SOC 3

Like SOC 2, the Service and Organization Controls (SOC) 3 report is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) SSAE 18, which evaluates the service organization’s controls relevant to the Trust Services Criteria of security, availability, processing integrity, confidentiality, or privacy. The SOC 3 is a public report which is based on the same scope as the related SOC 2 report.

Looking for Google Cloud and Google Workspace SOC 3 reports? Customers can request the reports at their convenience via Compliance Reports Manager.

Google Cloud and SOC 3 compliance

Accessing Google Cloud’s SOC 3 reports

Google Cloud regularly undergoes third-party audits for our products, systems, and infrastructure related to this standard. The SOC 3 reports are generated by an objective third party attesting to a set of assertions made by Google Cloud about its controls that are in place to protect customer data. The audit firm’s evaluation includes comprehensive testing of the design and operating effectiveness of the controls within the audit period.

Customers may use the SOC 3 report to assess the risks arising from interactions with the assessed Google Cloud and Google Workspace systems throughout the period.

Google Cloud’s SOC 3 timelines

Core Google Cloud and Google Workspace SOC 3 reports

The core Google Cloud and Google Workspace SOC 3 reports are issued semi-annually and can be downloaded via the Compliance Reports Manager. The coverage periods and issuance dates for these reports are:

First half of the year
Coverage period: May 1 - April 30
Estimated issuance: mid-June
Second half of the year
Coverage period: November 1 - October 31
Estimated issuance: mid-December

Additional Google Cloud SOC 3 reports

We issue separate SOC 3 reports for a small subset of Google Cloud products, including AppSheet, Backup and Disaster Recovery, Google Cloud VMware Engine, Bare Metal Solution, Google Security Operations SOAR, and Looker (Google Cloud core). These reports are issued annually and customers can obtain these reports by contacting sales or support.

Bridge letters

Google Cloud does not issue bridge letters for SOC 3. If a bridge letter is needed, please refer to the bridge letters that are issued for the related SOC 2 report.

FAQs

Who performs the independent third-party audit?

Google Cloud’s independent auditors are Ernst & Young LLP and Coalfire.

Services in scope

Below are Google Cloud services that are in scope for SOC 3.

Google Cloud

Where we are simplifying the name of our service, we have also included its former name in parentheses.

Access Approval

Access Context Manager

Access Transparency

Advanced API Security

Agent Assist

AI Platform Deep Learning Container

AI Platform Neural Architecture Search (NAS)

AI Platform Training and Prediction

Anti-Money Laundering (AML) AI

Application Integration

Artifact Analysis

Artifact Registry

Assured Workloads

AutoML Natural Language

AutoML Tables

AutoML Translation

AutoML Video

AutoML Vision

Backup and DR Service

Backup for GKE

Bare Metal Solution

BigQuery Data Transfer Service

BigQuery Omni

Binary Authorization

Certificate Authority Service

Certificate Manager

Cloud Asset Inventory

Cloud Bigtable

Cloud Billing

Cloud Build

Cloud Composer

Cloud Console

Cloud Console App

Cloud Data Fusion

Cloud Deployment Manager

Cloud Endpoints

Cloud External Key Manager (Cloud EKM)

Cloud Filestore

Cloud Firewall

Cloud Functions

Cloud Functions for Firebase

Cloud Healthcare

Cloud Hardware Security Module (HSM)

Cloud Intrusion Detection System (IDS)

Cloud Interconnect

Cloud Key Management Service

Cloud Life Sciences (formerly Google Genomics)

Cloud Load Balancing

Cloud Logging (formerly Stackdriver Logging)

Cloud Monitoring (formerly Stackdriver Monitoring)

Cloud NAT (Network Address Translation)

Cloud Natural Language API

Cloud Profiler (formerly Stackdriver Profiler)

Cloud Router

Cloud Run (fully managed)

Cloud Run for Anthos

Cloud Scheduler

Cloud Service Mesh

Cloud Shell

Cloud Source Repositories

Cloud Spanner

Cloud Speaker ID

Cloud Storage

Cloud Storage for Firebase

Cloud Tasks

Cloud Trace (formerly Stackdriver Trace)

Cloud Translation

Cloud Vision

Cloud Workstations

Compute Engine

Contact Center AI (CCAI)

Contact Center AI Insights

Contact Center AI Platform

Container Registry

Data Catalog

Dataproc Metastore

Discovery Solutions

Document AI

Document AI Warehouse

Earth Engine

Firebase Authentication

Firebase Test Lab

Gemini for Google Cloud

Generative AI on Vertex AI (Generative AI Support on Vertex AI)

GKE Enterprise Config Management

GKE Identity Service

Google Cloud Armor

Google Cloud Deploy

Google Cloud Identity-Aware Proxy

Google Cloud Marketplace

Google Cloud VMware Engine (GCVE)

Google Kubernetes Engine

Google Security Operations

Healthcare Data Engine (HDE)

Hosted Private HSM

Identity & Access Management (IAM)

Identity Platform

Infrastructure Manager

Looker (Google Cloud core)

Managed Service for Microsoft Active Directory (AD)

Mandiant Advantage Threat Intelligence

Mandiant Attack Surface Management

Mandiant Consulting IR

Mandiant Managed Defense

Mandiant Security Validation

Memorystore

Migrate to Virtual Machines (formerly Migrate for Compute Engine)

Migration Center

Network Connectivity Center

Network Intelligence Center

Network Service Tiers

Notebooks (formerly AI Platform Notebooks)

Persistent Disk

reCAPTCHA Enterprise

Recommendations AI

Recommender

Resource Manager API

Retail Search

Secret Manager

Secure Source Manager

Security Command Center

Sensitive Data Protection (including Cloud Data Loss Prevention)

Service Consumer Management

Service Directory

Service Infrastructure

Service Mesh

Spectrum Access System

Service Management

Service Management API

Speech-to-Text

Storage Transfer Service

Talent Solution

Text-to-Speech

Threat Intelligence for Google Security Operations

Traffic Director

Transcoder API

Vertex AI (formerly AI Platform)

Vertex AI Codey

Vertex AI Colab Enterprise

Vertex AI Conversation (formerly Generative AI App Builder)

Vertex AI Data Labeling

Vertex AI Search (formerly Gen App Builder - Enterprise Search)

Vertex AI Workbench Instances

Video Intelligence API

Virtual Private Cloud (VPC)

VPC Service Controls

Web Risk API

Workload Manager

Google Workspace Admin SDK

Alert Center API

Apps Email Audit API

Apps Script

Data Transfer API

Directory API

Domain Shared Contacts API

Enterprise License Manager API

Groups Migration API

Groups Settings API

Reports API

Reseller API

SAML-based SSO API

Communications

Business Messages

RCS Business Messaging

Rich Communication Services (RCS)

Spectrum Access System

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Get started for free

Learn security best practices
See our best practices
Solve common problems
Watch security use-case videos
Work with a partner
See our security partners

DocumentationAssistance

Assistance à la réponse aux incidents

Page d'accueilRenseignements et expertiseSecOpsSécurité du cloudRessources concernant la sécurité

Assistance à la réponse aux incidents

Accélérez votre transformation numérique
Votre entreprise a déjà bien amorcé son processus de transformation numérique ? Vous n'en êtes qu'aux premiers stades ? Dans les deux cas, Google Cloud peut vous aider à relever vos défis les plus complexes.
En savoir plus

Solutions par secteur d'activité
Réduisez les coûts, augmentez l'agilité opérationnelle et saisissez de nouvelles opportunités commerciales.
Afficher toutes les solutions par secteur d'activité

Produits Google Cloud
Parcourez plus de 100 produits. Les nouveaux clients bénéficient de 300 $ de crédits gratuits pour exécuter, tester et déployer des charges de travail. Tous les clients peuvent utiliser plus de 25 produits gratuitement, dans les limites mensuelles spécifiées.
Voir tous les produits (plus de 100)

Faites des économies grâce à notre approche transparente concernant la tarification
Le paiement à l'usage de Google Cloud permet de réaliser des économies automatiques basées sur votre utilisation mensuelle et des tarifs réduits pour les ressources prépayées. Contactez-nous dès aujourd'hui afin d'obtenir un devis.
Demander un devis

Tarifs spécifiques au produit
Compute Engine
Cloud SQL
Google Kubernetes Engine
Cloud Storage
BigQuery
Afficher tous les tarifs pour plus de 100 produits

Accélérez votre transformation numérique
En savoir plus
Principaux avantages
Pourquoi choisir Google Cloud
IA et ML
Multicloud
Infrastructure mondiale
Cloud de données
Cloud ouvert
Sécurité
Productivité et collaboration
Rapports et insights
Insights pour les dirigeants
Rapports d'analystes
Livres blancs
Témoignages de clients

Faites des économies grâce à notre approche transparente concernant la tarification
Demander un devis
Présentation et outils de tarification
Tarifs de Google Cloud
Simulateur de coût
Version gratuite de Google Cloud
Framework d'optimisation des coûts
Outils de gestion des coûts
Tarifs spécifiques au produit
Compute Engine
Cloud SQL
Google Kubernetes Engine
Cloud Storage
BigQuery
Afficher tous les tarifs pour plus de 100 produits