New security and privacy certifications give more transparency on how Google handles your data in the cloud

Updated: 06.05.2016 : 11:07  By: Varanyu

Google was born in the cloud, and we’ve set a high bar for what it means to host, serve, and protect our users’ data all over the world. That’s why we’re proud to add two new certifications to Google Apps for Work and Google Cloud Platform: ISO 27017 for cloud security and ISO 27018 for privacy. We announced ISO 27018 adoption last year, and have now added ISO 27018 certification to our compliance commitments. Additionally, we renewed our ISO 27001 certification for the fourth year in a row and increased the product coverage from 34 to 60 different products.

ISO 27017 builds on the well-known standard of ISO 27001 by providing additional controls that address some of the security risks that are more specific to cloud services, ensuring that:

  • The security roles and responsibilities between Google and our customers are clearly-defined
  • Our customers’ data is protected from any unauthorized party and between different cloud customers
  • The security policies for Google’s virtual networks are as secure as on our physical networks
  • Our customers have adequate tools to monitor how their data is handled at Google

Meanwhile, ISO 27018 establishes controls that examine our privacy practices and contractual commitments around the use of customer data and provide transparency on the processing of that data. It confirms that:

  • Google does not use customer data for advertising
  • The data that our customers entrust with us remains the customer's
  • Google provides our customers with tools to delete and export customer data
  • Google scrutinizes third party requests to customer data and ensures customers are informed of such third-party requests
  • Google is transparent about where our customer’s data is stored

Certifications such as these provide independent third-party validations of our ongoing commitment to world-class security and privacy, while also helping our customers with their own compliance efforts. We’re committed to ensuring that our products continue to meet trusted and rigorous global standards like ISO 27018 and 27017.

Posted on Google for Work Offical Blog by Eran Feigenbaum, Director of Security, Google Apps for Work and
Matthew O’Connor, Product Manager, Google Cloud Platform