Jump to Content
Security & Identity

Reinforcing our commitment to privacy with accredited ISO/IEC 27701 certification

June 30, 2020
Jennifer Merriss

Director, Cloud Privacy

Kim Macpherson

Director, Engineering Compliance

For decades, there has been a growing focus on privacy in technology, with laws such as the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act, and the Australian Privacy Principles providing guidance on how to protect and maintain user privacy. Privacy has always been a priority at Google, and we’re continuously evolving to help our customers directly address global privacy and data protection requirements. Today, we’re pleased to announce that Google Cloud is the first major cloud provider to receive an accredited ISO/IEC 27701 certification as a data processor. 

Published in 2019, ISO/IEC 27701 is a global standard designed to help organizations align with international privacy frameworks and laws. It provides guidance for implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS), and can be used by both data controllers and processors—a key consideration for organizations that must align with the GDPR. ISO/IEC 27701 is an extension of the security industry best practices that are codified in ISO/IEC 27001, which outlines and provides the requirements for an information security management system (ISMS).  

Unlocking the benefits of ISO 27701

Coalfire ISO, an independent third party, issued an accredited certificate of registration for ISO/IEC 27701 to Google Cloud Platform (GCP). This accredited certificate shows that Google's PIMS for GCP (as shown in the certificate's scope) conforms to the ISO/IEC 27701 requirements, and that the body conducting the audit and issuing the certificate did so in accordance with the International Accreditation Forum (IAF)/ANSI National Accreditation Board (ANAB) requirements. This means that the certificate will be recognized by other IAF-accredited audit and certification bodies under the IAF Multilateral Recognition Agreement (MLA). 

Our accredited certification demonstrates Google Cloud’s long-standing commitment to privacy and providing the most trusted experience for our customers. By meeting the rigorous standards outlined by ISO/IEC 27701, Google Cloud customers can leverage the many benefits our certification, including:

  • A universal set of privacy controls, verified by a trusted third party in accordance with the requirements of their accreditation body, that can serve as a solid foundation for the implementation of a privacy program

  • The ability to rely on Google Cloud Platform's accredited ISO/IEC 27701 certification in your own compliance efforts

  • Reduced time and expense for both internal and third-party auditors, who can now demonstrate compliance with several privacy objectives within a single audit cycle

  • Greater clarity on privacy-related roles and responsibilities, which can facilitate efforts to comply with privacy regulations such as GDPR

Our commitment to customers

Certifications provide independent validation of our ongoing commitment to world-class security and privacy, while also helping customers with their own compliance efforts. You can find more information on Google Cloud’s compliance efforts and our commitment to privacy in our compliance resource center.

Posted in