
ERP Cloud: Updates on Enhancements for Security and Compliance
in ERP Cloud by Jeff HareIn working with our customers on Oracle ERP Cloud projects we have been working hard to enter Service Requests, get Enhancement Requests, and post ideas in the Ideas Lab. The goal is to identify key issues, get consensus with our customers, and drive enhancements before many of our customers enter the end of year external audit.
Here are three critical Ideas that need to get advanced to the top of all development in Oracle. This is our top three! Please vote for these three and provide meaningful comments as you submit the vote.
- Audit Policy over Core Audit Policies – Need full change tracking when Core Audit Policies are enabled / disabled / changed; Critical from an audit perspective
https://cloudcustomerconnect.oracle.com/posts/d0c940b933
- Audit Policy over Functional Audit Policies – Need full change tracking when Core Audit Policies are enabled / disabled / changed; Critical from an audit perspective
https://cloudcustomerconnect.oracle.com/posts/81c53ece43
- Ability to report on “Core” Audit Policies” through OTBI
https://cloudcustomerconnect.oracle.com/posts/7acbb7c60c
If you only have time to work on the above – then please take the time to vote on these three issues by clicking the links and voting.
The reason these 3 issues are so important is there is currently no way to provide reasonable assurance that your audit policies have been enabled and effective during the entire audit period. In the meantime, we have developed an OTBI report that can monitor changes to the ‘Functional’ Audit Policies through a snapshot approach. This may or may not pass as ‘reasonable assurance’ by your external auditors. The ‘Core’ Audit Policies cannot be queried via OTBI and Oracle has refused, via one SR, to query that data directly for us using a database login.
There are several others that we would consider critical to round out our top 10. If you have enough time, please vote for all:
SOA Suite – Disabling Approvals through Transaction Console
https://cloudcustomerconnect.oracle.com/posts/5f0d13f6a6
Ability to disable roles that should not be assigned ever to anyone. This would reduce risk.
https://cloudcustomerconnect.oracle.com/posts/fb3f6320bd
Ability to disable high risk privileges that you would never want a User to have in production. Like the ability to decrypt credit cards or purge certain data
https://cloudcustomerconnect.oracle.com/posts/f63a9f78db
New users are not required to change passwords on login.
https://cloudcustomerconnect.oracle.com/posts/e2a450557f
Full audit trail of changes to OTBI Reports
https://cloudcustomerconnect.oracle.com/posts/6769b86383
Full audit trail of changes vacation rules
https://cloudcustomerconnect.oracle.com/posts/bd9c6b3553
Please join the discussion on Linked In here: https://www.linkedin.com/feed/update/urn:li:activity:6676201372070871040
Contact us at info@erpra.net if you have questions or we can help in any way.