Google Cloud risk assessment resources

When you use Google Cloud or Google Workspace, our data processing addendum and privacy resources provide clarity about our commitments to store, process, and manage your data in accordance with your preferences, including what you can expect when it comes to protecting and managing your data in the cloud.

Privacy Resource Center | Cloud Data Processing Addendum | Trusting your data with Google Cloud 

Google maintains certifications, attestations of compliance, and audit reports against standards and regulations around the world to support your requirements and regulatory needs. Visit the Compliance Resource Center to learn about Google Cloud’s region- and industry-specific compliance offerings. You can download third-party audit reports and certifications (SOC, ISO, PCI-DSS, CSA STAR, and more) directly from the Compliance Report Manager. In addition, our Cloud DPIA Resource Center offers information related to data protection impact assessments. 

Can’t find the documentation you’re looking for? Our sales team or your Google Cloud representative can help provide access to our extended documentation. 

We collaborate with third-party risk management (TPRM) providers to support your cloud assessments. TPRM providers perform regular assessments of Google Cloud’s platform and services—they inspect hundreds of security, privacy, business continuity, and operational resiliency controls aligned with industry standards and regulations such as NIST SP 800-53, NIST CSF, ISO 27001, PCI-DSS, HIPAA, CMMC, SOC2, CSA STAR, and more. Based on their observations and assessments, TPRM providers develop independent audit reports that can help scale and accelerate your own risk assessment processes.

CyberGRX | KY3P | TruSight | Bitsight | Whistic