ISO logo
Global | ALL INDUSTRIES

ISO/IEC 27017

The International Organization for Standardization (ISO) is an independent, non-governmental organization with an international membership of 163 national standards bodies.

ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:

  • Additional implementation guidance for relevant controls specified in ISO/IEC 27002
  • Additional controls with implementation guidance that specifically relate to cloud services

This standard provides controls and implementation guidance for both cloud service providers like Google and our cloud service customers.

ISO/IEC 27017 provides cloud-based guidance on 37 ISO/IEC 27002 controls, along with seven new cloud controls that address:

  • Who is responsible for what between the cloud service provider and the cloud customer
  • The removal/return of assets when a contract is terminated
  • Protection and separation of the customer’s virtual environment
  • Virtual machine configuration
  • Administrative operations and procedures associated with the cloud environment
  • Customer monitoring of activity within the cloud
  • Virtual and cloud network environment alignment

Google Cloud Platform, Google Workspace, and Apigee are certified as ISO/IEC 27017:2015 compliant.

Google Cloud Platform, Google Workspace, and Apigee ISO 27017 certificates may be requested using the Compliance Reports Manager. Potential customers can reach out to sales for more information.

Google Cloud services that are in scope for ISO/IEC 27017

Google Cloud

Chronicle SIEM and Google Cloud Threat Intelligence for Chronicle are covered by the SecOps Services Agreement.

Access Approval
Access Context Manager
Access Transparency
Advanced API Security
Agent Assist
AI Platform Neural Architecture Search (NAS)
AI Platform Training and Prediction
AlloyDB
Anti-Money Laundering AI
API Gateway
Apigee
App Engine
Application Integration
Artifact Registry
Assured Workloads
AutoML Natural Language
AutoML Tables
AutoML Translation
AutoML Video
AutoML Vision
Backup and DR Service
Backup for GKE
Batch
BeyondCorp Enterprise
BigQuery
BigQuery Data Transfer Service
BigQuery Omni
Bigtable
Binary Authorization
CCAI Platform
Certificate Authority Service
Certificate Manager
Chronicle SIEM
Cloud Asset Inventory
Cloud Billing
Cloud Build
Cloud CDN
Cloud Composer
Cloud Console
Cloud Console App
Cloud Data Fusion
Cloud Deployment Manager
Cloud DNS
Cloud Endpoints
Cloud External Key Manager (Cloud EKM)
Cloud Filestore
Cloud Firewall
Cloud Functions
Cloud Functions for Firebase
Cloud Healthcare
Cloud HSM
Cloud IDS (Cloud Intrusion Detection System)
Cloud Interconnect
Cloud Key Management Service
Cloud Life Sciences
Cloud Load Balancing
Cloud Logging
Cloud Monitoring
Cloud NAT (Network Address Translation)
Cloud Natural Language API
Cloud Profiler
Cloud Router
Cloud Run
Cloud Scheduler
Cloud Service Mesh
Cloud Shell
Cloud Source Repositories
Cloud Spanner
Cloud Speaker ID
Cloud SQL
Cloud Storage
Cloud Storage for Firebase
Cloud Tasks
Cloud Trace
Cloud Translation
Cloud Vision
Cloud VPN
Cloud Workstations
Compute Engine
Connect
Contact Center AI (CCAI)
Contact Center AI Insights
Container Registry
Data Catalog
Database Migration Service
Dataflow
Dataplex
Dataproc
Dataproc Metastore
Datastore
Dataform
Datastream
Dialogflow
Discovery Solutions
Document AI
Document AI Warehouse
Eventarc
Firebase Authentication
Firebase Test Lab
Firestore
Gemini for Google Cloud
Generative AI on Vertex AI (formerly Generative AI Support on Vertex AI)
GKE Enterprise Config Management
GKE Identity Service
Google Cloud Armor
Google Cloud Deploy
Google Cloud Identity-Aware Proxy
Google Cloud Marketplace
Google Cloud NetApp Volumes (GCNV)
Google Cloud SDK
Google Cloud Threat Intelligence for Chronicle
Google Cloud VMware Engine (GCVE)
Google Earth Engine
Google Kubernetes Engine
Healthcare Data Engine
Hub
Identity & Access Management (IAM)
Identity Platform
Integration Connectors
Key Access Justifications (KAJ)
Knative serving
Looker (Google Cloud Core)
Looker Studio (formerly Google Data Studio)
Managed Service for Microsoft Active Directory (AD)
Mandiant Advantage Threat Intelligence
Mandiant Attack Surface Management
Mandiant Consulting IR
Mandiant Managed Defense
Mandiant Security Validation
Media CDN
Memorystore
Migrate to Virtual Machines
Migration Center
Network Connectivity Center
Network Intelligence Center
Network Service Tiers
Persistent Disk
Pub/Sub
reCAPTCHA Enterprise
Recommendations AI
Recommender
Resource Manager API
Retail Search
Risk Manager
Secret Manager
Secure Source Manager
Security Command Center
Sensitive Data Protection (including Cloud Data Loss Prevention)
Service Directory
Service Infrastructure
Service Mesh
Spectrum Access System
Speech-to-Text
Speech-to-Text On-Prem
Storage Transfer Service
Talent Solution
Text-to-Speech
Traffic Director
Transcoder API
Vertex AI Conversation (formerly Gen App Builder)
Vertex AI Data Labeling
Vertex AI Platform (formerly Vertex AI)
Vertex AI Search (formerly Gen App Builder – Enterprise Search)
Video Intelligence API
Virtual Private Cloud
VPC Service Controls
Web Risk API
Workflows
Workload Manager

* Indicates that the scope of this certification applies to this offering where Google acts as a processor of Service Data (in addition to Google acting as a processor of Customer Data). Google’s processing of Service Data as a processor is subject to agreement with relevant enterprise customers of this offering.

Admin Console*
Assignments*
Classroom*
Cloud Identity*
Cloud Search*
Gemini for Google Workspace
Gmail*
Google Calendar*
Google Chat*
Google Contacts*
Google Docs*
Google Drive*
Google Forms*
Google Groups*
Google Jamboard*
Google Keep*
Google Meet*
Google Sheets*
Google Sites*
Google Slides*
Google Tasks*
Google Vault*
Google Voice*
Google Workspace Migrate*
Mobile Device Management*
Read Along

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Get started for free
Google Cloud
send_spark
    DocsSupport
    • ‪English‬
    • ‪Deutsch‬
    • ‪Español‬
    • ‪Español (Latinoamérica)‬
    • ‪Français‬
    • ‪Indonesia‬
    • ‪Italiano‬
    • ‪Português (Brasil)‬
    • ‪简体中文‬
    • ‪繁體中文‬
    • ‪日本語‬
    • ‪한국어‬
    Console
    Sign in
    Security
    HomeIntel and expertiseSecOpsCloud securitySecurity resources
    Incident Response Assistance
    Contact Us
    • Accelerate your digital transformation
    • Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.
    • Google Cloud products
    • Browse over 100 products. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage limits.
    • Save money with our transparent approach to pricing
    • Google Cloud's pay-as-you-go pricing offers automatic savings based on monthly usage and discounted rates for prepaid resources. Contact us today to get a quote.
    Google Cloud