What are the settings I need to pay special attention to when deploying the Oracle B2C Service application into a PCI or HIPAA compliant environment?
Environment:
Oracle B2C Service with either PCI Cloud Service and/or HIPAA Cloud Service
Resolution:
Paramount to implementing Oracle B2C Service for PCI or HIPAA compliance is the knowledge of features and system boundaries for protecting regulated data. When entrusting sensitive data to a cloud environment, customers must understand the environment when moving data in and out as well as the governing controls.
If you are you setting up your Oracle B2C Service instance for use in a PCI or HIPAA regulated environment, we have a guide that describes the various settings and controls applicable to these regulated environments so you can understand what deployment considerations need to be addressed.
If you have implemented Oracle B2C Service for PCI or HIPAA, best practices suggest you should periodically check to make sure you are up to date. Our deployment guide highlights the settings and controls you should understand and determine applicability for your needs. Additionally, if you want product changes discussed in PCI context or how to utilize a new customization capability, contact your Technical Account Manager.
The deployment details can be found in the Securing B2C Service documentation.
For additional information, please see the following answers: