Compliance resource center

Google Cloud’s industry-leading security, third-party audits and certifications, documentation, and legal commitments help support your compliance.

Contact us See compliance offerings

Google Cloud compliance

Our products regularly undergo independent verification of their security, privacy, and compliance controls, achieving certifications, attestations, and audit reports to demonstrate compliance. We’ve also created resource documents and mappings for compliance support when formal certifications or attestations may not be required or applied.

Download reports directly via our Compliance Reports Manager

Learn about:

  • Google Cloud certifications and the compliance standards that we satisfy
  • General information about regional and sector-specific regulations
  • The latest industry news and best practices updates
  • Documentation to aid your own reporting and compliance efforts

Compliance offerings by region

We continually expand our coverage against the most important global standards.

Canada

USA

Latin America

EMEA

Asia Pacific

See offerings for all regions
Map of the world showing five regions: Canada, USA, Latin American, EMEA, Asia Pacific

Strengthening operational resilience in financial services by migrating to Google Cloud

Google Workspace data protection implementation guide

Google Workspace data subject requests (DSR) guide

Protecting healthcare data on Google Cloud

Ontario's Personal Health Information Protection Act

Data residency, operational transparency, and privacy for European customers on Google Cloud

Trusting your data with Google Cloud Platform

Trusting your data with Google Workspace

See more whitepapers and guides

Compliance offerings by category

Certifications / attestations / reports

An independent third-party auditor has granted a formal certification, attestation, or audit report based on an assessment that affirms our compliance with these offerings.

Cloud Computing Compliance Controls Catalog (C5) | CSA STARSpain Esquema Nacional de Seguridad (ENS) | EU Cloud Code of Conduct | FedRAMP | FIPS 140-2 Validated | HDS | HITRUST CSF | Higher Education Cloud Vendor Assessment Tool (HECVAT) | Independent Security Evaluators (ISE) Audit | IRAP (Information Security Registered Assessors Program) | ISAE 3000 Type 2 Report (FINMA) | ISO/IEC 27001 | ISO/IEC 27017 | ISO/IEC 27018 | ISO/IEC 27701 | MTCS (Singapore) Tier 3 | OSPAR | PCI DSS | SEC Rule 17a-4(f), CFTC Rule 1.31(c)-(d), and FINRA Rule 4511(c) | SOC 1 | SOC 2 | SOC 3 | SWIPO Data Portability Code of Conduct | TISAX | U.S. Defense Information Systems Agency Provisional Authorization

Laws / regulations

Cloud service providers can’t provide formal certification of our customers’ compliance with these laws and regulations. But we work hard, via our products, technical capabilities, guidance documents and legal commitments, to make the compliance process as easy as possible for your organization.

Argentina Personal Data Protection Law 25,326 | ACPR - Order of 3 November 2014 | Australian Privacy Principles (APPs) | BaFin Cloud Outsourcing Guidance | Bank of Italy - Circular 285 | California Consumer Privacy Act (CCPA) | COPPA (U.S.) | CSSF - Circular 17/654 | EU Model Contract Clauses | FDIC Guidance for Managing Third Party Risk | FERPA (U.S.) | FG16/5 - FCA | FINMA Circular 2018/3 Outsourcing | FSC Insurance Outsourcing Directions | FSC Banking Outsourcing Regulations | GDPR | HIPAA | HKIA Outsourcing GL-14 | HKMA Outsourcing SA-2 | Hong Kong's Personal Data (Privacy) Ordinance (PDPO) | Indonesia Government Regulation No. 71 (GR 71) | KNF - Communication of 23 January 2020 | Lei Geral de Proteção de Dados (LGPD) | MaRisk AT 9 Outsourcing | My Number Act (Japan) | OJK Circular 21 of 2017 (SEOJK 21) | OJK Regulation No. 38 of 2016 (POJK 38) | PHIPA | Singapore’s Personal Data Protection (PDPA) | South Africa POPI | SYSC 8 Outsourcing - FCA Handbook | The Personal Information Protection and Electronic Documents Act (PIPEDA)

Alignments / frameworks

Our products, technical capabilities, guidance documents, and legal commitments help our customers map to these frameworks and alignments. These offerings may not require formal certification or attestation, though we may rely on our certifications, attestations, and reports to help our customers map to these frameworks and alignments.

Association of Banks in Singapore (ABS) Guide | Australian Prudential Regulation Authority (APRA) Standards | CSV Guidelines (Japan) | Criminal Justice Information Services (CJIS) | CyberGRX | EBA Outsourcing Guidelines | EIOPA | FFIEC Outsourcing Handbook | Federal Reserve Guidance on Managing Outsourcing Risk | FISC (Japan) | Impact Level 4 (IL4) (Beta) | Know Your Third Party (KY3P) Report | UK’s Cloud Security Principles | MeitY - India | Monetary Authority of Singapore (MAS) Guidelines | MPA | NEN 7510 | NISC (Japan) | NIST 800-34 - Contingency Planning | NIST 800-53 | NIST 800-171 | NHS Digital Commercial Third-Party Information Governance Requirements | OCC Third Party Risk Management Guidance | Standardized Information Gathering (SIG) Questionnaire | Three Guidelines from Three Ministries (Japan) | GxP

Learn more about trust and security

Get an overview of Google Cloud’s security model and capabilities

Learn more

See how we protect the privacy of Google Cloud customers

Learn more

Security products to help you meet policy, regulatory, and business objectives

Learn more

Take the next step

Tell us what you’re solving for. A Google Cloud expert will help you find the best solution.