Standards, Regulations & Certifications
SOC 3
Public report of controls over security, availability, and confidentiality.
SOC 3 is based on the existing SysTrust and WebTrust principles. Unlike SOC 1 and 2, SOC 3 reports for Google Cloud Platform and G Suite can be freely distributed to the public for general use. Google Cloud undergoes a regular third-party audit to certify individual products against this standard.
SSAE 16 / ISAE 3402 Type II
The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) to keep pace with globally recognized international accounting standards.
SSAE 16 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402).
SSAE 16 and ISAE 3402 are used to generate a report by an objective third-party attesting to a set of statements which an organization asserts about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.
Google Cloud services that are in scope for SOC 3:
Google Cloud Platform:
- App Engine
- App Engine Flexible Environment
- BigQuery
- BigQuery Data Transfer Service
- Cloud Armor
- Cloud Bigtable
- Cloud Build
- Cloud CDN (Content Delivery Network)
- Cloud Console
- Cloud Data Loss Prevention API
- Cloud Dataflow
- Cloud Datalab
- Cloud Dataproc
- Cloud Datastore
- Cloud Deployment Manager
- Dialogflow Enterprise Edition
- Cloud DNS (Domain Name System)
- Cloud Endpoints
- Cloud Firestore
- Cloud Functions
- Cloud Genomics
- Cloud Healthcare API
- Cloud IAM (Identity & Access Management)
- Cloud Identity-Aware Proxy
- Cloud Interconnect
- Cloud IoT Core
- Cloud Jobs API
- Cloud Key Management Service
- Cloud Load Balancing
- Cloud Machine Learning Engine
- Cloud Marketplace
- Cloud Mobile App
- Cloud Natural Language API
- Cloud Pub/Sub
- Cloud Router
- Cloud SDK
- Cloud Security Scanner
- Cloud Shell
- Cloud Source Repositories
- Cloud Spanner
- Cloud Speech-to-Text
- Cloud SQL
- Cloud Storage
- Cloud Storage Transfer Service
- Cloud Translation API
- Cloud Video Intelligence API
- Cloud Vision API
- Cloud VPN
- Compute Engine
- Container Registry
- Google Billing API
- Kubernetes Engine
- Orbitera
- Persistent Disk
- Resource Manager
- Service Control
- Service Consumer Management API
- Service Management API
- Stackdriver Debugger
- Stackdriver Error Reporting
- Stackdriver Logging
- Stackdriver Profiler
- Stackdriver Trace
- Virtual Private Cloud (VPC)
G Suite:
- Admin Console
- Calendar
- Classic Sites
- Classroom (Only for G Suite for Education)
- Cloud Search
- Contacts
- Docs
- Drive
- Forms
- Gmail
- Google+
- Groups
- Hangouts
- Hangouts Chat
- Hangouts Meet
- Inbox by Gmail
- Jamboard
- Keep
- Sheets
- Sites
- Slides
- Talk
- Tasks
- Vault
Additional Google Products:
- App Maker
- Chrome Sync
- Cloud Identity
- Google Apps Script
- Google Earth
- Google Now
- Google Translate
- Google Voice
- Mobile Device Management
Google Product APIs:
- Apps Activity API
- Calendar API
- Contacts API
- Drive Rest API
- Gmail Rest API
- Sheets API
- Sites API
- Tasks API
G Suite Admin SDK:
- Admin Settings API
- Apps E-mail Audit APi
- Directory API
- Domain Shared Contacts API
- Email Settings API
- Enterprise License Manager API
- Groups Migration API
- Groups Settings API
- Reports API
- Reseller API
- SAML-based SSO API
Supporting Services:
- Gmail Delivery
- Gmail Frontend/Middleware
- Gmail Medley
- Gmail Spam