Standards, regulations & certifications

To help you with compliance and reporting, we share information, best practices, and easy access to documentation. Our products regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We're constantly working to expand our coverage.

This site contains information about Google's certifications and compliance standards it satisfies as well as general information about certain region or sector-specific regulations.

IRAP (Information Security Registered Assessors Program)

Security certification for Australian government users.

IRAP provides a framework for assessing the implementation, appropriateness, and effectiveness of an organization's security controls against Australian government security requirements.

Based on an evaluation from an independent third party assessor, Google Cloud Platform has received IRAP certification for a subset of services by the Australian Cyber Security Center (ACSC), which is a part of the Australian Signals Directorate (ASD). Achieving IRAP certification places Google Cloud on the ASD's Cloud Services List (CCSL), which is a confirmation that GCP's physical, personnel and information security controls meet ASD's requirements.

IRAP certification and publication on the CCSL not only provides a path for our customers to work with the Australian government, it also opens the door for Australian federal, state, and local government agencies to store data and run workloads on GCP.