SOC 1

The Service and Organization Controls (SOC) 1 report is based on the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) SSAE 18, which evaluates the service organization’s internal controls relevant to financial reporting. This report is beneficial for organizations that rely on Google Cloud services to support their financial reporting process.

Looking for Google Cloud and Google Workspace SOC 1 reports? Customers can request the reports at their convenience via Compliance Reports Manager

Google Cloud and SOC 1 compliance

Accessing Google Cloud’s SOC 1 reports

Google Cloud regularly undergoes third-party audits for our products, systems, and infrastructure related to this standard. The SOC 1 reports are generated by an objective third party attesting to a set of assertions made by Google Cloud about its controls. The audit firm’s evaluation includes comprehensive testing of the design and operating effectiveness of the controls within the audit period. 

Customers may use the SOC 1 report to assess the risks arising from interactions with the assessed Google Cloud and Google Workspace services throughout the period.

Google Cloud’s SOC 1 timelines

Core Google Cloud and Google Workspace SOC 1 reports

The core Google Cloud and Google Workspace SOC 1 Type II reports are issued semi-annually and can be downloaded via the Compliance Reports Manager. The coverage periods and issuance dates for these reports are:

  • First half of the year 
  • Coverage period: May 1 - April 30
  • Estimated issuance: mid-June
  • Second half of the year 
  • Coverage period: November 1 - October 31
  • Estimated issuance: mid-December

Additional Google Cloud SOC 1 reports

We issue separate SOC 1 Type II reports for a small subset of Google Cloud products, including AppSheet, Backup and Disaster Recovery, Google Cloud VMware Engine, Bare Metal Solution, Google Security Operations SOAR, and Looker (Google Cloud core). These reports are issued annually and customers can obtain them by contacting sales or support.

Bridge letters

Bridge letters are attestations made by the management of the service provider, in this case, Google Cloud, and are intended to “bridge” the gap from the end date of the SOC report to the customer’s period end date. Bridge letters summarize material changes or issues identified within the internal control environment beyond the period end date of the most recent SOC report. Bridge letters are available for SOC 1 and SOC 2 reports.

Google Cloud creates monthly bridge letters with each letter designed to cover the period since the most recent SOC report. For example, Google Cloud issues a bridge letter in early January to cover the look-back period of November 1 to December 31, which extends the coverage period of the previously issued SOC report with a period end date of October 31.

SOC bridge letters for the core Google Cloud and Google Workspace SOC 1 reports are available on Compliance Reports Manager for the periods ending March 31, June 30, September 30, and December 31 and can be downloaded directly. If a bridge letter covering a different period end date or product scope is required, please contact sales or support.

FAQs

Google Cloud’s independent auditors are Ernst & Young LLP and Coalfire. 

A SOC 1 Type I report covers the design of the service organization's controls at a specific point in time. A SOC 1 Type II report covers the design and operating effectiveness of the service organization's controls over a period of time. For example, a SOC 1 Type I may assess the service organization’s controls as of today, but a SOC 1 Type II assesses the service organization’s controls within the past six months. Google Cloud only issues SOC 1 Type II reports.  

Services in scope

Below are Google Cloud services that are in scope for SOC 1.


Where we are simplifying the name of our service, we have also included its former name in parentheses.

Access Approval

Access Context Manager

Access Transparency

Agent Assist

AI Platform Data Labeling

AI Platform Neural Architecture Search (NAS)

AI Platform Training and Prediction

AlloyDB

Anti-Money Laundering (AML) AI

Anthos Config Management (ACM)

Anthos Identity Service

Anthos Service Mesh

API Gateway

Apigee

App Engine

Artifact Registry

Assured Workloads

AutoML Natural Language

AutoML Tables

AutoML Translation

AutoML Video

AutoML Vision

Backup and DR Service

Backup for GKE

Bare Metal Solution

Batch

BeyondCorp Enterprise

BigQuery

BigQuery Data Transfer Service

BigQuery Omni

Binary Authorization

Certificate Authority Service

Cloud Asset Inventory

Cloud Bigtable

Cloud Billing

Cloud Build

Cloud CDN

Cloud Composer

Cloud Console

Cloud Console App

Cloud Data Fusion

Cloud Deployment Manager

Cloud DNS

Cloud Endpoints

Cloud External Key Manager (Cloud EKM)

Cloud Filestore

Cloud Firewall

Cloud Functions

Cloud Functions for Firebase

Cloud Healthcare 

Cloud Hardware Security Module (HSM)

Cloud Intrusion Detection System (IDS)

Cloud Interconnect

Cloud Key Management Service (KMS)

Cloud Life Sciences (formerly Google Genomics)

Cloud Load Balancing

Cloud Logging

Cloud Monitoring

Cloud NAT (Network Address Translation)

Cloud Natural Language API

Cloud Profiler

Cloud Router

Cloud Run (fully managed)

Cloud Run for Anthos

Cloud Scheduler

Cloud SDK

Cloud Shell

Cloud Source Repositories

Cloud Spanner

Cloud Speaker ID

Cloud SQL

Cloud Storage

Cloud Storage for Firebase

Cloud Tasks

Cloud Trace 

Cloud Translation

Cloud Virtual Private Network (VPN)

Cloud Vision

Cloud Workstations

Compute Engine

Connect

Contact Center AI (CCAI)

Contact Center AI Insights

Contact Center AI Platform

Container Registry

Data Catalog

Database Migration Service

Dataflow

Dataform

Datalab

Dataplex

Dataproc

Dataproc Metastore

Datastore

DataStream

Dialogflow

Discovery Solutions

Document AI

Document AI Warehouse

Earth Engine

Eventarc

Firebase Authentication

Firebase Test Lab

Firestore

Gemini for Google Cloud

Generative AI on Vertex AI (Generative AI Support on Vertex AI)

Google Cloud Armor

Google Cloud Deploy

Google Cloud Identity-Aware Proxy

Google Cloud Marketplace

Google Data Studio

Google Cloud VMware Engine (GCVE)

Google Kubernetes Engine

Google Security Operations

GKE Hub

Healthcare Data Engine (HDE)

Identity & Access Management (IAM)

Identity Platform

IoT Core

Key Access Justifications (KAJ)

Looker (Google Cloud core)

Managed Service for Microsoft Active Directory (AD)

Media CDN

Memorystore

Migrate to Virtual Machines (formerly Migrate for Compute Engine)

Migration Center

Network Connectivity Center

Network Intelligence Center

Network Service Tiers

Notebooks (formerly AI Platform Notebooks)

Persistent Disk

Pub/Sub

reCAPTCHA Enterprise

Recommendations AI

Recommender

Resource Manager API

Retail Search

RIsk Manager

Secret Manager

Security Command Center

Sensitive Data Protection (including Cloud Data Loss Prevention)

Service Directory

Service Infrastructure

Spectrum Access System

Speech-to-Text

Storage Transfer Service

Tables

Talent Solution

Text-to-Speech

Threat Intelligence for Google Security Operations

Traffic Director

Transcoder API

Vertex AI (formerly AI Platform)

Vertex AI Conversation (formerly Generative AI App Builder)

Vertex AI Search (formerly Gen App Builder - Enterprise Search)

Video Intelligence API

Virtual Private Cloud (VPC)

VirusTotal

VPC Service Controls

Web Risk API

Workflows

Workload Manager

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Get started for free
Google Cloud
    DocsSupport
    • ‪English‬
    • ‪Deutsch‬
    • ‪Español‬
    • ‪Español (Latinoamérica)‬
    • ‪Français‬
    • ‪Indonesia‬
    • ‪Italiano‬
    • ‪Português (Brasil)‬
    • ‪简体中文‬
    • ‪繁體中文‬
    • ‪日本語‬
    • ‪한국어‬
    Console
    Sign in
    Security
    HomeIntel and expertiseSecOpsCloud securitySecurity resources
    Incident Response Assistance
    Contact Us
    • Accelerate your digital transformation
    • Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.
    • Google Cloud products
    • Browse over 100 products. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage limits.
    • Save money with our transparent approach to pricing
    • Google Cloud's pay-as-you-go pricing offers automatic savings based on monthly usage and discounted rates for prepaid resources. Contact us today to get a quote.
    Google Cloud