SecOps Services in Scope by Compliance Program
Last modified: October 30, 2024
Capitalized terms have the meaning stated in the applicable agreement between Customer and Google.
A done in the table below indicates that the Service (row) is in scope for the specified certification or report (column).
Service |
ISO 27001 Certification |
ISO 27017 Certification |
ISO 27018 Certification |
SOC 1 Report |
SOC 2 Report |
SOC 3 Report |
PCI DSS Certification |
|---|---|---|---|---|---|---|---|
| Google Security Operations | doneIn scope | doneIn scope | doneIn scope | doneIn scope | doneIn scope | doneIn scope | done*In scope |
| Mandiant Consulting Services | doneIn scope | doneIn scope | doneIn scope | doneIn scope | doneIn scope | ||
| Mandiant Security Validation | doneIn scope | doneIn scope | doneIn scope | doneIn scope | doneIn scope | ||
| Mandiant Advantage Threat Intelligence | doneIn scope | doneIn scope | doneIn scope | doneIn scope | doneIn scope | ||
| Mandiant Attack Surface Management | doneIn scope | doneIn scope | doneIn scope | doneIn scope | doneIn scope | ||
| Mandiant Managed Defense | doneIn scope | doneIn scope | doneIn scope | doneIn scope | doneIn scope | doneIn scope |
*Subject to specific service configuration by customer. Certain features (e.g., Google Security Operations Looker integration) are not included in certification.
PREVIOUS VERSIONS