Control packages
Assured Workloads provides control packages to support the creation of compliant boundaries in Google Cloud. A control package is a set of controls that, when combined together, supports the regulatory baseline for a compliance statute or regulation. These controls include mechanisms to enforce data residency, data sovereignty, personnel access, and more.
Control packages are organized into control package families according to the type of controls they provide:
- Regional controls provide data residency with optional personnel controls and regional support.
- Sovereign controls provide data residency, personnel controls, regional support, and enhanced controls for data sovereignty such as Cloud External Key Manager (Cloud EKM), Cloud HSM, and Key Access Justifications. Additional partner-managed control packages are available through Sovereign Controls by Partners.
- Regulatory controls provide certified controls tailored to meet specific regulatory and compliance statute requirements.
This page provides more information about each control package and control package available in Assured Workloads, which are available in two pricing tiers: Free and Premium. See Assured Workloads pricing for more information about these tiers.
Regional controls
| Control package | Description | Pricing tier |
|---|---|---|
| Australia Regions (Preview) | The Australia Regions control package sets data location controls to support Australia-only regions. The Australia Regions control package is available at the Preview launch stage. | Free |
| Australia Regions with Assured Support | The Australia Regions with Assured Support control package sets data location controls to support Australia-only regions. Support access and technical support are set to personnel who are located in five specific countries (United States, Canada, Australia, New Zealand, and United Kingdom). | Premium |
| Brazil Regions (Preview) | The Brazil Regions control package sets data location controls to support Brazil-only regions. The Brazil Regions control package is available at the Preview launch stage. | Free |
| Canada Regions (Preview) | The Canada Regions control package sets data location controls to support Canada-only regions. The Canada Regions control package is available at the Preview launch stage. | Free |
| Canada Regions and Support | The Canada Regions and Support control package sets data location controls to support Canada-only regions. Support access controls for first-level and second-level support are set to personnel who are legally eligible to work in Canada and physically located within the country of Canada. | Premium |
| Chile Regions (Preview) | The Chile Regions control package sets data location controls to support Chile-only regions. The Chile Regions control package is available at the Preview launch stage. | Free |
| EU Regions (Preview) | The EU Regions control package sets data location controls to support EU-only regions. The EU Regions control package is available at the Preview launch stage. | Free |
| EU Regions and Support | The EU Regions and Support control package sets data location controls to support EU-only regions. Support access controls for first-level and second-level support are set to personnel who are EU personnel based in the EU. | Premium |
| India Regions (Preview) | The India Regions control package sets data location controls to support India-only regions. The India Regions control package is available at the Preview launch stage. | Free |
| Indonesia Regions (Preview) | The Indonesia Regions control package sets data location controls to support Indonesia-only regions. The Indonesia Regions control package is available at the Preview launch stage. | Free |
| Israel Regions (Preview) | The Israel Regions control package sets data location controls to support Israel-only regions. The Israel Regions control package is available at the Preview launch stage. | Free |
| Israel Regions and Support | The Israel Regions and Support control package sets data location controls to support Israel-only regions. Support access controls for first-level and second-level support are set to personnel who are either security-cleared Israeli Personnel located in Israel or US Persons who have completed enhanced background checks located in the US. | Premium |
| Japan Regions | The Japan Regions control package sets data location controls to support Japan-only regions. | Premium |
| Singapore Regions (Preview) | The Singapore Regions control package sets data location controls to support Singapore-only regions. The Singapore Regions control package is available at the Preview launch stage. | Free |
| South Korea Regions (Preview) | The South Korea Regions control package sets data location controls to support South Korea-only regions. The South Korea Regions control package is available at the Preview launch stage. | Free |
| Switzerland Regions (Preview) | The Switzerland Regions control package sets data location controls to support Switzerland-only regions. The Switzerland Regions control package is available at the Preview launch stage. | Free |
| Taiwan Regions (Preview) | The Taiwan Regions control package sets data location controls to support Taiwan-only regions. The Taiwan Regions control package is available at the Preview launch stage. | Free |
| UK Regions (Preview) | The UK Regions control package sets data location controls to support UK-only regions. The UK Regions control package is available at the Preview launch stage. | Free |
| US Regions (Preview) | The US Regions control package sets data location controls to support US-only regions. The US Regions control package is available at the Preview launch stage. | Free |
| US Regions and Support | The US Regions and Support control package sets data location controls to support US-only regions. Support access controls for first-level and second-level support are set to personnel who are US Persons and are located in the US. | Premium |
Sovereign controls
See Sovereign Controls by Partners for additional partner-managed control packages.
| Control package | Description | Pricing tier |
|---|---|---|
| EU Regions and Support with Sovereignty Controls | The EU Regions and Support with Sovereignty Controls control package sets data location controls
to support
EU-only regions.
Support access controls for first-level and second-level support are
set to personnel who are based in the EU, and provides data
residency and data sovereignty assurances for EU-based customers.
For more information, see Restrictions and limitations in EU Regions and Support with Sovereignty Controls. |
Premium |
Regulatory controls
| Control package | Description | Pricing tier |
|---|---|---|
| Criminal Justice Information Systems (CJIS) | The CJIS control package sets data location controls to support US-only regions. Support access controls for first-level and second-level support are set to personnel who have completed state-sponsored background checks and are located in the US. This means that Assured Workloads support cases are restricted to CJIS-adjudicated first-level and second-level support staff located in the US. Escorted session controls are also used to supervise and monitor support actions by non-adjudicated staff. See the CJIS compliance card for more information. | Premium |
| FedRAMP High | The FedRAMP High control package sets data location controls to support US-only regions. Support access controls for first-level and second-level support are set to personnel who have completed enhanced background checks and are located in the US. This means that Assured Workloads support cases are restricted to FedRAMP-adjudicated first-level and second-level support staff located in the US. See the FedRAMP compliance card For more information. | Premium |
| FedRAMP Moderate | The FedRAMP Moderate control package sets support access controls for first-level support personnel who have completed enhanced background checks. This means that Assured Workloads support cases are restricted to FedRAMP-adjudicated first-level support staff. See the FedRAMP compliance card for more information. | Free |
| HIPAA (Preview) | The HIPAA control package supports data location controls to support US-only regions. The HIPAA control package is available at the Preview launch stage. | Free |
| HITRUST (Preview) | The HITRUST control package sets data location controls to support
US-only regions.
Support access controls for first-level support are set to personnel
who are located in the US. This means that
Assured Workloads support cases are restricted to support
staff located in the US.
The HITRUST control package is available at the Preview launch stage. |
Free |
| Impact Level 2 (IL2) | The IL2 control package sets data location controls to support US-only regions. Support access controls for first-level and second-level support are set to personnel who have completed enhanced background checks, are US Persons, and are located in the United States. See the United States Defense Information Systems compliance card for more information. | Premium |
| Impact Level 4 (IL4) | The IL4 control package sets data location controls to support US-only regions. Support access controls for first-level and second-level support are set to personnel who have completed enhanced background checks, are US Persons, and are located in the United States. See the United States Defense Information Systems compliance card for more information. | Premium |
| Impact Level 5 (IL5) | The IL5 control package sets data location controls to support US-only regions. Support access controls for first-level and second-level support are set to personnel who have completed enhanced background checks, are US Persons, and are located in the United States. See the United States Defense Information Systems compliance card for more information. | Premium |
| International Traffic in Arms Regulations (ITAR) | The ITAR control package sets data location controls to support US-only regions. Support access controls for first-level and second-level support are set to personnel who are US Persons, and are located in the US. This means that Assured Workloads support cases are restricted to US Persons for first-level and second-level support staff located in the US. For more information, see the following pages: | Premium |
What's next
- Learn how to create an Assured Workloads folder
- Learn more about controlling access to data by personnel
- Learn which products are supported for each control package