SecOps Services in Scope by Compliance Program

Last modified: May 23, 2024

This is not the current version of this document and is provided for archival purposes. View the current Version

Capitalized terms have the meaning stated in the applicable agreement between Customer and Google.

A ✔ in the table below indicates that the Service (row) is in scope for the specified certification or report (column).

Service	ISO 27001 Certification	ISO 27017 Certification	ISO 27018 Certification	SOC 1 Report	SOC 2 Report	SOC 3 Report	PCI DSS Certification
Chronicle SIEM	✔	✔	✔	✔	✔	✔	✔*
Chronicle SOAR	✔	✔	✔	✔	✔	✔	✔
Mandiant Consulting Services	✔	✔	✔		✔	✔
Mandiant Security Validation	✔	✔	✔		✔	✔
Mandiant Advantage Threat Intelligence	✔	✔	✔		✔	✔
Mandiant Attack Surface Management	✔	✔	✔		✔	✔
Mandiant Managed Defense	✔	✔	✔		✔	✔	✔

Service

ISO 27001 Certification

ISO 27017 Certification

ISO 27018 Certification

SOC 1 Report

SOC 2 Report

SOC 3 Report

PCI DSS Certification

Chronicle SIEM

✔

✔*

Chronicle SOAR

✔

Mandiant Consulting Services

✔

Mandiant Security Validation

✔

Mandiant Advantage Threat Intelligence

✔

Mandiant Attack Surface Management

✔

Mandiant Managed Defense

✔

*Subject to specific service configuration by customer. Certain features (e.g., Chronicle Looker integration) are not included in certification.