Reinforcing our commitment to privacy with accredited ISO/IEC 27701 certification
For decades, there has been a growing focus on privacy in technology, with laws such as the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act, and the Australian Privacy Principlesproviding guidance on how to protect and maintain user privacy. Privacy has always been a priority at Google, and we’re continuously evolving to help our customers directly address global privacy and data protection requirements. Today, we’re pleased to announce that Google Cloud is the first major cloud provider to receive an accredited ISO/IEC 27701 certification as a data processor.
Published in 2019, ISO/IEC 27701 is a global standard designed to help organizations align with international privacy frameworks and laws. It provides guidance for implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS), and can be used by both data controllers and processors—a key consideration for organizations that must align with the GDPR. ISO/IEC 27701 is an extension of the security industry best practices that are codified in ISO/IEC 27001, which outlines and provides the requirements for an information security management system (ISMS).
Unlocking the benefits of ISO 27701
Coalfire ISO, an independent third party, issued an accredited certificate of registration for ISO/IEC 27701 to Google Cloud Platform (GCP). This accredited certificate shows that Google’s PIMS for GCP (as shown in the certificate’s scope) conforms to the ISO/IEC 27701 requirements, and that the body conducting the audit and issuing the certificate did so in accordance with the International Accreditation Forum (IAF)/ANSI National Accreditation Board (ANAB) requirements. This means that the certificate will be recognized by other IAF-accredited audit and certification bodies under the IAF Multilateral Recognition Agreement (MLA).
Ouraccredited certification demonstrates Google Cloud’s long-standing commitment to privacy and providing the most trusted experience for our customers. By meeting the rigorous standards outlined by ISO/IEC 27701, Google Cloud customers can leverage the many benefits our certification, including:
A universal set of privacy controls, verified by a trusted third party in accordance with the requirements of their accreditation body, that can serve as a solid foundation for the implementation of a privacy program
The ability to rely on Google Cloud Platform’s accredited ISO/IEC 27701 certification in your own compliance efforts
Reduced time and expense for both internal and third-party auditors, who can now demonstrate compliance with several privacy objectives within a single audit cycle
Greater clarity on privacy-related roles and responsibilities, which can facilitate efforts to comply with privacy regulations such as GDPR
Our commitment to customers
Certifications provide independent validation of our ongoing commitment to world-class security and privacy, while also helping customers with their own compliance efforts. You can find more information on Google Cloud’s compliance efforts and our commitment to privacy in our compliance resource center.
Related Google News:
- Celebrating Earth Day with our inaugural Google for Startups Accelerator: Climate Change cohort April 22, 2021
- Earning customer trust through a pandemic: delivering our 2020 CCAG pooled audit April 22, 2021
- New progress toward our 24/7 carbon-free energy goal April 20, 2021
- A new certification for health insurance advertisers in the U.S. April 20, 2021
- Heartbeat of the Earth: interpreting our planet’s data April 20, 2021
- In case you missed it: All our free Google Cloud training opportunities from Q1 April 16, 2021
- Our commitment to COVID-19 vaccine equity April 15, 2021
- Privacy-first web advertising: a measurement update April 9, 2021