We now have ISO 27001, SOC 2 and SOC 3 security certifications for 25 Google Maps Platform products. Certifications such as these provide independent third-party validations of our ongoing commitment to world-class security and help our customers with their own compliance efforts. Google has spent years building one of the world’s most advanced infrastructures, and through Google Maps Platform we make it available to enterprises worldwide to power their geospatial applications.
About ISO 27001 certification
The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 163 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure. ISO/IEC 27001 outlines and provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.
Google Maps Platform and our Common Infrastructure are now certified as ISO/IEC 27001 compliant. The 27001 standard does not mandate specific information security controls, but the framework and checklist of controls it lays out allow Google to ensure a comprehensive and continually improving model for security management.
About SOC 2 certification
The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards. SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402), both of which are used to generate a report by an objective third party attesting to a set of assertions made by an organization about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.
Google Maps Platform undergoes a regular third-party audit to certify individual products against this standard.
About SOC 3 certification
Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality.
The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards. SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402). SSAE 18 and ISAE 3402 are used to generate a report by an objective third-party attesting to a set of assertions made by an organization about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.
Google Maps Platform undergoes a regular third-party audit to certify individual products against this standard as well.
These new certifications complement our existing CSA STAR and ISO 22301 certifications. We look forward to securing additional certifications in the future that help companies better understand our security efforts and infrastructure so they feel confident building with Google Maps Platform. To see what Google Maps Platform products are in scope for these new certifications, please visit our Trust Center. Existing customers can access certifications and reports via the Compliance Reports Manager. Others can contact our sales team to review the certifications and reports.