{ "variables": [ { "regions": [ "Africa", "Asia Pacific", "Canada", "Europe", "Latin America", "USA" ], "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "products": [ "Big Data", "Compute", "Machine Learning", "Networking", "Storage and Databases" ] } ], "customers": [ { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "iso-27001", "name": "ISO 27001", "regions": [ "Africa", "Asia Pacific", "Europe", "USA" ], "logo": "https://lh3.googleusercontent.com/Z2pfi-pA8v-WcntyY76i5WQIcF0ocSwR3Kp1bSwuRdo7DP9qMNr8TM4GbBtR3eOXOa4EDuAM20fQnfoef0YRiwR3d2LmWEWYxVoH5V8", "blurb": "Managing information risks." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "iso-27017", "name": "ISO 27017", "regions": [ "Africa", "Asia Pacific", "Europe", "USA" ], "logo": "https://lh3.googleusercontent.com/dzoyOsc1M3I2L0mCssi9ClQkFMIbuMjHFtYI1e1ROtjwR2CP5eVEgBcjVtFiK0sqJqb5MGVzNrDmtvx83WuHoTOLF0yw03K5x9dlBbY", "blurb": "Controlling cloud-based information security." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "iso-27018", "name": "ISO 27018", "regions": [ "Africa", "Asia Pacific", "Europe", "USA" ], "logo": "https://lh3.googleusercontent.com/T_OXqkTeCNdZmxImMA89uV4z0AtCmyKIWm2hp5TFYHUnxR05cvDlIsPbjTxeS2BHYzQhZglgUshyV18tWjqmyNVXh-wW0tKYB2Zh", "blurb": "Protecting personal data." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "soc-1", "name": "SOC 1", "regions": [ "Africa", "Asia Pacific", "Europe", "USA" ], "logo": "https://lh3.googleusercontent.com/TA-ZB2k1uk3hSgVXejRB-CJiur6WwmK2zYsK15m7hypv44A2V8CvLK9ol_MRnqSX-yqHMW7H4saPgY8F2FOpTl2P-Q9oVk7ksFJZOg", "blurb": "Controls over financial reporting." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "soc-2", "name": "SOC 2", "regions": [ "Africa", "Asia Pacific", "Europe", "USA" ], "logo": "https://lh3.googleusercontent.com/qeAnWwhe9dLvwNYLTyQNvHvOAZq9HdJZg_IXsDP2jjoacQTaAYFvHEbhTKSTgWUyrI3lxYziWPua1IQKfSSzqVbugl-QWliGH3Y0ag", "blurb": "Controls over security, availability, and confidentiality." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "soc-3", "name": "SOC 3", "regions": [ "Africa", "Asia Pacific", "Europe", "USA" ], "logo": "https://lh3.googleusercontent.com/o-kSN0Fooo1crLmlc_VgO2Mu2-stAdnEZVqiUc08-jkhNQhJUlNWpxEM_ClaWtZbphx9_pnuxFhXJeYlabFuosetWtZokaLHx0K8", "blurb": "Public report of controls over security, availability, and confidentiality." }, { "industries": [ "Retail" ], "casestudylink": "pci-dss", "name": "PCI DSS", "regions": [ "USA" ], "logo": "https://lh3.googleusercontent.com/FbrvKowtPeaKXIVPnsxM6dN5e2wibXhIUfqfr_kjIU-OlgwY7ADD_JomvDDyyB_3-zRimlubatfv66UOdW3KwNBDobVG_a3Iy_rRLtA=s0", "blurb": "Protecting customers’ card information." }, { "industries": [ "Government", "Healthcare/Life Sciences" ], "casestudylink": "hipaa-compliance", "name": "HIPAA", "regions": [ "USA" ], "logo": "https://lh3.googleusercontent.com/1W9UA07P3WkB1gBbO8bT1PxG6WyiyZJJOPi7Mr5qd62dcxAacsMZGXgyL37n7R346StiysB6o3fKXCicXjqq5prp2L7gUJ8DifhE", "blurb": "Protecting health information. Click here for the covered products and services under the Google Cloud BAA." }, { "industries": [ "Financial Services", "Healthcare/Life Sciences" ], "casestudylink": "csa-star", "name": "CSA STAR", "regions": [ "USA" ], "logo": "https://cloud.google.com/images/security/compliance/cloud-security-alliance-2x.png", "blurb": "Securing cloud computing environments." }, { "industries": [ "Government" ], "casestudylink": "fedramp", "name": "FedRAMP", "regions": [ "USA" ], "logo": "https://lh3.googleusercontent.com/GN5VBiAnjcFEfH0h4YDdRPnJgRQGTOmzF42B57638pXkpGMPhOTbMGoz3fj1GoGhP4iIq8IzFDZ1eNPD5rr7QqLSkWjeraz4gwHc", "blurb": "Assessment, authorization, and monitoring." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Retail", "Media/Entertainment" ], "casestudylink": "argentina-pdpl", "name": "Argentina Personal Data Protection Law 25,326", "regions": [ "Latin America" ], "logo": "https://lh3.googleusercontent.com/RV3b-QAqPZHUOAd8KrmKFeHdGav4_Cr51Fscv6rGtchVy6EZreFtIrZGROsCP-CHdTkR8i7vGn5R2e1jTt741xEFwX-7Ujq6wzKEMQ", "blurb": "Argentina Data Privacy & Protection." }, { "industries": [ "Education" ], "casestudylink": "australian-privacy-principles", "name": "Australian Privacy Principles (APP)", "regions": [ "Asia Pacific" ], "logo": "https://lh3.googleusercontent.com/jLvCbcZ2YpDH1IwJJRmmIiZbX4RBrj1SQdkCMUdLm6sBTdD8dG9nez3Y_Hqm_JXbeeW1UD0YiTGYK7-3TjE4N_yOOQE5_swshEjzpQ", "blurb": "Protecting personal information in Australia." }, { "industries": [ "Financial Services" ], "casestudylink": "apra", "name": "Australian Prudential Regulation Authority (APRA) Standards", "regions": [ "Asia Pacific" ], "logo": "https://lh3.googleusercontent.com/fgRDfFnDiaHhHbutJLfhSFz2Z_Cl2BWT0ucthkfdxWZrErO3teTKtH0tzUjP1poz777P5zhVS6vG3J3KDj2ajBfKjIrdWFjOhkdo5g", "blurb": "Prudential standards for financial services institutions." }, { "industries": [ "Financial Services", "Education", "Gaming", "Government", "Media/Entertainment", "Retail", "Healthcare/Life Sciences" ], "casestudylink": "coppa", "name": "COPPA (U.S.)", "regions": [ "USA" ], "logo": "https://lh3.googleusercontent.com/JatEy2bZh_jMS01X8SsvDUeStIjkoiWEtelQ2j1eIWpUgheXJ2ByeU-xajlhz_e_l24TgtB5qYpiluh2jFjrMJYDPmAjeAB7evlcr14", "blurb": "U.S. regulation applicable to the collection of personal information from children under the age of 13." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "eu-mcc", "name": "EU Model Contract Clauses", "regions": [ "Europe" ], "logo": "https://lh3.googleusercontent.com/sEicUASA7PGwfy0ssOO1zqCSEBE_8BfaYdN9RBfKEoVsgpzIolTcWEUDclJ69Y7zSjRqkbhzExS5-UViLJG58sb3zyUAaJaUd0mJ", "blurb": "Contract provisions for complying with the EU Data Protection Directive." }, { "industries": [ "Education" ], "casestudylink": "ferpa", "name": "FERPA (U.S.)", "regions": [ "USA" ], "logo": "https://lh3.googleusercontent.com/ZXDEzn3i6RF5EWxdfaFyJDEFWafGL9oJ0YCBWHI7nTfu8M3tkGqZ6vWWTTPneeAKPhFIXwDAUzAQ3uNK4wtWf43kgH51dgbxOwC6LQ", "blurb": "Protecting the privacy of student education records." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "fips-140-2-validated", "name": "FIPS 140-2 Validated", "regions": [ "Africa", "Asia Pacific", "Canada", "Europe", "Latin America", "USA" ], "logo": "https://lh3.googleusercontent.com/xD8uRWtWuS2feQe04ND0Jl8Yh2d84G-f6YX93S2lbZFZtsxPnG_hZd5zZiCOg1sjmtuYcDGZFbSvLQTVeWI29EsvyG_CKhWOpNT5Mw=s0", "blurb": "FIPS 140-2 Level 1 Certification Implementation for Google Cloud Platform." }, { "industries": [ "Financial Services" ], "casestudylink": "fisc", "name": "FISC (Japan)", "regions": [ "Asia Pacific" ], "logo": "https://lh3.googleusercontent.com/kAH-X6aPkvgdWzOznqs3hVuwV5W7YmkuGdCL2ev-hQDhC1QvCsd3fQWe6wFdfS51Bewc4U0VXrZ-kbtSjanczncw2ipZxf3UItaezQ", "blurb": "Security guidelines for financial institutions in Japan." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "gdpr", "name": "GDPR", "regions": [ "Europe" ], "logo": "https://lh3.googleusercontent.com/kHdqroSpT6b_NAIS0Fs2CjgPTIN0fAUvhPSetZsIf9komZxATcp6UveqshvRkubfe4mVrzUP1rVlouwqB_sgLlzeGleup5ZbOrm25NE", "blurb": "Support for complying with stronger EU data protection laws." }, { "industries": [ "Healthcare/Life Sciences" ], "casestudylink": "hitrust", "name": "HITRUST CSF", "regions": [ "USA", "Canada", "Europe" ], "logo": "https://lh3.googleusercontent.com/JBxdSeuizQGjjt5W3hQpbOQ_QNs_QyqGJlfSLrNdREhIdQXH0hBjy5M1zEcsKIfJXMz7IjGDQMomoQc1qz-7_bN-iVHfoC1Lr2df", "blurb": "Industry Agnostic Certification Framework for Regulatory Compliance and Risk Management." }, { "industries": [ "Media/Entertainment" ], "casestudylink": "ise", "name": "Independent Security Evaluators (ISE) Audit", "regions": [ "Africa", "Asia Pacific", "Canada", "Europe", "USA" ], "logo": "https://lh3.googleusercontent.com/qjobkMsLk5eYRhdYp8Xf9xUhRtIpju9CPLtUOhlolvOP9B6tFyeaA4Ba76ByksjL1FMk7PhyJgal6HNTNc7coJNdpJlIYQTnf1_xEQ=s0", "blurb": "Secure Tier 1 feature film’s workload compliance on GCP." }, { "industries": [ "Government" ], "casestudylink": "irap", "name": "IRAP (Information Security Registered Assessors Program) ", "regions": [ "Asia Pacific" ], "logo": "https://lh3.googleusercontent.com/yKE_nsHGLq6ZQhyiBaloqEhEku0UrmnR7O-ato9x-eoO4byReaTP0P1xxtO-LpNsXPNv_Nr2rnMI4wR6aCW9ITHUG7i9-bWQs46pjzs", "blurb": "Security certification for Australian government users." }, { "industries": [ "Government", "Healthcare/Life Sciences" ], "casestudylink": "uk-healthcare", "name": "NHS Digital Commercial Third-Party Information Governance Requirements", "regions": [ "Europe" ], "logo": "https://lh3.googleusercontent.com/jLvCbcZ2YpDH1IwJJRmmIiZbX4RBrj1SQdkCMUdLm6sBTdD8dG9nez3Y_Hqm_JXbeeW1UD0YiTGYK7-3TjE4N_yOOQE5_swshEjzpQ", "blurb": "Requirements for third-party cloud providers that have access to United Kingdom (UK) National Health Service (NHS) healthcare data." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "pipeda", "name": "The Personal Information Protection and Electronic Documents Act (PIPEDA)", "regions": [ "Canada" ], "logo": "https://lh3.googleusercontent.com/NtKgZCgKGfSF88Zwp4ryGeps0mJSBNudL-K9anQI9W7IbOPDBmYZoJ03fYFvuV3PvOBwkeLGAW4CYicD1xb7Anaww6ypEtfzZO06Sw", "blurb": "Federal privacy law for private-sector organizations in Canada." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "privacy-shield", "name": "Privacy Shield", "regions": [ "Europe" ], "logo": "https://lh3.googleusercontent.com/X03vV6h1QLZG54KxrB3hUDHMojn8zsQpQYg8ZXhBBXkOTLnLg0mG6XdvaN45S6fvuo7ALY9W1hQF-B1FQazd1VmWNww_OE4mXoOi=s0", "blurb": "A framework for complying with EU Data Protection Directive requirements." }, { "industries": [ "Government" ], "casestudylink": "uk-ncsc", "name": "UK NCSC Cloud Security Principles", "regions": [ "Europe" ], "logo": "https://lh3.googleusercontent.com/7Bfsvee8IfcvhwL4FXDhcZT3osWZ_TM2LaF6TuJ7ttQ5jjupo1XrReZKoXWk_frjvGWUwVyzGAc-BOgY1MFCvRextLLiGzX6g3jI380", "blurb": "Security guidelines for evaluating cloud services." }, { "industries": [ "Media/Entertainment" ], "casestudylink": "mpaa", "name": "MPAA", "regions": [ "USA" ], "logo": "https://lh3.googleusercontent.com/g32b-2Q019f3m1FcWsrPXdP-pEojIs6ho95F1UiysndnBlXnY7HobOyFkPKucy9M-w-1O7vCXYzzh2eQpGqNvkPoy3KIWPEK_XgmTz8", "blurb": "Protecting intellectual property data." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "mtcs", "name": "MTCS (Singapore) Tier 3", "regions": [ "Asia Pacific" ], "logo": "https://lh3.googleusercontent.com/CH7Gn-nuq3-GICe-8_bmi1PT3QwD02sG7NPueM9B9QtTVZ1Jo3ECJIBeXWBsXjMQvTHTWbxnfnJxgv2oGuONkxKbpIPBU5H45-i2", "blurb": "Tier-based cloud security standard." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "my-number-act", "name": "My Number Act (Japan)", "regions": [ "Asia Pacific" ], "logo": "https://lh3.googleusercontent.com/xKZuwFfVAcJhgeBR4AtwmZS2QzwlFxwlJlx9RKExWr9zZeiSKRDAJBz-_0FtLTVjxRtKyX0XBKI23zRLKbvJd5hQZvqAfiK3d0qKuQ", "blurb": "Protecting personal information and data in Japan." }, { "industries": [ "Government" ], "casestudylink": "nist800-53", "name": "NIST 800-53", "regions": [ "USA" ], "logo": "https://lh3.googleusercontent.com/MOq92UfiuZ0nqf72IQFxfmTeVRHfVCOG7N0unNiRX4Qr_fsNANtMnKNnZ3ASjdpeT2FMpQ17nfjo1QkfHU9XDV72cS93MD3b9yzN", "blurb": "Security and privacy requirements for United States Federal information systems." }, { "industries": [ "Government" ], "casestudylink": "nist800-171", "name": "NIST 800-171", "regions": [ "USA" ], "logo": "https://lh3.googleusercontent.com/W1EoHJShABvVr8CIcNOv_T70fUSIAjwbYpeUQB4dXkS8wYrQoUAOvMCE5E_fRnohu4tkZ5LVDtt441r3cisiMH3QCcFRpDzdG0NPQA", "blurb": "Security requirements for United States Federal controlled unclassified information." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "sarbanes-oxley-act", "name": "Sarbanes-Oxley Act (SOX)", "regions": [ "USA" ], "logo": "https://lh3.googleusercontent.com/Fn3MPCo86Xm4kO2YmxD3FK_7LTO0m00KCNWTFudiI0BOff9XTFhb1KTOGK43Ca5E_BoG0pYzAG3TsPlMOHgOFv-3NOR4S91kfypkEw", "blurb": "Improving the accuracy and reliability of corporate disclosures." }, { "industries": [ "Education", "Financial Services", "Gaming", "Government", "Healthcare/Life Sciences", "Media/Entertainment", "Retail" ], "casestudylink": "south-africa-popi", "name": "South Africa POPI", "regions": [ "Africa" ], "logo": "https://lh3.googleusercontent.com/eir1gWN-EGNho--tr6ABvBLsm0dO06p3nOQ7H5ZMZpwUVGDqarE87TgmiTkCp1GbP0F9ICTfNYV1Fo8ggqfQWBD6OZxft77Nb3bhkg", "blurb": "Protecting personal information in South Africa." }, { "industries": [ "Government" ], "casestudylink": "ens", "name": "Spain Esquema Nacional de Seguridad (ENS)", "regions": [ "Europe" ], "logo": "https://lh3.googleusercontent.com/CS7D_cXn_cUQx4Ki1fLSgfo9qp_0KezbqxnLmJVCL4-U2ykUoAW2OsuixWdKcRJxSIu---GDEkfrpl90a3pN07A_9cr9rKktOk5rSg=s0", "blurb": "Tier-based cloud security standard." }, { "industries": [ "Financial Services", "Education", "Gaming", "Government", "Media/Entertainment", "Retail", "Healthcare/Life Sciences" ], "casestudylink": "bsi-c5", "name": "Cloud Computing Compliance Controls Catalog (C5)", "regions": [ "Africa", "Asia Pacific", "Canada", "Europe", "Latin America", "USA" ], "logo": "https://lh3.googleusercontent.com/jLvCbcZ2YpDH1IwJJRmmIiZbX4RBrj1SQdkCMUdLm6sBTdD8dG9nez3Y_Hqm_JXbeeW1UD0YiTGYK7-3TjE4N_yOOQE5_swshEjzpQ", "blurb": "Information security of cloud services." }, { "industries": "Financial Services", "casestudylink": "sec", "name": "SEC Rule 17a-4(f), CFTC Rule 1.31(c)-(d), and FINRA Rule 4511(c)", "regions": "USA", "logo": "https://lh3.googleusercontent.com/jLvCbcZ2YpDH1IwJJRmmIiZbX4RBrj1SQdkCMUdLm6sBTdD8dG9nez3Y_Hqm_JXbeeW1UD0YiTGYK7-3TjE4N_yOOQE5_swshEjzpQ", "blurb": "US Record Retention Regulations" }, { "industries": [ "Financial Services", "Education", "Gaming", "Government", "Media/Entertainment", "Retail", "Healthcare/Life Sciences" ], "casestudylink": "tisax", "name": "TISAX", "regions": [ "Europe" ], "logo": "https://lh3.googleusercontent.com/SHj_IRwLjTqqZlvi8kNuZB0sGdu3oBRQF4sGfr4txxGB8cV8B87zggbvH3Nu3sHRvVbQ7eppx0srdwzkLk5T0Ed2rEIM59EvGfGang=s0", "blurb": "Trusted Information Security Assessment Exchange (TISAX). A consistent, standardized approach to information security systems for the European automotive industry." }, { "industries": [ "Financial Services" ], "casestudylink": "isae-3000-type-1", "name": "ISAE 3000 Type 1 Report", "regions": [ "Europe" ], "logo": "https://lh3.googleusercontent.com/qDr4NSP3qir5oGJSly-8Rxj4PxW7ZJFIVmDLzqBb2Vio5NXlQ4x-QcOcqufosuIO8e7kAEcEPtdTMeRGFTHfk6S4Voq2N-BojHjD=s0", "blurb": "Assessment of GCP control framework against specific FINMA (Swiss Financial Market Supervisory Authority) requirements." }, { "industries": [ "Education" ], "casestudylink": "hecvat", "name": "Higher Education Cloud Vendor Assessment Tool (HECVAT)", "regions": [ "USA" ], "logo": "https://lh3.googleusercontent.com/fgRDfFnDiaHhHbutJLfhSFz2Z_Cl2BWT0ucthkfdxWZrErO3teTKtH0tzUjP1poz777P5zhVS6vG3J3KDj2ajBfKjIrdWFjOhkdo5g", "blurb": "Protecting student data and user privacy." }, { "industries": [ "Healthcare/Life Sciences" ], "casestudylink": "hds", "name": "HDS", "regions": [ "Europe" ], "logo": "https://lh3.googleusercontent.com/RV3b-QAqPZHUOAd8KrmKFeHdGav4_Cr51Fscv6rGtchVy6EZreFtIrZGROsCP-CHdTkR8i7vGn5R2e1jTt741xEFwX-7Ujq6wzKEMQ", "blurb": "Hébergeur de Données de Santé (HDS)." }, { "industries": [ "Financial Services" ], "casestudylink": "ospar", "name": "OSPAR", "regions": [ "Asia Pacific" ], "logo": "https://lh3.googleusercontent.com/RV3b-QAqPZHUOAd8KrmKFeHdGav4_Cr51Fscv6rGtchVy6EZreFtIrZGROsCP-CHdTkR8i7vGn5R2e1jTt741xEFwX-7Ujq6wzKEMQ", "blurb": "ABS Guidelines on Control Objectives and Procedures for Outsourced Service Providers." } ] }