Audit Manager overview

Audit Manager is a compliance audit solution that helps you to simplify your compliance audit process on Google Cloud. Audit Manager lets you run audits against predefined compliance frameworks. Additionally, Audit Manager provides an option to customize compliance frameworks (Preview) and use them for audits.

Audit Manager has the following capabilities:

  • Shared responsibilities matrix that shows separation of duties and recommendations to execute your responsibilities.
  • Automated compliance assessments to evaluate compliance controls on workloads to understand their state of compliance.
  • Evidence collection for compliance audits.
  • Gap identification to help remediate the generated violations.
  • Defined cloud controls library (Preview).
  • Custom compliance framework management (Preview).
  • Run audits using custom compliance frameworks (Preview).

Audit Manager can provide assessments for any Google Cloud projects or folders.

Supported built-in compliance frameworks

Audit Manager can evaluate your resources against selective controls for the following list of supported built-in compliance frameworks. In addition to these built-in compliance frameworks, you can also create custom compliance frameworks (Preview) according to your requirements.

  • NIST 800-53 Revision 4
    • Access Control (AC)
    • Audit and Accountability (AU)
    • System Services and Acquisition (SA)
    • System and Communications Protection (SC)
    • System and Information Integrity (SI)
  • Google-recommended AI controls
  • SOC2 2017
  • CIS Controls v8
  • PCI DSS 4.0
  • Cloud Controls Matrix 4.0
  • NIST CSF v1
  • CIS Google Cloud Foundation Benchmark 2.0
  • ISO 27001 2022

Audit Manager tiers

Audit Manager offers two service tiers: Free and Premium. These tiers are based on the compliance frameworks that are supported for audits. For more information about the tiers and the pricing information, see Pricing.

Audit Manager workflow

The high-level workflow of Audit Manager involves setting up Audit Manager access and managing audits.

  1. To set up Audit Manager access, you must be an administrator and enroll resources for audit. The Administrator can create custom compliance frameworks (Preview).
  2. To manage audits, you can be an administrator or an auditor and do the following:
    1. Run audits.
    2. Get audit status.
    3. View detailed Audit Manager reports.

What's next