Stay organized with collections Save and categorize content based on your preferences.

Google Cloud risk assessment resources

At Google Cloud, we believe that trust is created through transparency, and we work closely with our customers to help them meet due diligence, risk management, and regulatory compliance requirements. 

Start with our commitment to data handling and use

When you use Google Cloud or Google Workspace, our data processing addendum and privacy resources provide clarity about our commitments to store, process, and manage your data in accordance with your preferences, including what you can expect when it comes to protecting and managing your data in the cloud.

Privacy Resource Center | Cloud Data Processing Addendum | Trusting your data with Google Cloud 

Graphic with computer, magnifying glass, and check

Access our compliance resources, certifications, and reports

Google maintains certifications, attestations of compliance, and audit reports against standards and regulations around the world to support your requirements and regulatory needs. Visit the Compliance Resource Center to learn about Google Cloud’s region- and industry-specific compliance offerings. You can download third-party audit reports and certifications (SOC, ISO, PCI-DSS, CSA STAR, and more) directly from the Compliance Report Manager. In addition, our Cloud DPIA Resource Center offers information related to data protection impact assessments. 

Can’t find the documentation you’re looking for? Our sales team or your Google Cloud representative can help provide access to our extended documentation. 

Graphic with a clipboard and check

Accelerate your due diligence by leveraging third-party risk management providers

We collaborate with third-party risk management (TPRM) providers to support your cloud assessments. TPRM providers perform regular assessments of Google Cloud’s platform and services—they inspect hundreds of security, privacy, business continuity, and operational resiliency controls aligned with industry standards and regulations such as NIST SP 800-53, NIST CSF, ISO 27001, PCI-DSS, HIPAA, CMMC, SOC2, CSA STAR, and more. Based on their observations and assessments, TPRM providers develop independent audit reports that can help scale and accelerate your own risk assessment processes.

CyberGRX | KY3P | TruSight 

SOC and CSA STAR icons