Inside Google Cloud

Google Cloud’s Response to Australian Privacy Principles (APP) and Australian Prudential Regulation Authority (APRA) Requirements

Google Cloud continuously works to help our enterprise customers understand how we view regulatory compliance requirements within regions. We recently produced three whitepapers highlighting Google Cloud’s commitment to meeting Australia’s rigorous privacy and compliance standards that test for data safety, privacy and security.

The first document is a whitepaper on the Australian Privacy Principles (APP) that helps Google Cloud customers understand how we store, process, maintain, access and secure information, particularly when using Google Cloud Platform (GCP) and G Suite products. The other two documents are both focused on providing assistance to Financial Services customers under the purview of the Australian Prudential Regulation Authority (APRA).

The first APRA-related document highlights Google Cloud’s general response to APRA Standard CPS 231 Outsourcing. In the document, we review the core concepts related to the outsourcing guidelines, examine the list of supported GCP and G Suite services along with our efforts to address compliance concerns, and outline the responsibilities of Financial Services customers under the standard. The second APRA-related document is Google Cloud’s response to APRA CPG 234 and CPG 235. In this document, we map the GCP and G Suite controls and processes outlined in our Service Organization Controls (SOC) 2 Type II report to the set of security guidelines and controls that these standards spell out. The mapping is designed to provide a more digestible format of Google Cloud’s compliance controls corresponding to the specific APRA requirements. To access this control mapping, you can contact our Cloud Sales team.

We plan to continue to produce these types of documents to support you in the coming months. Please stay tuned for further releases!