Stay organized with collections Save and categorize content based on your preferences.

Platform controls

Google Cloud supports compliance using platform controls to create regulated boundaries on public cloud infrastructure. This topic provides more information about how platform controls work.

Platform control primitives

Platform controls are a combination of Google Cloud infrastructure data location and personnel access primitives that support compliance by enforcing and restricting access by customers or Google personnel.

Free Tier

FedRAMP Moderate

The FedRAMP Moderate platform control sets support access controls for first-level support personnel who have completed enhanced background checks. This means that Assured Workloads support cases are restricted to FedRAMP adjudicated first-level support staff. Additional Google Cloud FedRAMP Moderate compliance information can be found on the FedRAMP compliance card.

Premium Tier

FedRAMP High

The FedRAMP High platform control sets support access controls for first- and second-level support personnel who have completed enhanced background checks and are located in the US. This means that Assured Workloads support cases are restricted to FedRAMP adjudicated first and second level support staff located in the US. Data location controls are set to support US-only regions. For more information about Google Cloud FedRAMP High compliance, see FedRAMP compliance card.

Criminal Justice Information Systems (CJIS)

The CJIS platform control sets support access controls for first- and second-level support personnel who have completed state sponsored background checks and are located in the US. This means that Assured Workloads support cases are restricted to CJIS-adjudicated first- and second-level support staff located in the US. Escorted session controls are also used to supervise and monitor support actions by non-adjudicated staff. Data location controls are set to support US-only regions. Additional Google Cloud CJIS compliance information can be found on the CJIS compliance card.

Impact Level 4 (IL4)

The IL4 platform control sets support access controls for first- and second-level support personnel who have completed enhanced background checks, are US persons, and are located in the US. This means that Assured Workloads support cases are restricted to IL4-adjudicated US persons first- and second-level support staff located in the US. Data location controls are set to support US-only regions. For more information about Google Cloud IL4 compliance, see the IL4 compliance card.

International Traffic in Arms Regulations (ITAR)

The ITAR platform control sets support access controls for first- and second-level support personnel who are US persons, and are located in the US. This means that Assured Workloads support cases are restricted to US persons for first- and second-level support staff located in the US. Data location controls are set to support US-only regions. For more information about Google Cloud ITAR compliance, see the following topics:

Canada Regions and Support

The Canada Regions and Support platform control sets support access controls for first- and second-level support personnel who are legally eligible to work in Canada and, physically located within the country of Canada. Data location controls are set to support CAN-only regions.

EU Regions and Support

The EU Regions and Support platform control sets support access controls for first- and second-level support personnel who are EU personnel based in the EU. See EU regions for a list of the available regions.

EU Regions and Support with Sovereignty Controls

The EU Regions and Support with Sovereignty controls platform control sets support access controls for first- and second-level support personnel who are based in the EU, and provides data residency and data sovereignty guarantees for EU-based customers. Data location controls are set to support EU-only regions. For more information, see Restrictions and limitations in EU Regions and Support with Sovereignty Controls.

Israel Regions and Support

The Israel Regions and Support platform control sets support access controls for first- and second-level support personnel who are either security-cleared Israeli Personnel located in Israel or US persons who have completed enhanced background checks located in the US. Data location controls are set to support Israel-only regions.

US Regions and Support

The US Regions and Support platform control sets support access controls for first- and second-level support personnel who have completed enhanced background checks, are US persons, and are located in the US. This means that Assured Workloads support cases are restricted to adjudicated US persons first- and second-level support staff located in the US. Data location controls are set to support US-only regions.

Preview

The following compliance regimes are available at the Preview launch stage.

HIPAA (Preview)

The HIPAA platform control supports data location controls to support US-only regions.

HITRUST (Preview)

The HITRUST platform control sets support access controls for first-level support personnel who are located in the US. This means that Assured Workloads support cases are restricted to support staff located in the US. Data location controls are set to support US-only regions.

Australian Regions and US Support (Preview)

The Australian Regions and US Support platform control sets support access controls for first- and second-level support personnel who have completed enhanced background checks, are US persons, and are located in the US. This means that Assured Workloads support cases are restricted to adjudicated US persons first- and second-level support staff located in the US. Data location controls are set to support US-only regions.

What's next