Back
soc

SOC 3

Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality.

SSAE 18 / ISAE 3402 Type II

The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards.

SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402).

SSAE 18 and ISAE 3402 are used to generate a report by an objective third-party attesting to a set of assertions made by an organization about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.

Google Cloud undergoes a regular third-party audit to certify individual products against this standard. Our SOC 3 reports for Google Cloud Platform and G Suite can be downloaded instantly.

Google Cloud services that are in scope for SOC 3

Relevant products & services

Cloud Data Loss Prevention

Provides fast, scalable classification and redaction for sensitive data elements like names, credit card numbers, GCP credentials, and more.

Learn more
VPC Service Controls

Keeps sensitive data private by defining a security perimeter around GCP resources like Cloud Storage buckets, Cloud Bigtable instances, and BigQuery datasets.

Learn more
Security Command Center

Prevent and detect threats in virtual machines, networks, applications, and storage from one location, and act on them before they cause damage or loss.

Learn more
Google Cloud Armor

Delivers defense at scale against infrastructure and application DDoS attacks using Google’s global infrastructure and security systems.

Learn more
Access Transparency

When Google Cloud Platform administrators access your content, Access Transparency gives you near real-time logs of their actions.

Learn more
Anthos

Built on Google-pioneered open source products like Kubernetes and Knative, Anthos lets you build hybrid applications, on-premises, or in the public cloud.

Learn more
Key Management Service

Manage cryptographic keys for your cloud services the same way you do on-premises, to protect secrets and other sensitive data that you store in GCP.

Learn more
OAuth apps whitelisting - G Suite

Ensure that users can only grant permission to trusted applications by controlling which third-party apps are allowed to access users’ G Suite data.

Learn more
Access Transparency - G Suite

Review logs of actions taken by Google staff when accessing user-generated text entered into Gmail, Docs, Sheets, Slides, and other apps.

Learn more
Security Center - G Suite

Protect your organization with security analytics and best practice recommendations from Google. Included with G Suite Enterprise edition.

Learn more
Cloud Data Loss Prevention - G Suite

Scan files for sensitive content and prevent users from sharing sensitive content in Google Drive or shared drive with people outside your organization.

Learn more
Alert Center - G Suite

Protect your organization from the latest security threats by getting real-time actionable alerts and security insights about activity in your domain.

Learn more
SOC 3 report for GCP
SOC 3 report for G Suite
SOC 3 report for GCP (Cloud Healthcare)
Reference
AICPA
SOC 3
SSAE 18
ISAE 3402
SOC Toolkit for Service Organizations
SOC 1
SOC 2
Region

Global

Industry

Industry-agnostic