Stay organized with collections
Save and categorize content based on your preferences.
Audit Manager is a compliance audit solution that helps you to simplify
your compliance audit process on Google Cloud. Audit Manager lets you
run audits against predefined compliance frameworks. Additionally, Audit Manager
provides an option to customize compliance frameworks (Preview) and use them for audits.
Audit Manager has the following capabilities:
Shared responsibilities
matrix that shows separation of duties and recommendations to execute your
responsibilities.
Run audits using custom compliance frameworks (Preview).
Audit Manager can provide assessments for any Google Cloud projects or
folders.
Supported built-in compliance frameworks
Audit Manager can evaluate your resources against selective controls
for the following list of supported built-in compliance frameworks. In addition
to these built-in compliance frameworks, you can also create custom compliance
frameworks (Preview) according to your requirements.
Audit Manager offers two service tiers: Free and Premium.
These tiers are based on the compliance frameworks that are supported for audits.
For more information about the tiers and the pricing information,
see Pricing.
Audit Manager workflow
The high-level workflow of Audit Manager involves setting up
Audit Manager access and managing audits.
To set up Audit Manager access, you must be an administrator and
enroll resources for audit. The Administrator can create custom compliance frameworks (Preview).
To manage audits, you can be an administrator or an auditor and do the following:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-27 UTC."],[[["\u003cp\u003eAudit Manager is a Google Cloud solution that simplifies the compliance audit process by allowing users to run audits against predefined compliance frameworks.\u003c/p\u003e\n"],["\u003cp\u003eIt offers automated compliance assessments, evidence collection, gap identification, and a shared responsibilities matrix, which helps to understand the state of compliance.\u003c/p\u003e\n"],["\u003cp\u003eAudit Manager supports multiple built-in compliance frameworks such as NIST 800-53, SOC2, CIS Controls, PCI DSS, and more, as well as providing options for creating custom compliance frameworks.\u003c/p\u003e\n"],["\u003cp\u003eThe service offers two tiers, Free and Premium, with different levels of support for compliance frameworks, and allows audits to be performed on any Google Cloud projects or folders.\u003c/p\u003e\n"],["\u003cp\u003eThe workflow includes setting up access, creating custom frameworks, running audits, getting audit status, and viewing detailed audit reports, with resources for enrollment, creation, and execution.\u003c/p\u003e\n"]]],[],null,["Audit Manager is a compliance audit solution that helps you to simplify\nyour compliance audit process on Google Cloud. Audit Manager lets you\nrun audits against predefined compliance frameworks. Additionally, Audit Manager\nprovides an option to customize compliance frameworks ([Preview](/products#product-launch-stages)) and use them for audits.\n\nAudit Manager has the following capabilities:\n\n- [Shared responsibilities](/architecture/framework/security/shared-responsibility-shared-fate) matrix that shows separation of duties and recommendations to execute your responsibilities.\n- [Compliance documents for Google Cloud](/audit-manager/docs/download_compliance_documents)\n- Automated compliance assessments to evaluate compliance controls on workloads to understand their state of compliance.\n- Evidence collection for compliance audits.\n- Gap identification to help remediate the generated violations.\n- Defined cloud controls library ([Preview](/products#product-launch-stages)).\n- Custom compliance framework management ([Preview](/products#product-launch-stages)).\n- Run audits using custom compliance frameworks ([Preview](/products#product-launch-stages)).\n\nAudit Manager can provide assessments for any Google Cloud projects or\nfolders.\n\nSupported built-in compliance frameworks\n\nAudit Manager can evaluate your resources against selective controls\nfor the following list of supported built-in compliance frameworks. In addition\nto these built-in compliance frameworks, you can also create custom compliance\nframeworks ([Preview](/products#product-launch-stages)) according to your requirements.\n\n- [NIST 800-53 Revision 4](https://csrc.nist.gov/pubs/sp/800/53/r4/upd3/final)\n - Access Control (AC)\n - Audit and Accountability (AU)\n - System Services and Acquisition (SA)\n - System and Communications Protection (SC)\n - System and Information Integrity (SI)\n- Google-recommended AI controls\n- SOC2 2017\n- CIS Controls v8\n- PCI DSS 4.0\n- Cloud Controls Matrix 4.0\n- NIST CSF v1\n- CIS Google Cloud Foundation Benchmark 2.0\n- ISO 27001 2022\n\nAudit Manager tiers\n\nAudit Manager offers two service tiers: Free and Premium.\nThese tiers are based on the compliance frameworks that are supported for audits.\nFor more information about the tiers and the pricing information,\nsee [Pricing](https://cloud.google.com/products/audit-manager/pricing).\n\nAudit Manager workflow\n\nThe high-level workflow of Audit Manager involves setting up\nAudit Manager access and managing audits.\n\n1. To set up Audit Manager access, you must be an administrator and enroll resources for audit. The Administrator can create custom compliance frameworks ([Preview](/products#product-launch-stages)).\n2. To manage audits, you can be an administrator or an auditor and do the following:\n 1. Run audits.\n 2. Get audit status.\n 3. View detailed Audit Manager reports.\n\nWhat's next\n\n- [Enroll resources for audit](/audit-manager/docs/enroll-resource).\n- [Create a custom compliance framework](/audit-manager/docs/create-framework).\n- [Run an audit](/audit-manager/docs/run-audit)."]]
