SecOps Services in Scope by Compliance Program

Capitalized terms have the meaning stated in the applicable agreement between Customer and Google.

A ✔ in the table below indicates that the Service (row) is in scope for the specified certification or report (column).

Service	ISO 27001 Certification	ISO 27017 Certification	ISO 27018 Certification	SOC 1 Report	SOC 2 Report	SOC 3 Report	PCI DSS Certification
Chronicle SIEM	✔	✔	✔	✔	✔	✔	✔*
Chronicle SOAR	✔	✔	✔	✔	✔	✔	✔
Mandiant Consulting Services	✔	✔	✔		✔	✔
Mandiant Security Validation	✔	✔	✔		✔	✔
Mandiant Advantage Threat Intelligence	✔	✔	✔		✔	✔
Mandiant Attack Surface Management	✔	✔	✔		✔	✔
Mandiant Managed Defense	✔	✔	✔		✔	✔	✔

Service

ISO 27001 Certification

ISO 27017 Certification

ISO 27018 Certification

SOC 1 Report

SOC 2 Report

SOC 3 Report

PCI DSS Certification

Chronicle SIEM

✔

✔*

Chronicle SOAR

✔

Mandiant Consulting Services

✔

Mandiant Security Validation

✔

Mandiant Advantage Threat Intelligence

✔

Mandiant Attack Surface Management

✔

Mandiant Managed Defense

✔

*Subject to specific service configuration by customer. Certain features (e.g., Chronicle Looker integration) are not included in certification.

Previous versions (Last modified May 23, 2024)