Standards, Regulations & Certifications

To help you with compliance and reporting, we share information, best practices, and easy access to documentation. Our products regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We’re constantly working to expand our coverage.

SOC 2

Controls over security, availability, and confidentiality.

SOC 2 is a report based on AICPA’s existing Trust Services principles and criteria. The purpose of the SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, and confidentiality or privacy. Google Cloud undergoes a regular third-party audit to certify individual products against this standard.

SSAE 16 / ISAE 3402 Type II

The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) to keep pace with globally recognized international accounting standards.

SSAE 16 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402), both of which are used to generate a report by an objective third-party attesting to a set of statements that an organization asserts about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.

Google Cloud services that are in scope for SOC 2:

Google Cloud Platform:
G Suite:
Additional Google Products:
Google Product APIs:
G Suite Admin SDK:
Supporting Services:
  • Gmail Delivery
  • Gmail Frontend/Middleware
  • Gmail Medley
  • Gmail Spam