The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 163 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure.
ISO/IEC 27001 outlines and provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.
Google Cloud, our Common Infrastructure, Google Workspace, Chrome, and Apigee are certified as ISO/IEC 27001 compliant. The 27001 standard does not mandate specific information security controls, but the framework and checklist of controls it lays out allow Google to ensure a comprehensive and continually improving model for security management.
Google Cloud is ISO/IEC 27001 compliant and has been for several years. In order to get a copy of the certification report to bring to your certification, visit the Related Documentation section of this page.
Your organization will have to seek out and obtain its own certification, but you can leverage the Google Cloud certificate to understand how we have implemented the requirements for our products. After your organization understands which ISO/IEC 27001 controls are already covered under the Google Cloud services, you can work to complete your own implementation and certification.