Oracle has accidentally published "confidential" details of its cloud hosting delivery policies that give the vendor some generous exceptions to service level agreements.
The firm appears to have removed access to the Oracle Cloud-SaaS Hosting and Delivery Policies document (pdf) at the time of writing, but iTnews was able to locate a copy through a Google search.
According to the document - which came into effect on December 1, 2012, Oracle's Cloud Services "are designed to be available 24 hours a day, seven days a week, 365 days a year" but the document lists several exceptions to this pledge.
Among these were the "unavailability of management, auxiliary or administration services, including administration tools reporting services, utilities, or other services supporting core transaction processing", and issues arising from "significant threats" such as a "hacker or a virus attack".
Oracle also reserves the right to two major maintenance changes a year, each of which can cause the Cloud Services to be unavailable for 24 hours, according to the document.
Crucially, customers are banned from using their own monitoring and testing tools to "directly or indirectly measure availability, performance or security of any application or feature of or service component within the services or environment", the document states.
Customers can monitor the Oracle Database and Java Cloud Services, but any other monitoring has to be expressly permitted by Oracle or the vendor allows itself the ability to remove or disable access to such tools.
US analysts say that while the terms of the document are mostly are mostly in line with industry standards. the availability exceptions raise concerns, ditto the ban on customer monitoring tools.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
