Learn optimization tips from IT leaders from Uber, Air Asia, Deloitte, ADT and more at our free IT Heroes Summit. Watch now.
ISO logo

Global | All industries

ISO/IEC 27001

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 163 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure.

ISO/IEC 27001:2022 outlines and provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.

Google Cloud, our Common Infrastructure, Google Workspace, Chrome, and Apigee are certified as ISO/IEC 27001:2022 compliant. The 27001 standard does not mandate specific information security controls, but the framework and checklist of controls it lays out allow Google to ensure a comprehensive and continually improving model for security management.

Google Cloud, Google Workspace, and Apigee ISO/IEC 27001 certificates may be requested via the Compliance Reports Manager. Potential customers can reach out to sales for more information.


Google Cloud services that are in scope for ISO/IEC 27001

Chronicle (Security) and Threat Intelligence for Chronicle are covered by the Chronicle terms of service.

* Indicates that the scope of this certification applies to this offering where Google acts as a processor of Service Data (in addition to Google acting as a processor of Customer Data). Google’s processing of Service Data as a processor is subject to agreement with relevant enterprise customers of this offering.

FAQs

Google Cloud is ISO/IEC 27001 compliant and has been for several years. In order to get a copy of the certification report to bring to your certification, visit the Related Documentation section of this page.

Your organization will have to seek out and obtain its own certification, but you can leverage the Google Cloud certificate to understand how we have implemented the requirements for our products. After your organization understands which ISO/IEC 27001 controls are already covered under the Google Cloud services, you can work to complete your own implementation and certification.

ISO/IEC 27017

Learn more

ISO/IEC 27018

Learn more