† Penawaran Pra-GA Vertex AI Search disertakan dalam
Perjanjian Rekanan Bisnis (BAA). Google Cloud Jika Anda akan menggunakan
Vertex AI Search untuk menyimpan atau memproses Informasi Kesehatan Terlindungi dengan cara yang tunduk pada Health Insurance Portability and Accountability Act
(HIPAA) tahun 1996 dan/atau setiap amandemen atau peraturan berdasarkan HIPAA, Anda harus menandatangani BAA yang sesuai dengan Google. Untuk mengetahui informasi selengkapnya, lihat
Kepatuhan terhadap HIPAA di Google Cloud.
Kontrol keamanan
Vertex AI Search menyediakan horizontal keamanan. Kontrol CMEK hanya tersedia di Edisi Enterprise.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-05 UTC."],[[["\u003cp\u003eVertex AI Search, including both Standard and Enterprise Editions, along with the RAG APIs, are compliant with HIPAA, ISO 27001, 27017, 27018, 27701, SOC 1, SOC 2, and SOC 3 certifications.\u003c/p\u003e\n"],["\u003cp\u003eVertex AI Search offers security controls such as Data Residency (DRZ), VPC Service Controls, and Access Transparency in both Standard and Enterprise editions.\u003c/p\u003e\n"],["\u003cp\u003eThe Enterprise Edition of Vertex AI Search provides Customer-managed encryption keys (CMEK) for enhanced data security, specifically for US and EU multi-region APIs.\u003c/p\u003e\n"],["\u003cp\u003eThe RAG APIs, which include ranking, grounded generation, and check grounding, have VPC Service Controls and Access Transparency in place but do not have Data Residency or Customer-managed encryption keys.\u003c/p\u003e\n"],["\u003cp\u003eA Business Associate Agreement (BAA) with Google is necessary when utilizing Vertex AI Search for storing or processing Protected Health Information (PHI) under HIPAA regulations.\u003c/p\u003e\n"]]],[],null,["# Compliance and security controls\n\nThis page provides a high-level view of the compliance certifications and\nsecurity controls that are supported by Vertex AI Search.\n\nCertifications\n--------------\n\nVertex AI Search and the RAG APIs are compliant as follows:\n\n^\\*^ The RAG APIs are [ranking](/generative-ai-app-builder/docs/ranking), [grounded generation](/generative-ai-app-builder/docs/grounded-gen), and\n[check grounding](/generative-ai-app-builder/docs/check-grounding).\n\n^†^ Vertex AI Search Pre-GA offerings are included in\nthe Google Cloud Business Associate Agreement (BAA). If you will be using\nVertex AI Search to store or process Protected Health Information in a\nmanner subject to the Health Insurance Portability and Accountability Act\n(HIPAA) of 1996 and/or any amendments or regulations under HIPAA, you must enter\ninto an appropriate BAA with Google. For more information, see\n[HIPAA Compliance on Google Cloud](/security/compliance/hipaa).\n\nSecurity controls\n-----------------\n\nVertex AI Search provides security horizontals. The CMEK controls are\nonly available in the Enterprise Edition.\n\n^\\*^ Using external key manager (EKM) or hardware security module\n(HSM) with CMEK is in GA with allowlist.\n\nThe following table identifies security controls for RAG APIs.\n\nWhat's next\n-----------\n\nLearn more about [Google Cloud compliance](/security/compliance)."]]