Oracle Applications Cloud Service Definition

Data Masking Standalone

ORACLE WHITE PAPER

DECEMBER 2015

Disclaimer
The following is intended to outline our general product direction. It is intended for information
purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality described for Oracles products
remains at the sole discretion of Oracle.

Oracle Applications Cloud Service Definition: Data Masking Standalone

Data Masking Standalone

The data masking service requests that data in a non-production environment be masked, or obscured,
to protect personally identifiable information (PII) from being visible to users who access that
environment. Before you request this service, be sure to review this entire document to understand
limitations when using masked data.
You choose from three data masking options, the first of which is covered in this document. Refer to
the Related Services section for details on the second and third options.

Standalone

Combined with a standard Fusion environment refresh service

Combined with a Fusion environment refresh that is coordinated with a Taleo Zone
Refresh

The data masking service is available to Oracle Cloud Service customers with a paid subscription to the
data masking service. If you have any questions about your service subscriptions, contact your Oracle
Account Team.

CHARACTERISTIC

DESCRIPTION

Compatible

Release 10 and above for HCM Cloud Service

Release(s):

Release 11 and above for ERP Cloud Service and Sales Cloud Service

Service Type:

Security

Definition:

This service permanently masks, or obscures, data in a non-production environment to

protect personally identifiable information (PII) from users who access that environment.
Standalone data masking supports three use cases:

You have loaded real worker data into a non-production environment using an inbound
integration tool such as HCM Data Loader and want to mask PII before releasing it to
users; or

You previously copied data from your Fusion production environment to a nonproduction environment using the environment refresh service and now want to mask
PII before releasing it to users.

You previously copied data from one Fusion non-production environment to a second
Fusion non-production environment using the environment refresh service and now
want to mask PII before releasing it to users.

Important Note: For the second use case above, customers typically request that data
masking occur as part of the environment refresh service because doing so is an available
option when requesting an environment refresh. If you want data to be masked as part of
the environment refresh service, you should request this as part of your environment refresh

Oracle Applications Cloud Service Definition: Data Masking Standalone

service request and NOT as a standalone data masking request. If your environment refresh
has already been completed, you should use this standalone data masking service
entitlement.
To see the database columns that are masked and the masking techniques applied during
the process, along with sample masked values, review the table in Appendix A. Also see the
appendix for frequently-asked questions (FAQs).
Business Need

Standalone data masking limits access to your workers real PII after it has been migrated

Met:

from your production to non-production environment.

This allows users to safely conduct

user acceptance testing with production like data in non-production, while remaining in
compliance with regulatory requirements such as Sarbanes-Oxley, PCI DSS, HIPAA, as well
as numerous other laws and regulations.
Typical

As needed, and timed to support the intended use of the production-like data in a non-

Frequency:

production environment.

Fulfillment

SR and Oracle Support: You file the SR and Oracle Support works with you to ensure the

Method:

request is fulfilled.

Fulfillment

The data masking service is available to HCM Cloud Service customers on Release 10 or

Considerations:

above with a paid subscription to the data masking service. You may request this service for
non-production environments only. Data masking will not be applied to your production
environment.
Plan ahead.

Two weeks advance notice is required. Submit your data masking request at least
two weeks prior to the date needed,

Downtime

Standalone data masking will require an outage of up to 24 hours to complete.

Oracle will notify you in advance of any planned downtime. The manner in which data is
masked is the same for all customers. You cannot request that your data be masked in a
specific way.
You will request a fulfillment date when you request standalone data masking. Oracle
makes every attempt to provide the service on the date that you request. If that date is
unavailable, Oracle Support works with you to find an alternative date. You will receive a
planned outage notification which confirms the date and start time for this service.
Oracle cannot not apply data masking if maintenance or any other service is planned for the
environment to be masked. At a minimum, this includes the first weekend of every month
when Monthly Updates are applied to non-production environments. Also, data masking will
not be provided five or fewer days prior to a planned upgrade for the environment. When
requesting a date for data masking, consider these and other services or maintenance
planned for the environment.

Oracle Applications Cloud Service Definition: Data Masking Standalone

Data masking is irreversible because it changes values in database columns. If you

subsequently require unmasked data in the non-production environment, you will have to
request an environment refresh service without data masking.
If you have other Fusion products such as ERP or Sales Cloud that share your HCM
environment, person data is masked across all products. Notify impacted product teams of
your plans to mask this data.
If you have non-Fusion systems that integrate with your Fusion HCM Cloud service, give
special consideration to:

The timing of the Fusion HCM data masking service to coordinate with any nonFusion systems planned content migration, cloning or other refresh activities in
order to avoid potential data integrity issues;

Any impact of masked data to downstream processing and systems. For example,
the data masking process truncates all national identifier data rows. Therefore, if
the national identifier field is a mandatory field in some downstream test system,
then validation will fail since no national identifier value exists.

SR Filing

You log a Service Request (SR) to request standalone data masking by completing the

Guidelines:

following steps.
Log on to My Oracle Support (MOS).Select Create SR from the Services Requests section
or tab.
Under the What is the Problem? section, enter Problem Summary = Standalone Data
Masking
Enter Problem Description: Provide a description of why you require standalone data
masking.
Under the Where is the Problem? section, select the Cloud tab and enter the following:
Service Type: Oracle Fusion Global Human Resources Cloud Service
Environment: Select the HCM Cloud Service non-production environment to which data
masking will be applied.
Problem Type: Hosting Services Application -> Data Masking - Standalone
Support Identifier: Defaults to your CSI number.
Click Next and provide requested information, which will be similar to the following items.
1.

Confirm that you have read and understand, HCM Cloud Service Definition
Data Masking Standalone available in My Oracle Support document, Doc ID
1534683.1.
a.

Important! Before you request this service, be sure that you

understand limitations when using masked data. Do not request
the data masking service if: 1) your intent is to replicate the same
results as when using real, unmasked data. Key examples are

Oracle Applications Cloud Service Definition: Data Masking Standalone

payroll calculation and any process that uses data input values that
would be modified by the data masking process; 2) your test
purpose is to verify interfaces to downstream systems that require
real data that is not modified. Select Yes to confirm you understand
limitations with usage of masked data and want to proceed with this
service request.
1.

Enter the identifier for the non-production environment to be masked.

1)

Enter the date on which you would like data masking to begin.

2)

Please provide Technical Contact details (Name, Email, Office phone number,
Cell phone number) for the individual that will be able to assist with any
question that may arise, and can be available to test once data masking is
applied.

3)

Please provide any additional information that will help clarify the timing and
special considerations for this request.

Click Next.
Select Severity level 3. Any SR submitted for this type of request will be treated as a nonseverity 1, non-emergency issue.
Click Submit. Once the SR has been fulfilled, the SR will be closed.

SR Template provided

How to Validate

You can confirm that data masking has been applied by querying any person on the

Service

database through the user interface and verifying that their email address is sendmail-test-

Fulfillment:

discard@oracle.com.

Related

Fusion Environment Refresh (P2T/T2T). If you wish to request data masking as part of a

Service(s):

standard Fusion HCM environment refresh (P2T/T2T) service, instead of as a standalone

data masking service, refer to the Environment Refresh white paper available in My Oracle
Support document, Doc ID 2015788.1.
Taleo Zone Refresh with Fusion HCM Environment Refresh: If you wish to request data
masking as part of a Fusion environment refresh that is coordinated with a Taleo zone
refresh, refer to the Taleo Zone Refresh with Fusion HCM Environment Refresh white
paper available in My Oracle Support document, Doc ID 1534683.1.

Related

Not applicable

Information on
MOS:

Oracle Applications Cloud Service Definition: Data Masking Standalone

Appendix A: Data Masking Methods and Considerations

How Your Data will be Masked
The following table identifies how the data masking service entitlement will mask your data and provides a sample of
how masked data will be displayed to you. Note that all of the data masked is personally identifiable information
(PII). Oracle masks data using the Oracle Data Masking Pack, an Enterprise Manager product. For the most current
list of masked columns, please refer to the Oracle Data Masking blog:
https://blogs.oracle.com/FunctionalArchitecture/entry/data_masking_in_fusion_applications, where you can also
post specific questions or comments. If you would like more details about Oracles Data Masking Pack, search the
Internet for Oracle Data Masking.
Data

Masking Technique

Masked Value

Bank Account Number

IBAN

Random Digits
Nulled

Sample: 4936477859
<null>

Email Addresses

Fixed String

sendmail-test-discard@oracle.com

Phone Numbers

Random Digits

Sample: 925-692-9270 for USA phone

number format

Addresses

Address Lines 1 & 2: Fixed String; Address

Lines 3 &4: Nulled;
Postal Code, Town or City, Country: Shuffled
as a Group

Sample:
Address Line 1: Station
Address Line 2: Road
Address Line 3: <null>
Address Line 4: <null>
Postal Code: S031 4NG
Town or City: SOUTHAMPTON
Country: UNITED KINGDON

Dates of Birth

Random Date between January 1, 1945 and

December 31, 1990

Sample: March 17, 1982

Places of Birth

Nulled

<null>

Dates of Death

Nulled

Person Names

First Name, Middle Name, Last Name: Shuffled Sample: Prabu Ann Chin (masked from
Separately from One Another and across
original name of Elizabeth Mary Jones)
Workers

Documents of Record

From Date: Random Date between January 1,

2000 and January 1, 2020;
To Date: Random Date between January 1,
2000 and January 1, 2020;
Date Issued: Random Date between January
1, 2000 and January 1, 2020;
Issuing Authority: Random String;
Document of Record ID: Shuffle Rows;
Issuing Location: Random String:

Disabilities

Table truncated

Drivers Licenses

Table truncated

Passports

Passport Numbers: Random String

Sample: *K^%KE

Visas and Work

Permits

Visa/Permit Number: Random String;

Visa/Permit Type: Shuffle Rows

Sample:
Visa/Permit Number: K%R+KH@
Visa/Permit Type: Academic Student

National Identifiers

Table truncated

Termination Dates

Nulled

Oracle Applications Cloud Service Definition: Data Masking Standalone

<null>

Sample:
From Date: May 11, 2008
To Date: October 5, 2007
Date Issued: July 9, 2003
Issuing Authority: U#_G
Document of Record ID: TM289384
Issuing Location: I*R@O{C

<null>

Data Masking Considerations

1.

Note that the manner in which data is masked is the same for all customers; you cannot request that your
data be masked in a specific way

2.

Your data will look different every time you mask it. This is due to the use of random dates, random
strings, and shuffling. With shuffling, dataeither at the column level or a group of columnsis randomly
reassigned across the database from one row to another. The shuffled values actually exist on the
database and, in the case of addresses where Postal Code, Town or City, and Country are shuffled as a
group, represent a valid combination of values; with shuffling, however, this group of columns is not the
masked persons data.

3.

In many cases, the use of masked data will result in different, noticeable results than the pre-masked data
because the values will be different. In addition, any process that leverages this data may render different
results. Notable examples include:
a.

Email notifications sent from the masked non-production environment are all routed to the same
discard domain, sendmail-test-discard@oracle.com and will not be delivered to individual email
addresses.

b.

Addresses: Masking will shuffle Postal Code, Town or City, and Country values. Therefore,
masked persons on the database may have data that is inconsistent with their assigned home
address. Also, any process that leverages address components will give different results due to
the shuffled values. Examples include processes to determine eligibility, or to perform benefits
and payroll calculations.

c.

Dates of Birth are randomly assigned within a range of January 1, 1945 and December 31,
1990, so worker ages will be different after masking. This impacts age-based reporting and
processing.

d.

Person Names: Components of a persons name are separately shuffled across the database,
so the resulting full name likely will be inconsistent with the assigned persons gender.

e.

Documents of Record, Disabilities, Drivers Licenses, Passports, Visa, Work Permits, and
Termination Dates likely will be unusable by any report or process that leverages them due to the
masking techniques applied to these types of data.

f.

National Identifiers are removed via data masking. Although payroll calculation processes do not
require a National Identifier, payroll reports, pay slips, and outbound payroll extracts will not
contain National Identifiers.

4.

Even though PII is masked, you must continue to practice good data governance and restrict access to
masked data to only those persons whose jobs require it. Some sensitive information, such as
compensation, benefits and performance data, is not masked because it is not personally identifiable. A
determined person with access to masked data still could discover the identities of persons on the masked
database. As a general recommendation, you should not assign to users any security roles that provide
access to masked data, if they do not or will not have access to that same production data when
unmasked.

Oracle Applications Cloud Service Definition: Data Masking Standalone

5.

The data masking process does not mask the user login account for Fusion applications. If you create
user login accounts that could reveal the user (for example, firstname.lastname), it could be possible for a
determined individual to infer the identities of persons on the masked database via that account.

Appendix B: Data Masking Frequently-asked Questions (FAQs)

1. Is data masking available to all customers?

Data masking is available only to HCM customers at Release 10 or higher who have subscribed to the
optional data masking service. Contact your Oracle Account Team if you would like to subscribe to
this service.
2. When will data masking be available for Sales Cloud and ERP customers?
Oracle plans to support data masking for additional Fusion Cloud services with Release 11.
3. What data is masked and how is it masked?
See Appendix A in this document on My Oracle Support. The data masking service entitlement
focuses on masking personally identifiable information (PII).
4. Were implementing ERP and HCM in the same Cloud environment. Whats the impact of data
masking in this case?
All data will be masked identically, regardless of the Fusion application which uses it or from which it
originated. Data masking rules are defined at the column level and data shared across applications-primarily Person data--will be masked across the database.
5. What are the various options available for data masking?
You can request the data masking service using one of three options. The second and third options
are less common.
1. Most common is when you request data masking as part of an environment refresh (P2T).
This assures that the production data you have migrated to a non-production environment via
an environment refresh (P2T) is masked before you provide users access to it.

You request standalone data masking if you have loaded real Person information from
another system directly into your Fusion non-production environment; or

You request standalone data masking if you previously migrated data to your nonproduction environment via an environment refresh and subsequently wish that data to be
masked.

For more information, read the following documents:

For data masking as its own standalone service, refer to the Data Masking Standalone white
paper in My Oracle Support document, Doc ID 1534683.1.

For data masking as part of a standard Fusion environment refresh, refer to the Environment
Refresh (P2T/T2T) white paper in My Oracle Support document, Doc ID 2015788.1.

Oracle Applications Cloud Service Definition: Data Masking Standalone

For data masking with a coordinated Taleo Zone and Fusion HCM Refresh, refer to the Taleo
Zone Refresh with Fusion HCM Environment Refresh white paper in My Oracle Support
document, Doc ID 1534683.1.

6. How do I request data masking?

You request data masking via one of three SR Templates, depending upon your needs:

For standalone data masking, select the following Problem Type: Hosting Services
Application -> Data Masking Standalone

For data masking combined with a standard environment refresh (P2T), select the following
Problem Type: Hosting Services Application -> P2T Standard Production to Test Copy

For data masking combined with an environment refresh (P2T) that must be coordinated with
a Taleo Zone Refresh, select the following Problem Type: Hosting Services Application ->
P2T Taleo Zone Refresh with Fusion HCM P2T

7. How long is the outage required to apply data masking?

Data masking requires an outage of up to 24 hours. If requesting data masking with an environment
refresh, that amount of time will be added to the outage required for the environment refresh.
8. Is there any restriction on the dates I can request for data masking?
Yes.
For standalone data masking, request a date that doesnt conflict with any other planned outages for
the environment (for example, monthly updates, upgrades).
For data masking with an environment refresh, select a date outside of the environment refresh
blackout period (the period of time between monthly updates to your non-production environments and
two weeks later when production environments are updated). Also, the date cannot be less than 4
days prior to any other planned outages for the environment.
9. Should we always mask data in our non-production environment?
Probably not. In some cases, youll want your non-production environment to be identical to whats in
production. A common example is validation of an upgrade in your non-production environment before
your production environment is upgraded.
10. Can I add additional Persons to a masked database?
Yes. You may wish to do this to support specific use cases you are testing. This manually-entered
data will NOT be masked.
11. Can I make changes to data that has been masked?
Yes. Any changes you make to masked data will be saved to the database as long as the changes
pass system edits. This modified data will not be re-masked.
12. After our data is masked, will it be possible for someone to figure out whos who on the
database? If yes, why?
Yes. Even though personally identifiable information (PII) is masked, you must continue to practice
good data governance and restrict access to masked data to only those persons whose jobs require it.

Oracle Applications Cloud Service Definition: Data Masking Standalone

A determined user could figure out a persons identity through a combination of non-PII such as
Location, Job, and Gender. If we were to mask data to avoid this from happening, the resulting data
would not be useable for user acceptance testing and several consistency edits within the applications
could break.
13. Can I request that data be masked exactly how I want it?
No. There is no option to customize what data is masked or how that data is masked. Oracle has
certified data masking using the standard methods identified in this document on My Oracle Support.
14. What other limitations exist?
Important! Be sure you understand limitations with using masked data before you request the
data masking service.
Do not request the data masking service if:

Your intent is to replicate the same results as when using real, unmasked data. Key
examples are payroll calculation and any process that uses data input values that would
be modified by the data masking process.

Your test purpose is to verify interfaces to downstream systems that require real data that
is not modified.

Refer to Appendix A for the list of all data objects that are masked with each request, and be
sure to analyze and consider potential impact to your intended test purpose, scope and
downstream processing.

Oracle Applications Cloud Service Definition: Data Masking Standalone

10

Oracle Corporation, World Headquarters

Worldwide Inquiries

500 Oracle Parkway

Phone: +1.650.506.7000

Redwood Shores, CA 94065, USA

Fax: +1.650.506.7200

CONNECT W ITH US

blogs.oracle.com/oracle
facebook.com/oracle
twitter.com/oracle
oracle.com

Copyright 2015, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the
contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other
warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or
fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are
formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any
means, electronic or mechanical, for any purpose, without our prior written permission.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and
are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are
trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 1215
Oracle Applications HCM Cloud Service Definition
Data Masking Standalone
December 2015

Oracle Applications Cloud Service Definition: Data Masking Standalone

11