† As ofertas pré-GA da Vertex AI Search estão incluídas no
Google Cloud Contrato de parceria comercial (BAA). Se você for usar a
Pesquisa da Vertex AI para armazenar ou processar informações protegidas de saúde de acordo
com a Lei de Portabilidade e Responsabilidade de Seguros de Saúde
(HIPAA, na sigla em inglês) de 1996 e/ou quaisquer emendas ou regulamentações da HIPAA, você precisa firmar
um BAA adequado com o Google. Para mais informações, consulte Conformidade com a HIPAA no Google Cloud.
Controles de segurança
A Vertex AI Search oferece horizontais de segurança. Os controles de CMEK estão disponíveis apenas na edição Enterprise.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-08-19 UTC."],[[["\u003cp\u003eVertex AI Search, including both Standard and Enterprise Editions, along with the RAG APIs, are compliant with HIPAA, ISO 27001, 27017, 27018, 27701, SOC 1, SOC 2, and SOC 3 certifications.\u003c/p\u003e\n"],["\u003cp\u003eVertex AI Search offers security controls such as Data Residency (DRZ), VPC Service Controls, and Access Transparency in both Standard and Enterprise editions.\u003c/p\u003e\n"],["\u003cp\u003eThe Enterprise Edition of Vertex AI Search provides Customer-managed encryption keys (CMEK) for enhanced data security, specifically for US and EU multi-region APIs.\u003c/p\u003e\n"],["\u003cp\u003eThe RAG APIs, which include ranking, grounded generation, and check grounding, have VPC Service Controls and Access Transparency in place but do not have Data Residency or Customer-managed encryption keys.\u003c/p\u003e\n"],["\u003cp\u003eA Business Associate Agreement (BAA) with Google is necessary when utilizing Vertex AI Search for storing or processing Protected Health Information (PHI) under HIPAA regulations.\u003c/p\u003e\n"]]],[],null,["# Compliance and security controls\n\nThis page provides a high-level view of the compliance certifications and\nsecurity controls that are supported by Vertex AI Search.\n\nCertifications\n--------------\n\nVertex AI Search and the RAG APIs are compliant as follows:\n\n^\\*^ The RAG APIs are [ranking](/generative-ai-app-builder/docs/ranking), [grounded generation](/generative-ai-app-builder/docs/grounded-gen), and\n[check grounding](/generative-ai-app-builder/docs/check-grounding).\n\n^†^ Vertex AI Search Pre-GA offerings are included in\nthe Google Cloud Business Associate Agreement (BAA). If you will be using\nVertex AI Search to store or process Protected Health Information in a\nmanner subject to the Health Insurance Portability and Accountability Act\n(HIPAA) of 1996 and/or any amendments or regulations under HIPAA, you must enter\ninto an appropriate BAA with Google. For more information, see\n[HIPAA Compliance on Google Cloud](/security/compliance/hipaa).\n\nSecurity controls\n-----------------\n\nVertex AI Search provides security horizontals. The CMEK controls are\nonly available in the Enterprise Edition.\n\n^\\*^ Using external key manager (EKM) or hardware security module\n(HSM) with CMEK is in GA with allowlist.\n\nThe following table identifies security controls for RAG APIs.\n\nWhat's next\n-----------\n\nLearn more about [Google Cloud compliance](/security/compliance)."]]
