EMEA | Financial services


The Prudential Regulation Authority (“PRA”) is a part of the Bank of England and is responsible for prudential regulation in the UK. The PRA supervises banks, building societies, credit unions, insurers and major investment firms and looks to determine whether they are being run in a safe and sound manner.

The SS2/21 Outsourcing and third party risk management (“SS2/21”) sets out the PRA’s expectations of how PRA-regulated firms should comply with regulatory requirements and expectations relating to outsourcing and third party risk management. SS2/21 provides specific guidance on: outsourcing agreements, data security, access, audit and information rights, sub-outsourcing, business continuity and exit plans.

Google Cloud’s contracts for financial institutions in the UK address the requirements in SS2/21. We have also created mappings to the guidelines for both GCP and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider. Google Cloud is committed to addressing these requirements regardless of how financial institutions choose to use our services.

ISO/IEC 27001

Learn more

ISO/IEC 27017

Learn more

ISO/IEC 27018

Learn more