Standards, regulations & certifications

To help you with compliance and reporting, we share information, best practices, and easy access to documentation. Our products regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We're constantly working to expand our coverage.

This site contains information about Google's certifications and compliance standards it satisfies as well as general information about certain region or sector-specific regulations.

ISO 27001

Managing information risks.

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 163 national standards bodies.

The ISO/IEC 27000 family of standards helps organizations keep information assets secure. ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.

While the 27001 standard does not mandate specific information security controls, the framework and checklist of controls it lays out allows Google to ensure a comprehensive and continually improving model for security management.

Google Cloud Platform, our Common Infrastructure, G Suite, and Chrome are certified as ISO 27001 compliant.

Google Cloud services that are in scope for ISO 27001:

Google Cloud Platform:
G Suite:
G Suite Admin SDK:
  • Cloud Print
  • Chrome Services
    • Chrome Education
    • Chrome Enterprise
    • Chrome Kiosk
    • Chrome nonprofit
  • Chrome Sync