Global | ALL INDUSTRIES

SOC 3

Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality.

SSAE 18 / ISAE 3402 Type II

The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards.

SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402).

SSAE 18 and ISAE 3402 are used to generate a report by an objective third-party attesting to a set of assertions made by an organization about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.

Google Cloud undergoes a regular third-party audit to certify individual products against this standard. Our SOC 3 reports for Google Cloud and Google Workspace can be downloaded instantly.

Audit Reports

SOC 3 reports are issued semi-annually around June and December (period ending 30-April and 31-October) and can be requested via the Compliance Reports Manager, for Google Cloud and Google Workspace. Please note, bridge letters can not be issued for SOC 3 reports

Potential customers can reach out to sales for more information.

Google Cloud services in scope for SOC 3

Where we are simplifying the name of our service, we have also included its former name in parentheses

Access Approval

Access Context Manager

Access Transparency

AI Platform Data Labeling

AI Platform Neural Architecture Search (NAS)

AI Platform Training and Prediction

AlloyDB

Anthos Config Management (ACM)

Anthos Identity Service

Anthos Service Mesh

Anti-Money Laundering AI

API Gateway

Apigee

App Engine

Artifact Registry

Assured Workloads for Government

AutoML Natural Language

AutoML Tables

AutoML Translation

AutoML Video

AutoML Vision

Bare Metal Solution

Batch

BeyondCorp Enterprise

BigQuery

BigQuery Omni

BigQuery Data Transfer Service

Binary Authorization

Certificate Authority Service

Chronicle

Cloud Asset Inventory

Cloud Bigtable

Cloud Billing

Cloud Build

Cloud CDN

Cloud Composer

Cloud Data Fusion

Cloud Data Loss Prevention

Cloud Deployment Manager

Cloud DNS

Cloud Endpoints

Cloud External Key Manager (Cloud EKM)

Cloud Filestore

Cloud Functions

Cloud Functions for Firebase

Cloud Hardware Security Module (HSM)

Cloud Healthcare API

Cloud IDS (Cloud Intrusion Detection System)

Cloud Interconnect

Cloud Key Management Service (KMS)

Cloud Life Sciences (formerly Google Genomics)

Cloud Load Balancing

Cloud Logging

Cloud Monitoring

Cloud NAT (Network Address Translation)

Cloud Natural Language API

Cloud Profiler

Cloud Router

Cloud Run (fully managed)

Cloud Run for Anthos

Cloud Scheduler

Cloud SDK

Cloud Shell

Cloud Source Repositories

Cloud Spanner

Cloud Speaker ID

Cloud SQL

Cloud Storage

Cloud Storage for Firebase

Cloud Tasks

Cloud Trace

Cloud Translation

Cloud Virtual Private Network (VPN)

Cloud Vision

Compute Engine

Connect

Contact Center AI (CCAI)

Container Registry

Data Catalog

Database Migration Service

Dataflow

Datalab

Dataproc

Datastore

DataStream

Dialogflow

Document AI

Earth Engine

Eventarc

Firebase Authentication

Firebase Test Lab

Firestore

Game Servers

Google Cloud App

Google Cloud Armor

Google Cloud console

Google Cloud Deploy

Google Cloud Identity-Aware Proxy

Google Cloud Marketplace

Google Cloud Threat Intelligence for Chronicle

Google Cloud VMware Engine (GCVE)

Google Kubernetes Engine

Hub

Hosted Private HSM

Identity & Access Management (IAM)

Identity Platform

Insights

IoT Core

Key Access Justifications (KAJ)

Looker Studio

Managed Service for Microsoft Active Directory (AD)

Memorystore

Migrate for Compute Engine

Network Connectivity Center

Network Intelligence Center

Network Service Tiers

Notebooks (formerly AI Platform Notebooks)

Persistent Disk

Pub/Sub

reCAPTCHA Enterprise

Recommender

Resource Manager API

Risk Manager

Secret Manager

Security Command Center

Service Directory

Service Infrastructure

Speech-to-Text

Storage Transfer Service

Tables

Talent Solution

Text-to-Speech

Traffic Director

Transcoder API

Vertex AI (formerly AI Platform)

Video Intelligence API

Virtual Private Cloud (VPC)

VirusTotal

VPC Service Controls

Web Risk API

Workflows

Admin Console

Assignments

Calendar

Calendar API

Classroom

Cloud Identity

Cloud Search

Contacts

Currents

Docs

Drive

Drive Activity API

Drive Rest API

Forms

Gmail

Gmail Rest API

Google Chat

Google Meet

Google Workspace Migrate

Groups

Hangouts

Jamboard

Keep

Mobile Device Management

Sheets

Sheets API

Sites (Classic)

Sites (New)

Sites API

Slides

Tasks

Tasks API

Vault

Voice

Alert Center API

Apps Email Audit API

Apps Script

Data Transfer API

Directory API

Domain Shared Contacts API

Enterprise License Manager API

Groups Migration API

Groups Settings API

People API

Reports API

Reseller API

SAML-based SSO API

Business Messages

RCS Business Messaging

Rich Communication Services (RCS)

Spectrum Access System

Chronicle

SOC 1

Learn more

SOC 2

Learn more

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Get started for free

Take the next step

Start your next project, explore interactive tutorials, and manage your account.

Contact sales

Learn security best practices
See our best practices
Solve common problems
Watch security use-case videos
Work with a partner
See our security partners

Learn security best practices
See our best practices
Solve common problems
Watch security use-case videos
Work with a partner
See our security partners

SOC 3

Quick links

Google Cloud services in scope for SOC 3

Related offerings

Take the next step

Take the next step