Google was born in the cloud, and we’ve set a high bar for what it means to host, serve, and protect our users’ data all over the world. That’s why we’re proud to add two new certifications to Google Apps for Work and Google Cloud Platform: ISO 27017 for cloud security and ISO 27018 for privacy. We announced ISO 27018 adoption last year, and have now added ISO 27018 certification to our compliance commitments. Additionally, we renewed our ISO 27001 certification for the fourth year in a row and increased the product coverage from 34 to 60 different products.
ISO 27017 builds on the well-known standard of ISO 27001 by providing additional controls that address some of the security risks that are more specific to cloud services, ensuring that:
Meanwhile, ISO 27018 establishes controls that examine our privacy practices and contractual commitments around the use of customer data and provide transparency on the processing of that data. It confirms that:
Certifications such as these provide independent third-party validations of our ongoing commitment to world-class security and privacy, while also helping our customers with their own compliance efforts. We’re committed to ensuring that our products continue to meet trusted and rigorous global standards like ISO 27018 and 27017.
Posted on Google for Work Offical Blog by Eran Feigenbaum, Director of Security, Google Apps for Work and
Matthew O’Connor, Product Manager, Google Cloud Platform