Enable Compliance Manager

Enable Compliance Manager and configure support for VPC Service Controls service perimeters so that you can apply frameworks to your Google Cloud organization.

Before you begin

Complete these tasks before you enable Compliance Manager.

• To get the permissions that you need to enable Compliance Manager, ask your administrator to grant you the following IAM roles on your organization:

  • Organization Policy Administrator (roles/orgpolicy.policyAdmin)
  • Security Center Admin Editor (roles/securitycenter.adminEditor)

  For more information about granting roles, see Manage access to projects, folders, and organizations.

  You might also be able to get the required permissions through custom roles or other predefined roles.

Enable Compliance Manager

Complete the following steps to enable Compliance Manager at the organization level:

1. Enable Compliance Manager using one of the following methods:

   • If you haven't activated Security Command Center in your organization, then activate Security Command Center Enterprise. Compliance Manager is automatically enabled as part of that process.

   • If you've already activated the Enterprise service tier of Security Command Center, add Compliance Manager using the Activate Compliance Manager page.

     Go to Activate Compliance Manager

   When you enable Compliance Manager, the following services are also enabled:

   • Sensitive Data Protection to use data sensitivity signals for default data risk assessment.
   • Event Threat Detection (part of Security Command Center) at the organization level.
   • (Preview) Data Security Posture Management for data security frameworks.
   • (Preview) AI protection for AI security frameworks.

   The Cloud Security Compliance service agent (service-org-ORGANIZATION_ID@gcp-sa-csc-hpsa.) is created when you enable Compliance Manager. Compliance Manager uses this service agent to access resources in your organization.

   The following frameworks are applied to the organization automatically:

   • AI Protection
   • Data Security and Privacy Essentials

What's next

• Configure IAM roles for your compliance users.
• Configure support for VPC Service Controls.
• Manage a framework.
• (Preview) Configure Data Security Posture Management.
• (Preview) Configure AI Protection.