Standards, Regulations & Certifications

To help you with compliance and reporting, we share information, best practices, and easy access to documentation. Our products regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We’re constantly working to expand our coverage.

ISO 27017

Controlling cloud-based information security.

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 163 national standards bodies.

The ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:

  • Additional implementation guidance for relevant controls specified in ISO/IEC 27002
  • Additional controls with implementation guidance that specifically relate to cloud services

This standard provides controls and implementation guidance for both cloud service providers (like Google) and our cloud service customers.

ISO 27017 provides cloud-based guidance on 37 of the controls in ISO 27002 but also features seven new cloud controls that address the following:

  • Who is responsible for what between the cloud service provider and the cloud customer
  • The removal/return of assets when a contract is terminated
  • Protection and separation of the customer’s virtual environment
  • Virtual machine configuration
  • Administrative operations and procedures associated with the cloud environment
  • Cloud customer monitoring of activity within the cloud
  • Virtual and cloud network environment alignment

Google Cloud Platform and G Suite are certified as ISO 27017 compliant.

Google Cloud services that are in scope for ISO 27017:

Google Cloud Platform:
G Suite:
Additional Google Products:
Google Product APIs:
G Suite Admin SDK:
Service / Dependency :
  • Gmail Delivery
  • Gmail Frontend / Middleware
  • Gmail Medley
  • Gmail Spam