[go: up one dir, main page]

SOC 3

Like SOC 2, the Service and Organization Controls (SOC) 3 report is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) SSAE 18, which evaluates the service organization’s controls relevant to the Trust Services Criteria of security, availability, processing integrity, confidentiality, or privacy. The SOC 3 is a public report which is based on the same scope as the related SOC 2 report.

Looking for Google Cloud and Google Workspace SOC 3 reports? Customers can request the reports at their convenience via Compliance Reports Manager. 

Google Cloud and SOC 3 compliance

Accessing Google Cloud’s SOC 3 reports

Google Cloud regularly undergoes third-party audits for our products, systems, and infrastructure related to this standard. The SOC 3 reports are generated by an objective third party attesting to a set of assertions made by Google Cloud about its controls that are in place to protect customer data. The audit firm’s evaluation includes comprehensive testing of the design and operating effectiveness of the controls within the audit period. 

Customers may use the SOC 3 report to assess the risks arising from interactions with the assessed Google Cloud and Google Workspace systems throughout the period.

Google Cloud’s SOC 3 timelines

Core Google Cloud and Google Workspace SOC 3 reports

The core Google Cloud and Google Workspace SOC 3 reports are issued quarterly and can be downloaded via the Compliance Reports Manager. The coverage periods and issuance dates for these reports are:

  • First quarter of the year
  • Coverage period: February 1 XX - January 31 X1
  • Estimated issuance: late April
  • Second quarter of the year 
  • Coverage period: May 1 XX - April 30 X1
  • Estimated issuance: late June
  • Third quarter of the year
  • Coverage period: August 1 XX - July 31 X1
  • Estimated issuance: late September
  • Fourth quarter Second half of the year
  • Coverage period: November 1 XX - October 31 X1
  • Estimated issuance: late December

Additional Google Cloud SOC 3 reports

We issue separate SOC 3 reports for a small subset of Google Cloud products, including Actifio Heritage, Apigee Edge, AppSheet, Bare Metal Solution, Bare Metal HSM, BigQuery Omni, Google Cloud NetApp Volumes, Google Cloud VMware Engine, Stratozone, and Mandiant. These reports are issued semi-annually or annually and customers can obtain these reports by contacting sales or support.

Bridge letters

Google Cloud does not issue bridge letters for SOC 3. If a bridge letter is needed, please refer to the bridge letters that are issued for the related SOC 2 report. 

FAQs

Google Cloud’s independent auditors are Ernst & Young LLP and Coalfire. 

Services in scope

Below are Google Cloud services that are in scope for SOC 3.

Where we are simplifying the name of our service, we have also included its former name in parentheses.

Access Approval

Access Context Manager

Access Transparency

Advanced API Security

Agent Assist

Agentspace

AI Platform Deep Learning Container

AI Platform Neural Architecture Search (NAS)

AI Platform Training and Prediction

AlloyDB

Anti-Money Laundering (AML) AI

API Gateway

Apigee

App Engine

Application Integration

Artifact Analysis

Artifact Registry

Assured Workloads

AutoML Tables

AutoML Translation

Backup for GKE

Bare Metal Solution

Batch

BigQuery

BigQuery Data Transfer Service

BigQuery Omni*

Binary Authorization

Certificate Authority Service

Certificate Manager

Chrome Enterprise Premium

Cloud Asset Inventory

Cloud Bigtable

Cloud Billing

Cloud Build

Cloud CDN

Cloud Composer

Cloud Console

Cloud Console App

Cloud Data Fusion

Cloud Deployment Manager

Cloud DNS

Cloud Endpoints

Cloud External Key Manager (Cloud EKM)

Cloud Filestore

Cloud Firewall

Cloud Functions

Cloud Functions for Firebase

Cloud Healthcare

Cloud IDS (Cloud Intrusion Detection System)

Cloud Interconnect

Cloud Key Management Service (KMS)

Cloud Life Sciences

Cloud Load Balancing

Cloud Logging

Cloud Monitoring

Cloud Natural Language API

Cloud Network Address Translation (NAT)

Cloud Next Generation Firewall (NGFW)

Cloud Profiler

Cloud Router

Cloud Run

Cloud Scheduler

Cloud Service Mesh

Cloud Shell

Cloud Source Repositories

Cloud Spanner

Cloud Speaker ID

Cloud SQL

Cloud Storage

Cloud Storage for Firebase

Cloud Tasks

Cloud Trace

Cloud Translation

Cloud Virtual Private Network (VPN)

Cloud Vision

Cloud Workstations

Compute Engine

Connect

Container Registry

Conversational AI (formerly Contact Center AI (CCAI))

Conversational Insights (formerly Contact Center AI Insights)

Data Catalog

Database Migration Service

Dataflow

Dataform

Dataplex

Dataproc

Dataproc Metastore

Datastore

DataStream

Dialogflow

Document AI

Document AI Warehouse

Earth Engine

Eventarc

Firebase Authentication

Firebase Test Lab

Firestore

Food Ordering AI Agent

Gemini for Google Cloud

Generative AI on Vertex AI

GKE Enterprise Config Management

GKE Identity Service

Google Cloud Armor

Google Cloud Backup and DR

Google Cloud Contact Center as a Service (CCaaS)

Google Cloud Deploy

Google Cloud Identity-Aware Proxy

Google Cloud Marketplace

Google Cloud NetApp Volumes (GCNV)

Google Cloud SDK

Google Cloud Skills Boost

Google Cloud VMware Engine (GCVE)

Google Earth Engine

Google Kubernetes Engine

Google Security Operations (SIEM)

Google Security Operations (SOAR)

Google Threat Intelligence

GTI for Google Security Operations

Healthcare Data Engine (HDE)

Hub

Identity & Access Management (IAM)

Identity Platform

Infrastructure Manager

Integration Connectors

Key Access Justifications (KAJ)

Knative serving

Looker (Google Cloud core)

Looker Studio

Managed Service for Apache Kafka

Managed Service for Microsoft Active Directory (AD)

Media CDN

Memorystore

Migrate to Virtual Machines (formerly Migrate for Compute Engine)

Migration Center

Network Connectivity Center

Network Intelligence Center

Network Service Tiers

Organization Policy

Parallelstore

Persistent Disk

Personalized Service Health

Privileged Access Manager

Pub/Sub

Ray on Vertex AI

reCAPTCHA Enterprise

Recommendations AI

Recommender

Resource Manager API

Retail Search

RIsk Manager

SecLM

Secret Manager

Secure Source Manager

Security Command Center

Sensitive Data Protection (including Cloud Data Loss Prevention)

Service Directory

Service Infrastructure

Service Mesh

Spectrum Access System

Speech-to-Text

Storage Transfer Service

Tables

Talent Solution

Text-to-Speech

Traffic Director

Transcoder API

Vertex AI Codey

Vertex AI Colab Enterprise

Vertex AI Conversation

Vertex AI Platform

Vertex AI Search

Vertex AI Workbench Instances

Video Intelligence API

Virtual Private Cloud (VPC)

VirusTotal

VPC Service Controls

Web Risk API

Workflows

Workload Manager

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Google Cloud
DocsSupport
Console
Sign in
Security
Threat IntelSecOpsCloud securityConsultingSecurity resources
  • Accelerate your digital transformation
  • Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.
  • Google Cloud products
  • Browse over 100 products. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage limits.
  • Save money with our transparent approach to pricing
  • Google Cloud's pay-as-you-go pricing offers automatic savings based on monthly usage and discounted rates for prepaid resources. Contact us today to get a quote.
Google Cloud