This page provides a high-level view of the compliance certifications and security controls that are supported by Vertex AI Search. For Vertex AI Agents, see Dialogflow compliance and security controls.
Certifications
Vertex AI Search is compliant with the following:
| Compliance certification | Standard Edition | Enterprise Edition |
|---|---|---|
| HIPAA* | ✔ | ✔ |
| ISO 27001, ISO 27017, ISO 27018, and ISO 27701 | ✔ | ✔ |
| SOC 1, SOC 2, SOC 3 | ✔ | ✔ |
* Vertex AI Search Pre-GA offerings are included in the Google Cloud Business Associate Agreement (BAA). If you will be using Vertex AI Search to store or process Protected Health Information in a manner subject to the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and/or any amendments or regulations under HIPAA, you must enter into an appropriate BAA with Google. For more information, see HIPAA Compliance on Google Cloud.
Security controls
Vertex AI Search provides security horizontals. Some of the controls are in Preview. The CMEK controls are only available in the Enterprise Edition.
| Security controls compliance | Standard Edition | Enterprise Edition |
|---|---|---|
| Data Residency (DRZ) | ✔ US and EU multi-region APIs only | ✔ US and EU multi-region APIs only |
| Customer-managed encryption keys (CMEK) | — | ✔ (GA with allowlist) US and EU multi-region APIs only |
| VPC Service Controls (VPC-SC) | ✔ | ✔ |
| Access Transparency | ✔ US and EU multi-regions only | ✔ US and EU multi-regions only |
What's next
Learn more about Google Cloud compliance.