Oracle PaaS for SaaS

There are some common SaaS requirements that drive demand for PaaS: Satisfying different user needs, making changes quickly, connecting with other applications, and securing data access. This service covers these demands.


  • Extend SaaS applications
  • Tailor applications user experience
  • Integration your SaaS and other applications across the cloud
  • Analyse applications data
  • Securely share SaaS related documents


  • Quickly create new mobile apps
  • Rapidly build new functionality
  • Manage all connections in one place
  • Innovate faster with zero learning curve


£700 to £1200 per person per day

  • Free trial available

Service documents

G-Cloud 11



Vikram Setia

​0203 743 8016

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Various applications including Oracle ERP, HCM, Sales, CPQ, SCM, Service Cloud, Marketing Cloud
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints Oracle licenses for PaaS required
System requirements
  • Oracle or another PaaS service licenses
  • Applications with REST or other APIs

User support

User support
Email or online ticketing support Email or online ticketing
Support response times P1 : Critical 2 hours
P2 : High 2 business days
P3 : Medium 5 business days
P4 : Low 10 business days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard WCAG 2.1 AAA
Web chat accessibility testing NA
Onsite support Yes, at extra cost
Support levels Application support: Monday – Friday 09:00 – 18:00 UK time (excluding UK bank holidays) Infrastructure support: 24/7 for service affecting incidents (P1), Monday – Friday 09:00 – 18:00 UK time for all other cases. We do provide a technical account manager, a cloud support team, an account manager and escalation contacts.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We will gather the customer requirements and customise the products to suit customer's needs. Training on specific implementations and product usage can also be provided.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The data does not belong to us but to the customer all along. We can also migrate workloads from Oracle Cloud to other cloud providers if the customer strategy changes.
End-of-contract process Handover and training can be arrange at an additional cost.

The customer will own the documentation which is produced as part of the contract agreement.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None but dependent on User interface design and responsive design principles
Service interface No
What users can and can't do using the API Service dependent
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Customisations to out-of-the box Oracle PaaS and SaaS products are also provided as per Oracle's best practices.


Independence of resources By continuous monitoring usage metrics and capacity planning which is reported to customers on a monthly basis.


Service usage metrics Yes
Metrics types Service availability, Service usage, running costs.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Oracle

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Depends on the Oracle PaaS and SaaS offering. Different tools will have different export features. A few examples are: database exports, configuration exports, content exports, etc.
Data export formats
  • CSV
  • Other
Other data export formats
  • RMAN
  • CMU Bundles
  • WAR
  • HTML
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The application availability target is 98.5%. Infomentum can only meet this target provided that Oracle Cloud platform meets their target availability of 99.5%.
Approach to resilience To be provided by Oracle Cloud. Infomentum advises high availability and resilient architecture design.
Outage reporting - E-mail alerts
- Monitoring dashboards available to customers

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels ISO27001 standards are applied across all of our management interfaces.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 14 February 2017
What the ISO/IEC 27001 doesn’t cover All is covered. The scope is: Consultancy, design, implementation and management of bespoke software and middleware solutions for content, information management, user experience and cloud-based hosting environments.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All those defined in our ISMS including Access Control, Acceptable Usage, Secure Disposal, Cryptographic Controls, Remote Working, Data Protection, etc. The reporting is done through monthly audits and quarterly management reviews.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach ITILv3 based configuration and change management process are followed to ensure that changes are assessed, documented and approved. Configuration items in our CMDB are updated accordingly.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Every change is tested and solution components are regularly tested for security vulnerabilities.

We aim to apply security patches as soon as they are made available following release management process.

We subscribe to security forums and bulletins to keep up to date.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We base our processes on the ITILv3 Event Management and Incident Management processes.

Our response and resolution times are defined in our customer SLAs and as per customer agreement.
Incident management type Undisclosed
Incident management approach Provided on request

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £700 to £1200 per person per day
Discount for educational organisations No
Free trial available Yes
Description of free trial 30 day free trial of out of the box services and 1 service integration as prototype

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑