The PCI Security Standards Council is
a global forum for the ongoing development, enhancement,
storage, dissemination, and implementation of security
standards for account data protection. The Standards Council
was established by the major credit card associations (Visa,
MasterCard, American Express, Discover, JCB) as a separate
organization to define appropriate practices that merchants
and service providers should follow to protect cardholder
data. It is this council of companies that created
the Payment Card Industry (PCI) Data Security Standards (DSS).
PCI DSS is a set of network security and
business best practices guidelines adopted
by the PCI Security Standards Council to establish a
“minimum security standard” to protect customers’ payment
card information. The scope of the PCI DSS includes all
systems, networks, and applications that process, store, or
transmit cardholder data, and also systems that are used to
secure and log access to the systems in scope.
Google Cloud undergoes an annual third-party audit to
certify individual products against the PCI DSS. This means
that these services provide an infrastructure upon which
customers may build their own services or applications which
store, process, or transmit cardholder data.
It is important to note that customers are still
responsible for ensuring that their applications are PCI DSS
compliant. To learn how to use Google Cloud Platform to
implement PCI DSS in your application,
see Creating a PCI-DSS-Compliant Environment.
The following Google Cloud services have been reviewed by
independent Qualified Security Assessor and
determined to be PCI DSS 3.2.1 compliant. This means that
these services provide an infrastructure upon which
customers may build their own service or application which
stores, processes, or transmits cardholder data. We have
this matrix to
help explain the shared responsibility between Google and
PCI DSS reports may be requested via
the Compliance Reports Manager.
Potential customers can reach out
to sales for