Compliance resource center

Google Cloud’s industry-leading certifications, documentation, and third-party audits to help support your compliance.

Google Cloud compliance

As part of your migration to the cloud, you may need to validate our compliance documentation, certifications, and controls. Google Cloud creates and shares mappings of our industry leading security, privacy, and compliance controls to standards from around the world. We also regularly undergo independent verification—achieving certifications, attestations, and audit reports to help demonstrate compliance.

Download reports directly via our Compliance Reports Manager

Learn about:

  • Certifications and compliance standards that we satisfy
  • Information about regional and sector-specific regulations
  • Documentation to aid your own reporting and compliance efforts

Compliance offerings by region

We continually expand our coverage against the most important global standards.


Latin America


Asia Pacific

See all of our offerings by region and focus area

Compliance offerings by category

Auditor-validated certifications and attestations

An independent third-party auditor has granted a formal certification, attestation, or audit report based on an assessment that affirms our compliance with these offerings.


Cloud Computing Compliance Controls Catalog (C5) | CSA | GSMA SAS-SM | Higher Education Cloud Vendor Assessment Tool (HECVAT) | ISO 9001:2015 | ISO 22301:2019 & BS EN ISO 22301:2019 | ISO 50001:2018 | ISO/IEC 27001 | ISO/IEC 27017 | ISO/IEC 27018 | ISO/IEC 27701 | PCI 3DS Core Security Standard | PCI DSS | SOC 1 | SOC 2 | SOC 3 | VPAT (WCAG, U.S. Section 508, EN 301 549)

Alignments and frameworks

Our products, technical capabilities, guidance documents, and legal commitments help our customers map to these frameworks and alignments. These offerings may not require formal certification or attestation, though we may rely on our certifications, attestations, and reports to help our customers map to these frameworks and alignments.


BitSight | Center for Internet Security (CIS) Benchmarks | CyberGRX | ISO/IEC 27110 | Know Your Third Party (KY3P) Report | MVSP | Standardized Information Gathering (SIG) Questionnaire | USDM Life Sciences | Whistic