If your organisation relies on Oracle GRC for E-Business Suite, you may have already heard the news, the platform has moved into sustaining support. It's easy to assume that means business as usual; the system still runs, your controls are still active, and nothing has visibly broken. But beneath the surface, the clock is ticking. This shift marks the end of the road for Oracle GRC's development, and for a function as dynamic as governance, risk, and compliance, standing still carries a cost that grows quietly — until it doesn't.
For many organisations running Oracle E-Business Suite, Governance, Risk, and Compliance (GRC) has long been a critical layer for managing access, enforcing controls, and supporting audit requirements. But a significant shift has now taken place: Oracle GRC for EBS has moved into sustaining support.
At first glance, this may not seem urgent. The system still works. Your controls are still in place. But the implications of this change are deeper, and over time, they can materially impact your organisation’s risk posture, compliance standing, and operational efficiency.
When a product enters sustaining support, it effectively reaches the end of its evolution.
There are:
No new features or enhancements
No updates for regulatory or legislative changes
No improvements to address emerging risks or modern security needs
While critical fixes may still be available, the platform is no longer being actively developed to keep pace with the world around it.
For GRC, a function that depends on staying aligned with change is a fundamental limitation.
Regulations don’t stand still. Whether it’s financial reporting standards, data protection laws, or industry-specific requirements, change is constant. Without updates to your GRC tooling, your control framework can gradually fall out of alignment.
Auditors are placing greater emphasis on continuous assurance and real-time visibility. Legacy GRC solutions that rely on periodic checks and manual reporting can struggle to meet these expectations, leading to more findings and remediation work.
User roles, responsibilities, and systems evolve over time. Without dynamic Segregation of Duties (SoD) monitoring and continuous controls, risks can go undetected, increasing the likelihood of fraud, errors, or policy breaches.
As gaps appear, organisations often compensate with manual processes, spreadsheets, offline reviews, and ad hoc fixes. This increases workload, introduces inconsistency, and diverts resources away from higher-value activities.
GRC is not a “set and forget” capability. It sits at the intersection of:
Regulatory compliance
Internal controls
Security and access management
Audit and assurance
All of these areas are constantly evolving.
When your GRC platform stops evolving, a gap begins to form, slowly at first, but increasingly difficult to manage.
Today’s GRC solutions are built with a very different philosophy. Instead of periodic control and reactive reporting, they focus on continuous, automated assurance.
Key capabilities include:
This shift transforms GRC from a compliance burden into a strategic enabler.
One of the biggest risks organisations face is delaying action.
Because sustaining support doesn’t cause immediate failure, it’s easy to deprioritise. But the longer the delay:
Early action allows for a more controlled, strategic transition — rather than a reactive, time-pressured response.
If you’re currently using Oracle GRC for EBS, now is the time to:
If your organisation is still relying on Oracle GRC for EBS, now is the time to act. The move to sustaining support isn’t just a technical milestone; it’s a clear signal to reassess your GRC strategy before risks begin to surface.
DSP works with Oracle EBS customers to evaluate their current GRC landscape, identify exposure, and design a clear path toward a more modern, resilient solution. Whether you need a short-term stabilisation plan or a full transition to a next-generation GRC platform, DSP provides the expertise, tools, and ongoing support to guide you every step of the way.
Contact us today.