Audit Manager overview

Audit Manager is a compliance audit solution that helps you to simplify your compliance audit process on Google Cloud.

Audit Manager has the following capabilities:

  • Shared responsibilities matrix that shows separation of duties and recommendations to execute your responsibilities.
  • Automated compliance assessments to evaluate compliance controls on workloads to understand their state of compliance.
  • Evidence collection for compliance audits.
  • Gap identification to help remediate the generated violations.

Audit Manager can provide assessments for any Google Cloud projects or folders.

Supported compliance standards

Audit Manager can evaluate your resources against selective controls for the following list of supported compliance standards:

  • NIST 800-53 Revision 4
    • Access Control (AC)
    • Audit and Accountability (AU)
    • System Services and Acquisition (SA)
    • System and Communications Protection (SC)
    • System and Information Integrity (SI)
  • Google-recommended AI controls
  • SOC2 2017
  • CIS Controls v8
  • PCI DSS 4.0
  • Cloud Controls Matrix 4.0
  • NIST CSF v1
  • CIS Google Cloud Foundation Benchmark 2.0
  • ISO 27001 2022
  • HIPAA v1

Audit Manager tiers

Audit Manager offers two service tiers: Free and Premium. These tiers are based on the compliance frameworks that are supported for audits. For more information about the tiers and the pricing information, see Pricing.

Audit Manager workflow

The high-level workflow of Audit Manager involves setting up Audit Manager access and managing audits.

  1. To set up Audit Manager access, you must be an administrator and enroll resources for audit.
  2. To manage audits, you can be an administrator or an auditor and do the following:
    1. Run audits.
    2. Get audit status.
    3. View detailed Audit Manager reports.

What's next