Compliance - bobbae/gcp GitHub Wiki

GCP products regularly undergo independent verification of their security, privacy, and compliance controls, achieving certifications, attestations, and audit reports to demonstrate compliance. There are resource documents and mappings for compliance support when formal certifications or attestations may not be required or applied.

https://cloud.google.com/security/

https://cloud.google.com/security/compliance

Governance

Cloud Governance

Cloud governance is a set of practices that help ensure users operate in the cloud in ways that they want, that the operations are efficient, and that the user can monitor and correct operations as needed. A cloud governance framework is not a new set of concepts or practices, but the application of existing governance practices to cloud operations.

Data Governance

Data governance is a principled approach to manage data during its lifecycle — from acquisition, to use, to disposal.

Compliance Engineering

Risk Management and Compliance is as important in the cloud as it is in conventional on-premises environments. To help organizations in regulated industries meet their compliance requirements, Google Cloud offers automated capabilities that ensure the effectiveness of products and processes.

https://cloud.google.com/blog/products/identity-security/how-banks-can-engineer-compliance-into-their-cloud-systems

Compliance Offerings

https://cloud.google.com/security/compliance/offerings/#/

Assured Workloads

https://cloud.google.com/assured-workloads

Compliance Reports Manager

https://cloud.google.com/security/compliance/compliance-reports-manager

GDPR Resource Center

https://cloud.google.com/security/gdpr/resource-center

GDPR and Google

https://cloud.google.com/security/gdpr

Risk and Compliance as Code

https://cloud.google.com/blog/products/identity-security/risk-and-compliance-as-code

PCI Responsibility Matrix

https://cloud.google.com/files/PCI_DSS_Shared_Responsibility_GCP_v32.pdf

Vault EaaS

Encryption As a Service

https://learn.hashicorp.com/tutorials/vault/eaas-transit

Compliance as Code

https://medium.com/gojekengineering/compliance-as-code-how-we-automate-cis-compliance-for-gcp-5eb21f2bfd21

Case study

https://cloud.google.com/blog/products/compliance/continuous-compliance-engineering-gcp-case-studies

Canadian compliance requirements with Protected B Landing Zone

https://cloud.google.com/blog/topics/public-sector/meet-canadian-compliance-requirements-protected-b-landing-zones