You need to classify this severity level very carefully to ensure that legitimate Severity 1 cases receive the necessary resources from Oracle.

5. 3. 2 Severity 2 (Significant Impairment)
   You face a considerable service disruption. Key features of Oracle Cloud Services are unavailable without an acceptable alternative, though some operations can still occur in a limited manner.
6. 3. 3 Severity 3 (Technical Issue)
   You encounter a minor service disruption. The impact is a nuisance that may require a workaround to regain functionality.

5. 3. 4 Severity 4 (General Guidance)
   You seek clarification, improvements, or information about the Oracle Cloud Services, but this does not affect the functionality of the service. There is no interruption in service.
6. 4 Change to Service Request Severity Level
7. 4. 1 Initial Severity Level
   When the service request is submitted, Oracle will assign an initial severity level according to the definitions outlined above and/or what you provide. Oracle’s primary objective when the service request is generated will be to address the root problems associated with it. The severity classification of a service request might be modified as explained below.
8. 4. 2 Downgrade of Service Request Levels
   As progress is made regarding the underlying issue, if it no longer justifies the originally assigned severity based on its effect on the relevant Oracle Cloud Service, then the severity level will be lowered to one that better captures the situation’s current effects.
9. 4. 3 Upgrade of Service Request Levels
   Should the issue require a higher severity classification than the one currently assigned during the processing of the service request, based on its effects on the operational status of the relevant Oracle Cloud Service, then the severity level will be raised to one that accurately reflects its current impact.
10. 4. 4 Adherence to Severity Level Definitions
    You must ensure that the allocation and modification of any severity level is correct, based on its present effects on the operational efficiency of the related Oracle Cloud Service.
11. 5 Service Request Escalation
    In cases where you escalate service requests, the Oracle support analyst will involve the Oracle service request escalation manager, who will oversee the escalation process. The escalation manager will collaborate with you to formulate an action plan and assign the necessary Oracle resources. If the issue related to the service request remains unresolved, you can reach out to the Oracle service request escalation manager to reevaluate the service request and ask for it to be moved to a higher level within Oracle as needed. To aid in the resolution of a service request that has been escalated, you are expected to provide contact persons within your organization who hold similar positions to those at Oracle to which the service request has been elevated.

6 ORACLE CLOUD SUSPENSION AND TERMINATION POLICY

6. 1 Ending Oracle Cloud Services
   For a duration of 60 days after the conclusion of the Service Period for Oracle Cloud Services or, if relevant, the 60 days following your cancellation of Cloud Services that you use in a Pay as You Go format, Oracle will provide, through secure means and in a structured, machine-readable format, your content stored in the Oracle Cloud Services, or maintain the system accessible for your data retrieval. After the Services Period concludes, your permission to utilize these services will cease, unless stated otherwise in the terms of the Oracle agreement, your Order, or the Service Specifications pertaining to your Oracle Cloud Services.
   In the case of free trials and pilot programs for the Oracle Cloud Services, Oracle will allow access to your content for 30 days after the conclusion of the trial or pilot. During this retrieval timeframe, Oracle’s Cloud Service Level Agreement does not apply, and the service system cannot be utilized for any production purposes. Oracle is not obliged to keep your content beyond this retrieval timeframe.
   Should you require Oracle’s assistance in accessing or getting copies of your content, you need to submit a service request through the support portal.
   Data retrieval and any related help from Oracle do not apply to Oracle Cloud Services that do not host your content. You are accountable for making sure that if those Oracle Cloud Services rely on other Oracle Cloud Services (like Storage Cloud Service or Database Cloud Services) for data storage, those additional services must be valid until the termination of the main Oracle Cloud Service to allow data retrieval, or you must take suitable measures to back up or separately store your content while the production Oracle Cloud Services remain active before the end of the Service Period.
   After the retrieval period has expired, Oracle will remove your content from the Oracle Cloud Services, unless otherwise mandated by applicable law.
   For Oracle Cloud at Customer Services, you need to ensure that any hardware components related to Oracle Cloud at Customer Services (including gateway equipment) provided by Oracle are available for retrieval in good working order and in the same state as when the Oracle Cloud at Customer Services commenced, subject to normal wear and tear from appropriate use.
7. AI TERMS
   The Oracle Artificial Intelligence Terms found online at http://oracle. com/contracts are applicable to the Artificial Intelligence Functionality (as defined in those terms) included in your ordered Cloud Services.
8. USE OF SERVICES
   You are responsible for ensuring that access to and use of the Oracle Cloud Services you acquire, as well as the benefits derived from such Cloud Services, is strictly for users in countries that comply with

Oracle’s Global Trade Compliance policy described at https://www.oracle.com/corporate/security-
practices/corporate/governance/global-trade-compliance.html.