Stay organized with collections
Save and categorize content based on your preferences.
Supporting compliance by restricting customer personnel data access
This page provides information about supporting compliance with customer
personnel restrictions using Identity and Access Management (IAM) in combination with
Assured Workloads.
Overview
Restricting access to data personnel is fundamental to supporting regulatory
compliance of Google Cloud resources. Assured Workloads supports
compliance by controlling access to your resources by Google personnel. You are
still responsible for controlling access to your resources by your
organization's personnel.
Restricting customer personnel access strategies
IAM allows you to create roles and groups that restrict personnel
access to data and Google Cloud resources. It is your responsibility to
determine the eligibility of staff, based on compliance requirements. We
recommend that you determine eligibility before providing access to data. After
you have confirmed adjudication, you can use IAM to create a
group for the personnel who successfully meet the compliance criteria. You use
this group to limit access to Google Cloud resources and data within the
Assured Workloads folder to support compliance.
Remaining compliant requires ongoing management of these IAM
groups to ensure that:
Personnel continue to meet the requirements of the control package.
Personnel are properly removed from IAM groups when they
don't meet the requirements of the program.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis content explains how to use Identity and Access Management (IAM) with Assured Workloads to comply with customer personnel data access restrictions.\u003c/p\u003e\n"],["\u003cp\u003eAssured Workloads helps with compliance by restricting Google personnel access, while you control your organization's personnel access.\u003c/p\u003e\n"],["\u003cp\u003eIAM allows creating roles and groups to restrict personnel access to Google Cloud data and resources.\u003c/p\u003e\n"],["\u003cp\u003eMaintaining compliance requires ongoing management of IAM groups to ensure personnel meet and continue to meet access requirements.\u003c/p\u003e\n"]]],[],null,[]]