Quarterly Oracle SaaS Cloud Security and Controls support

With Oracle providing quarterly Release updates to each of its Software-as-a-Service Clouds (ERP Cloud, HCM Cloud and PPM Cloud), there is a guarantee that changes will arrive every three months. These can be:


  • new features and functionality, or
  • additional or amended ways to perform existing activities


Whilst these changes often offer usability and productivity benefits, each change could have a major impact on the organisation’s Control Environment, either for Internal Controls or Cyber Security risks. Each change should therefore be risk assessed and where required, controls should be implemented or enhanced to mitigate these new or amended business process and security risks.


To help organisations better understand and control this risk, Systems Risk Services provides two services:

Quarterly Oracle SaaS Cloud Security and Controls – Release impact summary


Written by our CEO Matt Luscombe, the Systems Risk Services quarterly Release impact summary identifies the likely impact on risks, security and controls based on the planned changes.


Matt has been a trusted advisor for more than 200 organisations running Oracle ERPs over the past 20 years and has presented at a number of conferences on Oracle ERP Cloud security and controls.


Please contact us if you feel like this would be of value for your organisation or if you’d be keen to receive a sample impact summary.

Quarterly Oracle SaaS Cloud Security and Controls – Consulting support


Systems Risk Services has worked with both private and public sector organisations to provide further support for organisations to ensure that the quarterly Release process does not impact on security and controls.


This has included:


  • identifying changes between Releases that impact on security and controls once Oracle’s final version is available for an organisation’s test environment. This has helped to identify gaps where new functionality or changes have been included but not documented in Oracle’s Release Notes
  • defining processes and the operating model to assess and appraise financial control risk, including the update of Risk and Controls Matrices and Segregation of Duties documentation where required
  • defining processes and the operating model to assess and appraise Cloud Security risk
  • ensure that regression testing packs include testing of key business process  and access controls to confirm that these are operating effectively and can continue to be relied upon

Additionally, for our Remote ERP Security and Controls Health Check customers using ERP Cloud, HCM Cloud or PPM Cloud on a monthly or quarterly assessment plan, they will receive a tailored set of recommendations based on their organisation’s setup and any new Roles, Entitlements or Privileges granted to users will be considered as part of the organisation’s next review.


Please contact us if you would like to discuss working with us to ensure that quarterly Releases do not impact on your Control Environment.