Standards, regulations & certifications

To help you with compliance and reporting, we share information, best practices, and easy access to documentation. Our products regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We're constantly working to expand our coverage.

This site contains information about Google's certifications and compliance standards it satisfies as well as general information about certain region or sector-specific regulations.

Sarbanes-Oxley Act (SOX)

Improving the accuracy and reliability of corporate disclosures.

As part of SOX requirements, each U.S. public company is responsible for establishing and monitoring internal controls, including those maintained by a third party, such as a cloud service provider. Therefore, if a (potential) cloud customer is a U.S. public company or planning to become public, they should think about how using a cloud provider impacts their financial reporting controls.

If a customer processes accounting or financial information on Google Cloud Platform, the customer‘s management may determine that some Google Cloud Platform services are in scope for their SOX obligations. The customer‘s management must make their own judgment regarding Google Cloud Platform’s SOX applicability. If the customer requests information about controls over specific GCP products, we refer them to the Google Cloud Platform Service Organization Control (SOC) 1 Type II report. This report includes Google‘s descriptions of GCP systems and controls, an independent auditor opinion on the accuracy of management‘s description, an independent auditor opinion on appropriateness of the controls described in meeting the stated objectives, and an independent auditor opinion on the effectiveness of those controls in meeting the stated objectives.