Oracle PaaS for SaaS

There are some common SaaS requirements that drive demand for PaaS: Satisfying different user needs, making changes quickly, connecting with other applications, and securing data access. This service covers these demands.


  • Extend SaaS applications
  • Tailor applications user experience
  • Integration your SaaS and other applications across the cloud
  • Analyse applications data
  • Securely share SaaS related documents


  • Quickly create new mobile apps
  • Rapidly build new functionality
  • Manage all connections in one place
  • Innovate faster with zero learning curve


£700 to £1200 per person per day

  • Free trial available

Service documents


G-Cloud 11

Service ID

6 7 0 9 9 8 4 1 4 6 6 8 7 7 2



Vikram Setia

​0203 743 8016

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Various applications including Oracle ERP, HCM, Sales, CPQ, SCM, Service Cloud, Marketing Cloud
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Oracle licenses for PaaS required
System requirements
  • Oracle or another PaaS service licenses
  • Applications with REST or other APIs

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 : Critical 2 hours
P2 : High 2 business days
P3 : Medium 5 business days
P4 : Low 10 business days
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Application support: Monday – Friday 09:00 – 18:00 UK time (excluding UK bank holidays) Infrastructure support: 24/7 for service affecting incidents (P1), Monday – Friday 09:00 – 18:00 UK time for all other cases. We do provide a technical account manager, a cloud support team, an account manager and escalation contacts.
Support available to third parties

Onboarding and offboarding

Getting started
We will gather the customer requirements and customise the products to suit customer's needs. Training on specific implementations and product usage can also be provided.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The data does not belong to us but to the customer all along. We can also migrate workloads from Oracle Cloud to other cloud providers if the customer strategy changes.
End-of-contract process
Handover and training can be arrange at an additional cost.

The customer will own the documentation which is produced as part of the contract agreement.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
None but dependent on User interface design and responsive design principles
Service interface
What users can and can't do using the API
Service dependent
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Customisations to out-of-the box Oracle PaaS and SaaS products are also provided as per Oracle's best practices.


Independence of resources
By continuous monitoring usage metrics and capacity planning which is reported to customers on a monthly basis.


Service usage metrics
Metrics types
Service availability, Service usage, running costs.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Depends on the Oracle PaaS and SaaS offering. Different tools will have different export features. A few examples are: database exports, configuration exports, content exports, etc.
Data export formats
  • CSV
  • Other
Other data export formats
  • RMAN
  • CMU Bundles
  • WAR
  • HTML
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The application availability target is 98.5%. Infomentum can only meet this target provided that Oracle Cloud platform meets their target availability of 99.5%.
Approach to resilience
To be provided by Oracle Cloud. Infomentum advises high availability and resilient architecture design.
Outage reporting
- E-mail alerts
- Monitoring dashboards available to customers

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
ISO27001 standards are applied across all of our management interfaces.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
14 February 2017
What the ISO/IEC 27001 doesn’t cover
All is covered. The scope is: Consultancy, design, implementation and management of bespoke software and middleware solutions for content, information management, user experience and cloud-based hosting environments.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
All those defined in our ISMS including Access Control, Acceptable Usage, Secure Disposal, Cryptographic Controls, Remote Working, Data Protection, etc. The reporting is done through monthly audits and quarterly management reviews.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
ITILv3 based configuration and change management process are followed to ensure that changes are assessed, documented and approved. Configuration items in our CMDB are updated accordingly.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Every change is tested and solution components are regularly tested for security vulnerabilities.

We aim to apply security patches as soon as they are made available following release management process.

We subscribe to security forums and bulletins to keep up to date.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We base our processes on the ITILv3 Event Management and Incident Management processes.

Our response and resolution times are defined in our customer SLAs and as per customer agreement.
Incident management type
Incident management approach
Provided on request

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£700 to £1200 per person per day
Discount for educational organisations
Free trial available
Description of free trial
30 day free trial of out of the box services and 1 service integration as prototype

Service documents

Return to top ↑