Stay organized with collections
Save and categorize content based on your preferences.
Audit Manager lets you download the most recent Google Cloud compliance
documents that third-party auditors create when they audit our environment. You
can use these documents to better understand how Google addresses its
responsibilities to meet the requirements of various regulatory frameworks. The
documents include Google's business continuity plan (BCP), disaster recovery
testing (DiRT) report, audit reports, certifications, statements of
applicability, and vendor risk assessments.
Examples of regulatory frameworks include the following:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-27 UTC."],[],[],null,["Audit Manager lets you download the most recent Google Cloud compliance\ndocuments that third-party auditors create when they audit our environment. You\ncan use these documents to better understand how Google addresses its\nresponsibilities to meet the requirements of various regulatory frameworks. The\ndocuments include Google's business continuity plan (BCP), disaster recovery\ntesting (DiRT) report, audit reports, certifications, statements of\napplicability, and vendor risk assessments.\n\nExamples of regulatory frameworks include the following:\n\n- Cloud Computing Compliance Criteria Catalogue (C5:2020)\n- Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry\n- Federal Risk and Authorization Management Program (FedRAMP) Customer Responsibility Matrix (CRM)\n- Information Security Registered Assessors Program (IRAP), Protected level\n- International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27001:2022 and 27018:2019\n- Portugal Gabinete Nacional de Segurança (GNS)\n- Spain Esquema Nacional de Seguridad (ENS)\n\nDownloads are in ZIP format. The ZIP file that's downloaded typically contains\none or more PDFs.\n| **Note:** Anything marked *Google Confidential Information* is shared subject to the confidentiality obligations described in the customer or partner agreements covering Cloud Services. Contact your sales representative for permission to share confidential resources outside of your organization with customers or other third parties not expressly permitted by your agreement.\n\nBefore you begin\n\n\nTo get the permissions that\nyou need to download compliance documents,\n\nask your administrator to grant you the\n\n\n[Audit Manager Auditor](/iam/docs/roles-permissions/auditmanager#auditmanager.auditor) (`roles/auditmanager.auditor`)\nIAM role on your organization.\n\n\nFor more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\nYou might also be able to get\nthe required permissions through [custom\nroles](/iam/docs/creating-custom-roles) or other [predefined\nroles](/iam/docs/roles-overview#predefined).\n\nDownload compliance documents\n\nComplete the following actions to download the Google Cloud compliance\ndocuments:\n\n1. In the Google Cloud console, go to the **Audit Manager** page.\n\n [Go to Audit Manager](https://console.cloud.google.com/compliance/auditmanager)\n2. Click **Compliance Reports**.\n\n3. Select the documents that you want to download.\n\n4. Click **Downloads**.\n\nAudit Manager downloads the documents in a ZIP file to your device.\nYou can extract the PDFs to view the documents.\n\nWhat's next\n\n- Browse the [Compliance resource center](https://cloud.google.com/compliance)\n to view which products support a particular regulatory framework.\n\n- Ask for [help from Cloud Customer Care](/support/docs) to obtain older reports."]]
