The International Organization for Standardization (ISO) is an independent, non-governmental
international organization with a membership of 163 national standards bodies.
The ISO/IEC 27000 family of standards
helps organizations keep information assets secure. ISO/IEC 27001 is a security standard that
outlines and provides the requirements for an information security management system (ISMS).
It specifies a set of best practices and details a list of security controls concerning the
management of information risks.
While the 27001 standard does not mandate specific information security controls, the
framework and checklist of controls it lays out allows Google to ensure a comprehensive and
continually improving model for security management.
Google Cloud Platform,
our Common Infrastructure,
and G Suite
are certified as ISO 27001 compliant.