Google Cloud undergoes a regular third-party audit to certify individual products against this standard. Our SOC 2 reports gives you a detailed view of our existing controls over security, availability, processing integrity, and confidentiality or privacy in order to assess Google Cloud as your cloud service provider.
Google Cloud undergoes a regular third-party audit to certify individual products against the SOC 3 standard. Our SOC 3 report gives you a broad view of our existing controls over security, availability, processing integrity, and confidentiality or privacy, serving as a quick reference guide when starting your GDPR risk assessment of Google Cloud as a data processor.
CSA STAR encompasses key principles of transparency, rigorous auditing, and harmonization of standards. CSA STAR allows cloud providers to submit self assessment reports that document compliance to CSA-published best practices. Google’s CSA self assessment can help your assessment of our services, particularly as it relates to Article 28 of the GDPR.
Google Cloud Platform, our Common Infrastructure, and Google Workspace are certified as ISO/IEC 27001 compliant. ISO/IEC 27001 outlines and provides the requirements for an information security management system, specifying best practices and details a list of security controls concerning the management of information risks.
The ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services.
ISO/IEC 27018 relates to the protection of personally identifiable information (PII), dealing with one of the most critical components of the cloud: privacy. This standard is primarily focused on security controls for public-cloud service providers acting as PII processors, building off of existing ISO/IEC 27002 controls with specific items for cloud privacy, along with new controls surrounding personal data.