EMEA | ALL INDUSTRIES

C5:2020

The Cloud Computing Compliance Criteria Catalogue, also referred to as C5:2020, was developed by the German Federal Office for Information Security (BSI) as a way to assess the information security of cloud services that leverage internationally recognized security standards like ISO/IEC 27001 to set a consistent audit baseline that helps establish a framework of trust between cloud providers and their customers.

Google previously received an attestation for the BSI’s Cloud Computing Compliance Controls Catalog (“C5”). The BSI revised the guidance as C5:2020 in 2020. The C5:2020 expands the scope of C5 and addresses new requirements, including a section on product safety and security.

Through an independent third-party audit, Google Cloud (Google Workspace and Google Cloud) has achieved an attestation against the C5:2020 requirements. Current and potential customers can use the C5:2020 attestation as verification of compliance and as part of their assessment for using Google Cloud services.

Cloud Computing Compliance Criteria Catalogue (C5:2020) reports may be requested via the Compliance Reports Manager. Potential customers can reach out to sales for more information.

Google Cloud services that are in scope for the C5:2020 attestation

Access Approval

Access Context Manager

Access Transparency

AI Platform Data Labeling

AI Platform Neural Architecture Search (NAS)

AI Platform Training and Prediction

API Gateway

Apigee

App Engine

Artifact Registry

Assured Workloads for Government

AutoML Natural Language

AutoML Tables

AutoML Translation

AutoML Video

AutoML Vision

Bare Metal Solution

BigQuery

BigQuery Data Transfer Service

Bigtable

Binary Authorization

Certificate Authority Service

Cloud Asset Inventory

Cloud Billing

Cloud Build

Cloud CDN

Cloud Composer

Cloud Data Fusion

Cloud Deployment Manager

Cloud DNS

Cloud Endpoints

Cloud External Key Manager (Cloud EKM)

Cloud Functions

Cloud Functions for Firebase

Cloud Healthcare API

Cloud HSM

Cloud IDS (Cloud Intrusion Detection System)

Cloud Interconnect

Cloud Key Management Service

Cloud Life Sciences (formerly Google Genomics)

Cloud Load Balancing

Cloud Logging

Cloud Monitoring

Cloud NAT (Network Address Translation)

Cloud Natural Language API

Cloud Profiler

Cloud Router

Cloud Run (fully managed)

Cloud Run for Anthos

Cloud Scheduler

Cloud SDK

Cloud Shell

Cloud Source Repositories

Cloud SQL

Cloud Storage

Cloud Storage for Firebase

Cloud Tasks

Cloud Trace

Cloud Translation

Cloud Vision

Cloud VPN

Compute Engine

Config Management

Connect

Contact Center AI (CCAI)

Container Registry

Data Catalog

Database Migration Service

Dataflow

Datalab

Dataproc

Datastore

DataStream

Dialogflow

Document AI

Earth Engine

Eventarc

Firebase Authentication

Firebase Test Lab

Filestore

Firestore

Game Servers

Google Cloud App

Google Cloud Armor

Google Cloud VMware Engine (GCVE)

Google Cloud console

Google Cloud Identity-Aware Proxy

Google Cloud Marketplace

Google Kubernetes Engine

Hub

Identity & Access Management (IAM)

Identity Platform

Insights

IoT Core

Key Access Justification (KAJ)

Looker Studio

Looker (Google Cloud Core)

Managed Service for Microsoft Active Directory (AD)

Memorystore

Network Intelligence Center

Network Service Tiers

Notebooks (formerly AI Platform Notebooks)

Persistent Disk

Pub/Sub

reCAPTCHA Enterprise

Recommender

Resource Manager API

Risk Manager

Secret Manager

Security Command Center

Sensitive Data Protection (including Cloud Data Loss Prevention)

Service Consumer Management

Service Directory

Service Management

Service Mesh

Service Infrastructure

Spanner

Speech-to-Text

Storage Transfer Service

Talent Solution

Text-to-Speech

Traffic Director

Vertex AI Platform (formerly Vertex AI)

Video Intelligence API

Virtual Private Cloud

VPC Service Controls

Web Risk API

Workflows

Admin Console

Assignments

Calendar

Calendar API

Classroom

Cloud Identity

Cloud Search

Contacts

Contacts API

Currents

Docs

Drive

Drive Activity API

Drive Rest API

Forms

Google Workspace Migrate

Gmail

Gmail Rest API

Google Chat

Google Meet

Groups

Hangouts

Jamboard

Keep

Mobile Device Management

Sheets

Sheets API

Sites (classic / new)

Sites API

Slides

Tasks

Tasks API

Vault

Voice

Apps Script

Apps Email Audit API

Alert Center API

Data Transfer API

Directory API

Domain Shared Contacts API

Enterprise License Manager API

Groups Migration API

Groups Settings API

Reports API

Reseller API

SAML-based SSO API

ISO/IEC 27001

Learn more

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Get started for free

Take the next step

Start your next project, explore interactive tutorials, and manage your account.

Contact sales

Learn security best practices
See our best practices
Solve common problems
Watch security use-case videos
Work with a partner
See our security partners

Learn security best practices
See our best practices
Solve common problems
Watch security use-case videos
Work with a partner
See our security partners

C5:2020

Google Cloud services that are in scope for the C5:2020 attestation

Quick links

Related offerings

Take the next step

Take the next step