Data privacy and isolation is part of the Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) architecture, design, development, and operations for all customer data. When Personally Identifiable Information (PII) data is involved, Oracle SDM Cloud processes ensure that the product is compliant with the various data privacy regulations, including General Data Protection Regulation (GDPR).

In Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) components, we make sure that logging includes no PII data. Oracle either removes or anonymizes such PII data fields after a certain usage period (30 days).

The data (call records, logs, and other artifacts with PII) from Oracle SDM Cloud on-premises components (Session Delivery NF and Management Cloud Engine (MCE)) are handled according to our customer's security policies. Any data process procedures are compliant with data privacy regulations applicable to the customer's jurisdiction.

Oracle SDM Cloud supports tenant isolation. Each tenant has their own environment and instances and no compute, memory, or storage is shared for any purposes, including in testing environments.

The Oracle SDM Cloud strictly follows Oracle Software Security Assurance (OSSA) guidelines for software development. Software security is always the top focus during software design, development, and deployment. Oracle Communications statically scans all source code and third-party software within our Continuous Integration-Continuous Delivery pipeline. Oracle Communications dynamically tests (for example, fuzzing and penetration) for all releases. For more information, see https://www.oracle.com/a/ocom/docs/oracle-cloud-infrastructure-security-architecture.pdf.