Standards, regulations & certifications
To help you with compliance and reporting, we share information, best practices, and easy access to documentation. Our products regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We're constantly working to expand our coverage.
This site contains information about Google's certifications and compliance standards it satisfies as well as general information about certain region or sector-specific regulations.
SOC 1
Controls over financial reporting.
A SOC 1 report documents a service organization’s controls that may be relevant to financial reporting. Google Cloud Platform undergoes a regular third-party audit to certify individual products against this standard.
SSAE 16 / ISAE 3402 Type II
The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) to keep pace with globally recognized international accounting standards.
SSAE 16 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402).
SSAE 16 and ISAE 3402 are used to generate a report by an objective third-party attesting to a set of statements which an organization asserts about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.
Google Cloud services that are in scope for SOC 1:
Google Cloud Platform:
- App Engine
- BigQuery
- BigQuery Data Transfer Service
- Cloud Armor
- Cloud AutoML Natural Language
- Cloud AutoML Translation
- Cloud AutoML Vision
- Cloud Bigtable
- Cloud Billing API
- Cloud Build
- Cloud CDN
- Cloud Console
- Cloud Console Mobile App
- Cloud Dataflow
- Cloud Datalab
- Cloud Dataproc
- Cloud Datastore
- Cloud Deployment Manager
- Cloud DNS
- Cloud Endpoints
- Cloud Firestore
- Cloud Functions
- Cloud Healthcare API
- Cloud HSM
- Cloud Identity and Access Management
- Cloud Identity-Aware Proxy
- Cloud Interconnect
- Cloud IoT Core
- Cloud Key Management Service
- Cloud Load Balancing
- Cloud Machine Learning Engine
- Cloud Memorystore
- Cloud Natural Language API
- Cloud Pub/Sub
- Cloud Resource Manager
- Cloud Router
- Cloud SDK
- Cloud Security Scanner
- Cloud Shell
- Cloud Source Repositories
- Cloud Spanner
- Cloud Speech-to-Text
- Cloud SQL
- Cloud Storage
- Cloud Storage Transfer Service
- Cloud Talent Solution
- Cloud Text-to-Speech
- Cloud Translation API
- Cloud Video Intelligence API
- Cloud Vision API
- Cloud VPN
- Compute Engine
- Container Registry
- Data Loss Prevention API
- Dialogflow
- GCP Marketplace
- Genomics
- Google Service Control
- Kubernetes Engine
- Orbitera
- Persistent Disk
- Service Consumer Management API
- Service Management API
- Stackdriver Debugger
- Stackdriver Error Reporting
- Stackdriver Logging
- Stackdriver Profiler
- Stackdriver Trace
- Virtual Private Cloud (VPC)
G Suite:
- Admin Console
- Calendar
- Classroom (Only for G Suite for Education)
- Cloud Identity
- Cloud Search
- Contacts
- Docs
- Drive
- Forms
- Gmail
- Google+
- Groups
- Hangouts
- Hangouts Chat
- Hangouts Meet
- Jamboard
- Keep
- Mobile Device Management
- Sheets
- Sites (Classic / New)
- Slides
- Talk
- Tasks
- Vault
Additional Google Products:
- App Maker
- Google Apps Script
- Google Voice
Google Product APIs:
- Apps Activity API
- Calendar API
- Contacts API
- Drive Rest API
- Gmail Rest API
- Sheets API
- Sites API
- Tasks API