Standards, Regulations & Certifications
SOC 3
Public report of controls over security, availability, and confidentiality.
SOC 3 is based on the existing SysTrust and WebTrust principles. Unlike SOC 1 and 2, SOC 3 reports for Google Cloud Platform and G Suite can be freely distributed to the public for general use. Google Cloud undergoes a regular third-party audit to certify individual products against this standard.
SSAE 16 / ISAE 3402 Type II
The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) to keep pace with globally recognized international accounting standards.
SSAE 16 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402).
SSAE 16 and ISAE 3402 are used to generate a report by an objective third-party attesting to a set of statements which an organization asserts about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.
Google Cloud services that are in scope for SOC 3:
Google Cloud Platform:
- Google App Engine
- Google App Engine Flexible Environment
- Google BigQuery
- Google Cloud Bigtable
- Google Billing API
- Google Cloud CDN (Content Delivery Network)
- Google Cloud Console
- Google Cloud Data Loss Prevention API
- Google Cloud Dataflow
- Google Cloud Dataproc
- Google Cloud Datastore
- Google Cloud DNS (Domain Name System)
- Google Cloud Functions
- Google Cloud IAM (Identity & Access Management)
- Google Cloud Jobs API
- Google Cloud Key Management Service
- Google Cloud Launcher
- Google Cloud Load Balancing
- Google Cloud Machine Learning Engine
- Google Cloud Mobile App
- Google Cloud Natural Language API
- Google Cloud Pub/Sub
- Google Cloud Resource Manager
- Google Cloud Router
- Google Cloud SDK
- Google Cloud Security Scanner
- Google Cloud Shell
- Google Cloud Source Repositories
- Google Cloud Speech API
- Google Cloud SQL
- Google Cloud Storage
- Google Cloud Translation API
- Google Cloud Virtual Network
- Google Cloud Vision API
- Google Cloud VPN
- Google Compute Engine
- Google Container Builder
- Google Kubernetes Engine
- Google Container Registry
- Google Deployment Manager
- Google Genomics
- Google Service Control
- Google Stackdriver Debugger
- Google Stackdriver Error Reporting
- Google Stackdriver Logging
- Google Stackdriver Trace
G Suite:
- Calendar
- Classroom (Only for G Suite for Education)
- Cloud Search
- Contacts
- Docs
- Drive
- Forms
- Gmail
- Google+
- Groups
- Hangouts
- Hangouts Meet
- Keep
- Sites
- Sheets
- Classic Sites
- Slides
- Vault
Additional Google Products:
- Admin Console
- App Maker
- Chrome Device Management
- Chrome Sync
- Cloud Identity
- Apps Script
- Google Now
- Google Translate
- Hangouts Chat
- Inbox by Gmail
- Jamboard
- Talk
- Tasks
Google Product APIs:
- Apps Activity API
- Calendar API
- Contacts API
- Drive Rest API
- Gmail Rest API
- Sheets API
- Sites API
- Tasks API
G Suite Admin SDK:
- Admin Settings API
- Calendar Resource API
- Domain Shared Contacts API
- Directory API
- Email Audit API
- Email Settings API
- Enterprise License Manager API
- Groups Migration API
- Groups Settings API
- Reports API
- SAML-based SSO API
- Reseller API
Supporting Services:
- Gmail Delivery
- Gmail Frontend/Middleware
- Gmail Medley
- Gmail Spam