6 Top Tips for Staying Safe in Oracle HCM Cloud

6 Top Tips for Staying Safe in Oracle HCM Cloud

Author: Adam Maxwell, Service Delivery Manager, Namos Solutions

Caveat lector, this blog post is on security!  Yes, it is a dry subject, but security should resonate with all IT professionals with Gartner forecasting that worldwide risk and security management spending will exceed $150 billion in 2021.

Oracle HCM is no different and so I wanted to share 6 quick tips in Cloud which might help you out in your organisation and quell some of the noise you may get from any Risk, Compliance, GDPR or Audit teams, as well as senior stakeholders! 

Tip 1:  License numbers:  Oracle Subscription Usage, a free service!

Have you ever come round to Oracle renewal and your license numbers need to be looked at?  This can be a painful process so my advice would be to be on the front foot and engage Oracle early doors, through the Subscription & Usage Management (SUM) team. 

This involves assessing module usage via the seeded Usage Metrics and Subscription Diagnostics report.  This will identify any roles which need to be cleaned up to keep your usage to a minimum, to keep license costs down and wait for it, it is free!

Tip 2:  Data obfuscation and the seeded Remove Person Information Tool

More than 600 fines have been issued under the EU’s Data protection regulation since it came into force in 2018.  From personal experience, this has been a big ask from Oracle historically and in years gone by, complex HDL (HCM Data Loader) routines needed to be written to purge and anonymise data, but I am thankful the product has moved on.

The Remove Person Information Tool is now an out of the box to process which allows for data obfuscation in the application.   It does need some setting up in terms of policies however the need for unwieldy and custom routines has been removed somewhat and this has been made much, much easier.

Tip 3:   Production to Test User Account post process

A data masking subscription is a great Service Entitlement, but it can be an expensive license to carry.  As an alternative, a quick HDL routine can be developed quite easily that can be ran as part of any post clone steps, to lock down any Oracle accounts that should not have access for those environments where you need to limit access, i.e. a training or a ring fenced pod. 

This is repeatable, reusable and requires a quick validation to check. Namos have such routines if ever a customer needs them.

Tip 4:  Setting up out of the box auditing

This is actioned via a Setup and Maintenance Task titled Manage Audit Policies that is very easy to configure.  Within the User Interface, you can set the objects which you wish to be able to report on via simple toggling, e.g. Bank accounts, Salary or National Insurance number.

Once setup, you can use the seeded Audit Reports functionality to report on objects that have been Created, Updated or Deleted and export, it is that simple:

Tip 5:  Using Oracle Transactional Business Intelligence dashboards to help

For those customers that require a little more, OTBI (Oracle Transaction Business Intelligence) custom dashboards can be configured.  These are very flexible and can be built to report on what ever is needed, be that HCM, Payroll, ERP or Security Related Business Objects.  Strong use cases include Bank Account changes, User Role Amendments and Supplier changes, as an example.

Tip 6 (not a tip but a good feature from 21B!) –  Sensitive Data Access Audit  

This is a particular useful feature which came in 21B which allows you to audit the viewing of sensitive data in the HCM Responsive pages. You can use this information for compliance and monitoring of access to sensitive data from your browser and the privilege is already available with the predefined IT Auditor role.

Not all the Business Objects are there yet so certainly a space to watch.  I did log an Oracle Customer Connect post some time back, so please feel free to upvote if you think it would help you!

Tip 6: https://docs.oracle.com/en/cloud/saas/human-resources/21b/ochus/auditing-oracle-hcm-cloud-business-objects.html#OCHUS4474479



Tip 2:  https://www.bbc.co.uk/news/technology-57011639



Tip 6: https://cloudcustomerconnect.oracle.com/posts/ad276d8492

About Namos Solutions
Namos Solutions are an award-winning Oracle OPN Modernised Partner specialising in the implementation and support of ERP, EPM and HCM business solutions, both in the Cloud and on-premise.

With global experience together with an impeccable track record, our business is built on our passion for delivering successful business transformation.  Passion underpins everything we do at Namos – passionate about delivering beyond expectations, earning trust and building long-lasting relationships with our clients.

Although based in central London, we work wherever our clients need us to be.  Many leading organisations located all over the world trust and rely on our expertise to deliver industry-leading business solutions.  Namos customers can currently be found in the UK, Europe, Middle East, Asia Pacific, North America and Africa.  For more information, please visit www.namossolutions.com or email info@namossolutions.com.

Follow Namos Solutions at LinkedIn and Twitter.