Back

SOC 3

Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality.

SSAE 18 / ISAE 3402 Type II

The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards.

SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402).

SSAE 18 and ISAE 3402 are used to generate a report by an objective third-party attesting to a set of assertions made by an organization about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.

Google Cloud undergoes a regular third-party audit to certify individual products against this standard. Our SOC 3 reports for Google Cloud Platform and G Suite can be downloaded instantly.

Google Cloud services that are in scope for SOC 3

Google Cloud Platform

Where we are simplifying the name of our service, we have also included its former name in parentheses

Access Context Manager

Access Transparency

AI Platform Notebooks

AI Platform Training (AI Platform Training and Prediction)

App Engine

AutoML Natural Language (Cloud AutoML Natural Language)

AutoML Tables

AutoML Translation (Cloud AutoML Translation)

AutoML Video Intelligence (Cloud AutoML Video)

AutoML Vision (Cloud AutoML Vision)

BigQuery

BigQuery Data Transfer Service

Cloud Bigtable

Cloud Billing (Cloud Billing API)

Cloud Build

Cloud CDN

Cloud Console Mobile App

Cloud Data Loss Prevention (Data Loss Prevention)

Cloud Deployment Manager

Cloud DNS

Cloud Endpoints

Cloud Functions

Cloud Functions for Firebase

Cloud Healthcare API (Cloud Healthcare)

Cloud Healthcare Search

Cloud HSM

Cloud Identity and Access Management

Cloud Interconnect

Cloud Key Management Service

Cloud Life Sciences

Cloud Load Balancing

Cloud NAT

Cloud Natural Language API (Cloud Natural Language)

Cloud Router

Cloud Run

Cloud SDK

Cloud Shell

Cloud Source Repositories

Cloud Spanner

Cloud SQL

Cloud Storage

Cloud Storage for Firebase

Cloud Storage Transfer Service

Cloud Translation (Cloud Translation API)

Cloud Vision (Cloud Vision API)

Cloud VPN

Compute Engine

Container Registry

Dataflow (Cloud Dataflow)

Datalab (Cloud Datalab)

Dataproc (Cloud Dataproc)

Datastore (Cloud Datastore)

Data Catalog

Dialogflow (Dialogflow Enterprise Edition)

Filestore (Cloud Filestore)

Firebase Authentication

Firebase Test Lab for Android

Firestore (Cloud Firestore)

Google Cloud Armor (Cloud Armor)

Google Cloud Console (Cloud Console)

Google Cloud Marketplace (GCP Marketplace)

Google Kubernetes Engine (Kubernetes Engine)

Google Service Management

Identity-Aware Proxy (Cloud Identity-Aware Proxy)

Identity Platform

IoT Core (Cloud IoT Core)

Memorystore (Cloud Memorystore)

Network Service Tiers

Orbitera

Persistent Disk

Pub/Sub (Cloud Pub/Sub)

Resource Manager (Cloud Resource Manager)

Service Consumer Management

Service Control (Google Service Control)

Speech-to-Text (Cloud Speech-to-Text)

Stackdriver Debugger

Stackdriver Error Reporting

Stackdriver Logging

Stackdriver Profiler

Stackdriver Trace

Talent Solution (Cloud Talent Solution)

Text-to-Speech (Cloud Text-to-Speech)

Video Intelligence API (Cloud Video Intelligence API)

Virtual Private Cloud (VPC)

VPC Service Controls

Web Security Scanner (Cloud Security Scanner)

G Suite

App Maker

Calendar

Calendar API

Classroom

Cloud Identity

Admin Console

Cloud Search

Contacts

Contacts API

Docs

Drive

Drive Activity API

Drive Rest API

Forms

Gmail

Gmail Rest API

Google Apps Script

Google+

Groups

Hangouts

Hangouts Chat

Hangouts Meet

Jamboard

Keep

Mobile Device Management

Sheets

Sheets API

Sites (classic / new)

Sites API

Slides

Talk

Tasks

Tasks API

Vault

Voice

G Suite Admin SDK

Alert Center API

Apps Email Audit API

Data Transfer API

Directory API

Domain Shared Contacts API

Email Settings API

Enterprise License Manager API

Groups Migration API

Groups Settings API

Reports API

Reseller API

SAML-based SSO API

Relevant products & services

Cloud Data Loss Prevention

Provides fast, scalable classification and redaction for sensitive data elements like names, credit card numbers, GCP credentials, and more.

VPC Service Controls

Keeps sensitive data private by defining a security perimeter around GCP resources like Cloud Storage buckets, Cloud Bigtable instances, and BigQuery datasets.

Security Command Center

Prevent and detect threats in virtual machines, networks, applications, and storage from one location, and act on them before they cause damage or loss.

Google Cloud Armor

Delivers defense at scale against infrastructure and application DDoS attacks using Google’s global infrastructure and security systems.

Access Transparency

When Google Cloud Platform administrators access your content, Access Transparency gives you near real-time logs of their actions.

Anthos

Built on Google-pioneered open source products like Kubernetes and Knative, Anthos lets you build hybrid applications, on-premises, or in the public cloud.

Key Management Service

Manage cryptographic keys for your cloud services the same way you do on-premises, to protect secrets and other sensitive data that you store in GCP.

OAuth apps whitelisting - G Suite

Ensure that users can only grant permission to trusted applications by controlling which third-party apps are allowed to access users’ G Suite data.

Access Transparency - G Suite

Review logs of actions taken by Google staff when accessing user-generated text entered into Gmail, Docs, Sheets, Slides, and other apps.

Security Center - G Suite

Protect your organization with security analytics and best practice recommendations from Google. Included with G Suite Enterprise edition.

Cloud Data Loss Prevention - G Suite

Scan files for sensitive content and prevent users from sharing sensitive content in Google Drive or shared drive with people outside your organization.

Alert Center - G Suite

Protect your organization from the latest security threats by getting real-time actionable alerts and security insights about activity in your domain.

Reference

AICPA

SOC 3

SSAE 18

ISAE 3402

SOC Toolkit for Service Organizations

Related offerings

SOC 1

SOC 2

Region

Global

Industry

Industry-agnostic

SOC 3

SSAE 18 / ISAE 3402 Type II

Google Cloud services that are in scope for SOC 3

Google Cloud Platform

G Suite

G Suite Admin SDK

Relevant products & services

Cloud Data Loss Prevention

VPC Service Controls

Security Command Center

Google Cloud Armor

Access Transparency

Anthos

Key Management Service

OAuth apps whitelisting - G Suite

Access Transparency - G Suite

Security Center - G Suite

Cloud Data Loss Prevention - G Suite

Alert Center - G Suite

Related documentation

Reference

Related offerings

Region

Industry