Moving your Oracle Database, Middleware, Business Intelligence, EBS, or any other program into the Oracle Cloud environment needs contracts to be negotiated, agreed and signed. The contract structure here is not as straight forward as the on-premise structure which is the Oracle Master Agreement (OMA) or OLSA (Oracle License and Service Agreement) and underlying Order Docs (OD) with the specifics.

With their Oracle background ITAA can guide you through the multi-dimensional structure that Oracle created around their cloud contracts.

The Oracle Cloud Contract Structure has 4 main categories, with all their specific points of attention, but it will be clear soon:

1. Data Processing Agreement
2. Service Specifications
3. Ordering Document
4. Cloud Services Agreement or Oracle Master Agreement (OMA) with Schedule C

Please keep in mind that this is also the order of precedence. In other words: each higher document controls the lower document. Let’s start at the top:

Data Processing Agreement

can be considered a part of category 2: the Service Specifications (multi-dimensional) but for sake of clarity it is here explained separately.

The Data Processing Agreement (or DPA in short): is a good nomenclature for what it contains:

• Describes responsibilities and roles for processing personal information for both parties (you and Oracle)
• Privacy and protection term globally
• Conforms with the European Union (EU) data protection regulations. These are perceived as the world standards, as they seem stricter than USA ones.

This document will be updated at irregular bases, which will not be announced, nor will you be notified that there is a newer version. The version active, at the moment you signed and during the time of the order is the one applicable and will not chance. If you sign orders at different times (like years apart), you will have different DPA’s to adhere to. The version you agreed to, ought to be found on oracle.com/contracts, but our experience is that it is a real pain in the neck to find it. With some experience it is do-able, allow us to assist you on this one.

Although it is a, relatively, static document, they have some links in it to services;

• For Cloud Services: Oracle’s Hosting & Delivery Policies;
• For NetSuite (NSGBU) Services: NetSuite’s Terms of Service;
• For Global Customer Support Services;
• For Consulting and Advanced Customer Support (ACS) Services.

Fun fact: the DPAs we’ve found allows You to audit Oracle!

You may audit Oracle’s compliance with its obligations under this Data Processing Agreement up to once per year.

OK, it has some caveats, like a third party conducting this would need mutual agreement but it we love to assist you on this (we can also advise in the background).

As the DPA is generic, and covers multiple countries, jurisdictions, and customers. You really need to have a big big order for Oracle to ask them to negotiate about this and tailor it to your wishes.

Now let us dive into the Service Specifications

Service Specifications

These are part of the framework and have to give right of way to the Data Processing Agreement (DPA). Details about the structure and the relations to the different cloud documents that Oracle provides can be found here.

Service Specifications contents

The core elements of the services ordered, like the type of service (e.g. IaaS, PaaS), user metrics (e.g. Hosted Named User, Each), program/parts (ERP, Finance) and quantities (storage, bandwidth) in the following sections:

• Hosting and Delivery Policies
• Program Documentation
• Service Descriptions
• Privacy Policies
• Any other referenced document into the cloud order

Hosting and Delivery policies

This addresses the following topics:

1. Security
2. System Resiliency/Continuity
3. Service Level Agreement
4. Cloud Change Management Policy
5. Cloud Support Policy
6. Cloud Suspension and Termination Policy

Security

This entails the physical security of the different datacenters and other locations and that that this is monitored 24/7 by CCTV and such. It is not for cloud at customer, because that is something Oracle cannot and will not control, if you want Oracle to control the environment, you must have your data in their datacenter.

Also the non-physical security is described; what the system and data access controls are. For sure not in detail as they don’t want to make everyone wiser. On which level the encryption can be done (at least 128-bit encryption). How the data and network are segregated (like they want you to do in your VMware environment).

Oracle may conduct independent reviews with regards to SOC 1 and SOC 2 but also ask you to have your security in order with a list of measurements tied to your business, security controls, policies, firewalls and any management tools. Oracle will ask you how you have got your security in order and will put some obligations on this for you, we can advise you how to respond to these demands.

System Resiliency/Continuity

One of the big benefits off cloud is that it is scalable and very easy to add an extra computer. Oracle may incorporate redundancy in one or more layers, including network infrastructure, program servers, database servers, and/or storage to keep you up and running. Back-ups are kept for at least 60 days but you are responsible for performing backups and restores of your data, non-Oracle software, and any Oracle software that is not provided by Oracle as part of these services. Additionally, you are encouraged to develop a business continuity plan to ensure continuity of your own operations in the event of a disaster. Please make sure what your obligations and rights are before nasty surprise turn into bitter fights.

Service Level Agreement (SLA)

What is the Oracle SLA on Cloud?

Cloud ought to work 365, 24/7 but updates, maintenance and otherwise may appear, they should be mentioned in your contract. 99,7% uptime is the aim, is that enough for your customers as well? Also the 99,7% is contingent of you meeting the minimum technical standards required by Oracle. If the target is not met, then there are measurements and penalties described in the Cloud Service Pillar document (another one!). The SLA also describes the unplanned downtime and all the exclusions/excuses that makes it possible to be up 99,7% of the time. Of course, non-Oracle equipment and such are out of the equation.

You are allowed, within boundaries, to test the Oracle Cloud Services, details may be found in the Program Documentation. Oracle regularly performs security tests and if your systems, configurations and/or programs don’t fall in line, they will be removed without any liability to you.

Cloud Change Management Policy

Following standard change management policies, it starts with nothing special. If you want to do changes yourself, you will be responsible for that. Oracle is allowed to move your data to another datacentre if they seem this necessary and appropriate, but do you want your data to move outside your region? Is Oracle allowed to move your data outside your region? Under certain circumstance this may be necessary but is it allowed within your line of business? All questions you might want to consider.

With regards to Life Cycle Management: Oracle only offers GA (general available) versions of their programs and expect you to keep up. There were some license-technical changes in the recent past when you upgraded from Database Standard Edition 1 to SE2 with an uplift on support of 20%. If possible, cover yourself for such surprises in the future.

Oracle Cloud Support Terms

It ends when it ends, Oracle states it has no obligation after the contractual support period. During the support term Oracle Cloud people only want to interact with your Cloud knowledgeable people. The idea of bringing your environment to the cloud is that you do not want to have anything to do with it anymore. When your staff gets replaced Oracle requires you to inform them about this. Also the terms state that Oracle will provide: “ Reasonable commercial efforts to resolve reported and verifiable errors in the Oracle Cloud Services so that those Oracle Cloud Services perform in all material respects as described in the associated Program Documentation”. If it is not commercial reasonable… best of luck to you. We can assist you to make Oracle understand that your SR is commercial reasonable for them.

Any SR or question should be raised through the dedicated Cloud Customer Support Portal, answers will be provided there as well. But it is still possible to call as well. The different levels of severity, and how to change them, are explained in this chapter of the hosting and delivery policies. Oracle dictates the severity here and wants you to adhere to it.

Cloud suspension and termination policy

If you try it, Oracle will safe your data for 30 days after trial period and if you had a subscription, they’ll make the data 60 days available after termination to download. After these terms Oracle has no obligation to support your wishes. Production pilots are not available for all the cloud services.

Program Documentation & Service Descriptions

As the name states, it describes the technical and functional specifications of the cloud programs / cloud services ordered. As these specifications address the technology and operational processes rather than the legal terms they supersede the master agreement and the ordering document.

As these cloud programs, or services evolve, the documentation does accordingly. Oracle promises (off the record, not officially of course) that they will never take away functionalities or make you loose programs, reports and personal settings.

The cloud metrics (like Hosted Named User, Hosted Employee, Each,…) are in the Program Documentation & Service Description as well. They will not be in the Order Doc (exceptiosn occur). “But if Oracle has the metrics on a webpage, they can change them, without informing us, right?” Correct, smart thinking, remember this when you sign an ordering document and don’t forget to download a copy of these document, for archive purposes. They can be found at www.oracle.com/contracts but this can be a maze. We’re happy to assist in finding the right documents and explain them to your people.

Privacy Policies

It is an extensive policy and can be found here. It states who can use your personal details and such. You can ask to tailor it to your business and/or country/jurisdiction. Most of the times that is not a big thing for Oracle to do.

Any other referenced document into the cloud order

It is possible that you, or Oracle, have a lot of extra’s that should be covered but not in a Master Agreement nor an OD. Upon mutual agreement it is possible to add this, but very rare to do so.

The transactional document sales want you to sign and where the most flexibility is possible. An Ordering Document contains the following parts:

1. Description of the programs/services
2. Quantities
3. Pricing
4. Any specific transaction terms

The first 3 topics are in this screenshot:

First the description (and product-code) with the metric, then the region where the data should be (customer can pick and choose), the credit period, quantity and term.

Interesting to see is the Data Center Region per line. Because it can also be something like this:

Different lay-out, same information. So even though there is one Oracle, there are different templates.

The specific transaction terms describe the following:

1. To which Cloud Service Agreement or Oracle Master Agreement (Schedule C) this Ordering Document is tied to. (most of the times you only have 1 so it will be hard to negotiate on this topic)
2. The payment terms; default 30 days (negotiable)
3. Payment Frequency: Monthly in advance (prepare on what suits your organization best)
   • Annual in Advance: The total yearly amount is billed upfront at the beginning of the billing term
   • Quarterly in Advance: A quarter of the total yearly amount is billed in four installments at the start of each quarter
   • Quarterly in Arrears: A quarter of the total yearly amount is billed in four installments at the end of each quarter (Available for public sector customers only)
   • Monthly in Arrears: Pay As You Go and overage charges are billed at the end of the month based on your actual usage
4. Currency: Default: local currency or US Dollar
5. When the offer will expire. When the sales is offering you this Ordering Document, and there are some exceptions in it, it might be much harder to get the same conditions after this “Offer Valid through” date. Especially if this date is set at the end of an Oracle quarter. The approvers, within Oracle, are easier to convince of the benefits for Oracle facing the end of a fiscal quarter. In a new quarter, all approvals must be retrieved again and the approvers will be less forgiving.
6. Service Specifications: see page about Service Specifications and it links to oracle.com/contracts.
7. Services Period: We saw several versions of this. The most seen are these 2, who look similar are worded differently, which can be negotiable.

The “Cloud Service Start Date” is not the signing date of the Ordering Document. Cloud Service Start Date is the date that User Login credentials are shared with you, does not mean that you started that day, week, month or ever, the clock is ticking anyway. You can ask for a Delayed Services Period. This way you can prepare your organization to reap the maximum benefits of this contract. Negotiable.

8. Customer Reference: Oracle wants you to be part of their marketing and commercial outings. You can ask to take this clause out, if you don’t feel like this, upfront.

Additional Order Terms
The part we always scroll to, here are the specific restrictions, contract order of precedence and other non-standard agreed items.

9. Order of Precedence. The order of precedence (which contract is higher and overrules the other) can be shuffled a little but at the end it states that if there any inconsistencies that the Ordering Document will prevail. So, it will not change the order but inconsistencies are addressed. Important to have this clause in your Ordering Document if you have anything that is changed, otherwise the changes, you fought and paid for, will be superfluous.

Please note that anything you agree in the Ordering Document is only applicable to the programs/services mentioned in the first 3 bullets of the ordering document. Getting this specific approved on a different level will be much harder for sales, read: will be much more expensive.

Cloud Services Agreement or
Oracle Master Agreement (OMA) with Schedule C

There are several ways in how to have a master agreement with Oracle. For on-premise Oracle customers the OMA (the OLSA is the predecessor (Oracle License and Service Agreement) is familiar. There are some deviations to the OMA: for one time orderings you can agree to the TOMA, in where the T stands for transactional. Nowadays the OMA is called the CSA, Cloud Services Agreement.

After a very short introduction the text at paragraph 1.2.is: “During the Services Period we may update the Services and Service Specifications..” ending in “.. the Services and Service Specifications will not materially reduce the level of performance, functionality, security or availability of the Services during the Services Period of Your order.” So, we agree on a contract of services, Oracle can alter that services and the specifications and promises that it will not impact the important parts like performance, functionality, security or availability. From a legal point of view the “or” at that spot can be deceiving. It can be interpreted that 1 of those 4 will not be impacted. Why did Oracle not write down “and” instead of “or”? And if you are happy with the current services, and for example: like the simplicity of the services you are using, and Oracle “updates” it, how do you know it will be an enhancement to you?

2.2. If You exceed the quantity of Services ordered, then You promptly must purchase and pay fees for the excess quantity.

But Oracle can “update” these Services without notification. How will you manage these Services? Please ask for a detailed dashboard and compare it with your metrics. In other words, if Oracle shows you a dashboard based on Processor licenses but you are looking at the Hosted Named User quantities, how does that relate to each other? Will you get a good understanding of the dashboard, and what you see, does it make any sense? Things to keep in mind before stepping in an agreement.

2.3. You understand that You may receive multiple invoices for the Services. Invoices will be submitted to You pursuant to Oracle’s Invoicing Standards Policy

Predictability is one of the cornerstones of good financial management. What are these multiple invoices, how often can we expect them and how do we manage anomalies? Or are there special invoices. The Oracle invoicing Standards Policy has a lot of explanation of terms and what should be in an invoice and that invoices will be generated upon delivery of product and/or services. But with cloud, is that after every click, transaction, log-in, new day?

3. Ownership Rights and Restrictions

In this part Oracle explains that what they are offering is theirs and you may not sell it. Unless agreed differently (in other words: there are possibilities to resell it)

4.NON-Disclosure

This includes the agreement’s terms, pricing, your content within the services, and any other information marked as confidential when disclosed. So the pricing is also something you are not allowed to discuss. Both parties must protect each other’s Confidential Information from unauthorized disclosure for five years, except for content in the services, which is protected as long as it resides there.

5 Protection of your content

6 WARRANTIES, DISCLAIMERS AND EXCLUSIVE REMEDIES

• No Guarantee of Perfection: Oracle does not guarantee that services will be error-free, uninterrupted, or that they will meet all your requirements. They also disclaim responsibility for issues arising from your content or third-party content/services.
• Remedy for Breach: If Oracle breaches the service warranty, your only remedy is the correction of the deficient services. If the issue can’t be corrected, you may terminate the services and receive a refund for any prepaid fees.
• Exclusive Warranties: Oracle provides no other express or implied warranties, including those related to software, hardware, or suitability for a particular purpose.

7 Limitation of Liability

No one will be responsible for any indirect costs/loss. And if Oracle is liable for anything then it will not be for more than 12 months of your payments. In other words: If Oracle F’s up, you will get your money back for a maximum of 12 months of your payments. Oh, and be sure you have to fight for it. Guess who can help you prepare that?

8 Indemnification

Imagine you have a toy, that you let a friend borrow. If another kid says that toy belongs to them, the friend who borrowed it (the “Recipient”) tells you (the “Provider”), and you must help your friend by either proving the toy is yours or fixing the problem. For the third kid it does not matter who is the owner of the toy and therefore you must cooperate with Oracle to defend it. Or Oracle helps you to defend it.

To help your friend:

1. They (you or Oracle) must tell you quickly if someone says the toy isn’t yours.
2. You agree to decide how to handle the situation.
3. They need to give you any info you need to fix it.

If it turns out the toy might really belong to someone else, you can either:

– Change the toy so it’s different.

– Get permission to keep using the toy.

– Or, if you can’t do either, take the toy back and give your friend a new one or some of their money back.

But, if your friend changed the toy or didn’t use it the way you agreed, then you don’t have to help them. This rule is the only way to solve problems about who owns the toy and the only way to be sure Oracle pays (part of) the defence bill.

9 Term and Termination

Oracle offers the services for the Services Period mentioned in the order. There are some rules under which Oracle may stop providing services. If Oracle does, you still have to pay all bills and you will be able to download your own data for a certain period, after that the data will be deleted by Oracle.

10 Third Party Content, Services and Websites

This clause explains that if you use Oracle’s services to interact with third-party websites, content, or services (like linking to them or transferring your content there), Oracle isn’t responsible for what happens with that third-party stuff. You’re in charge of making sure you follow the rules of those third-party services, and if Oracle helps you access them, you must ensure it’s allowed. If something goes wrong or changes with the third-party services, Oracle isn’t liable, and you’re not entitled to any refunds or compensation.

11 Service Monitoring, Analyses and Oracle-Provided Software

This clause explains that Oracle monitors its services to ensure they function correctly, securely, and comply with policies. While monitoring, Oracle doesn’t collect or store your specific content unless necessary. Oracle doesn’t monitor any non-Oracle software you or your users might use with their services. The data collected through Oracle’s monitoring tools can be used to improve their services and products, but they retain all intellectual property rights over any analyses or insights derived from this data. Additionally, Oracle may provide you with software to use with their services, but your rights to use this software are limited to the terms specified in your agreement.

So it may happen that Oracle adds extra’s to your installation but if it is not in your order, you are not allow to use it?

12 Hardware Devices

The terms in this Section 12 (Hardware Devices) only apply to an order which includes a Hardware Device.

13 Export

This article explains that both you and Oracle must comply with U.S. export control and economic sanctions laws, as well as any other relevant local export laws, when using Oracle products and services. These laws regulate how Oracle’s products, services, and any related technical data or deliverables can be used, particularly regarding their export or use for prohibited purposes like weapons proliferation. Additionally, you are responsible for managing user accounts and the transfer of your content across geographic locations, ensuring that these activities comply with all applicable export laws.

14 Force Majeure

Imagine you have a special toy that you’re allowed to play with, but there are certain rules about where you can take it and how you can use it. This clause is like saying that both you and Oracle must follow those rules. You can’t take the toy to places where it’s not allowed, like dangerous areas, and you have to be careful about where you share it. Also, if you let your friends play with the toy, it’s your job to make sure they’re following the rules too.

15 Governing Law and Jurisdiction

Any disputes should be resolved under US/Californian law. You can ask Oracle to change this to your local jurisdiction, and if they agree: get it in writing.

16 Notice

Do it in writing and Oracle can display some messages on their website.

17 Assignment

You are not allowed to transfer this contract and/or rights to someone else.

18 Other

These clauses outline important legal relationships and responsibilities in your agreement with Oracle:

1. Independent Relationship: Oracle is acting as an independent contractor, meaning there is no partnership, joint venture, or agency relationship between you and Oracle.
2. Third-Party Independence: Oracle is not responsible for the actions of third parties, even if they are recommended by Oracle. These third parties, including business partners or consultants, are independent and not Oracle’s agents. Oracle only takes responsibility for subcontractors directly engaged by them.
3. Severability: If any part of this agreement is found to be invalid or unenforceable, the rest of the agreement remains effective. The invalid term will be replaced with a valid one that aligns with the agreement’s intent.
4. Time Limits for Legal Actions: Any legal actions related to this agreement must be brought within two years of the incident, except for cases involving non-payment or breaches of Oracle’s proprietary rights.
5. Your Responsibility: You are responsible for ensuring that Oracle’s services meet your technical, business, or regulatory needs before entering into an agreement. Oracle will assist you in determining this, but any additional services or modifications may incur extra costs. You remain responsible for complying with regulatory requirements.

19 Entire Agreement

This clause explains that the agreement you’re entering into with Oracle, along with any referenced documents (like policies linked in the agreement), forms the complete and final agreement between you and Oracle. It overrides any previous agreements or discussions you’ve had about the products and services. It also states that the terms in this agreement and any Oracle order will take precedence over any terms in your purchase orders or similar documents from non-Oracle sources. Any changes to this agreement must be made in writing and signed by both parties, except that Oracle can update certain specifications by posting them online.

20 Agreement definitions

Translating and/or simplifying these will be risky as sometimes a comma or a capital vs lowercaps will make a huge difference. If you have a dispute on 1 of the definitions, please contact ITAA, as you will probably be not the first one having this and we won a lot of battles with Oracle with regards to definition explanation.