The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 163 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure.
ISO/IEC 27001:2022 outlines and provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.
Google Cloud Platform, Google Workspace, Apigee and our Common Infrastructure are certified as ISO/IEC 27001:2022 compliant. The 27001 standard does not mandate specific information security controls, but the framework and checklist of controls it lays out allow Google to ensure a comprehensive and continually improving model for security management.
Google Cloud, Google Workspace, and Apigee ISO/IEC 27001 certificates may be requested using the Compliance Reports Manager. Potential customers can reach out to sales for more information.
Chronicle SIEM and Google Cloud Threat Intelligence for Chronicle are covered by the SecOps Services Agreement.
* Indicates that the scope of this certification applies to this offering where Google acts as a processor of Service Data (in addition to Google acting as a processor of Customer Data). Google’s processing of Service Data as a processor is subject to agreement with relevant enterprise customers of this offering.
Your organization will have to seek out and obtain its own certification, but you can leverage the Google Cloud certificate to understand how we have implemented the requirements for our products. After your organization understands which ISO/IEC 27001 controls are already covered under the Google Cloud services, you can work to complete your own implementation and certification.
Start building on Google Cloud with $300 in free credits and 20+ always free products.