GCP Compliance Standards

International Organization for Standardization (ISO)/ International Electrotechnical Commission (IEC)

Outlines controls and processes to manage data privacy and protect PII

ISO/ IEC 27001 : Control Implementation Guidelines
ISO/IEC 27017 : Enhanced focus on Cloud Security
ISO/IEC 27018 : Protection of Personal Data on the Cloud (PII)
ISO/IEC 27701 : Privacy Information Management System (PIMS) framework

System and Organization Controls (SOC)

SOC 1 : 18 standard and report on the effectiveness of internal controls (SSAE) at a service organization. Relevant to their client’s internal control over financial reporting (ICFR)
SOC 2 : Evaluates internal controls, policies and procedures that directly relate to the security of a system at a service organization
SOC 3 : A report based on the Trust Service Criteria that can be freely distributed

Payment Card Industry Data Security Standard (PCI DSS)

A set of security standards designed to ensure ALL companies that accepts, process, store or transmit credit card information maintain a secure environment

Federal Information Processing Standard (FIPS) 140-2

US and Canada government standard that specifies the security requirements for cryptographic modules that protect sensitive information

Personal Health Information Protection Act (PHIPA)

An Ontario provincial law (Canada) that regulates patient Protected Health Information

Health Insurance Portability and Accountability Act (HIPAA)

US federal law that regulates patient Protected Health Information

Cloud Security Alliance (CSA) STAR Certification

Independent third-party assessment of a cloud provider’s security posture

Federal Risk and Authorization Management Program (FedRAMP)

US government wide program that provides standardized approach to assessment, authorization and continuous monitoring for cloud services and products

Criminal Justice Information Services (CIJS)

Any US state or local agency that wants to access the FBI’s CJIS database is required to adhere to the CJIS security policy

A European privacy law. Imposes new rules on companies, government agencies, non-profits and other organizations that offers goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents

Digital Archive

Explorer

GCP Compliance Standards

International Organization for Standardization (ISO)/ International Electrotechnical Commission (IEC)

System and Organization Controls (SOC)

Payment Card Industry Data Security Standard (PCI DSS)

Federal Information Processing Standard (FIPS) 140-2

Personal Health Information Protection Act (PHIPA)

Health Insurance Portability and Accountability Act (HIPAA)

Cloud Security Alliance (CSA) STAR Certification

Federal Risk and Authorization Management Program (FedRAMP)

Criminal Justice Information Services (CIJS)

Table of Contents

Backlinks

Graph View

Digital Archive

Explorer

GCP Compliance Standards

International Organization for Standardization (ISO)/ International Electrotechnical Commission (IEC)

System and Organization Controls (SOC)

Payment Card Industry Data Security Standard (PCI DSS)

Federal Information Processing Standard (FIPS) 140-2

Personal Health Information Protection Act (PHIPA)

Health Insurance Portability and Accountability Act (HIPAA)

Cloud Security Alliance (CSA) STAR Certification

Federal Risk and Authorization Management Program (FedRAMP)

Criminal Justice Information Services (CIJS)

General Data Protection Regulation (GDPR)

Table of Contents

Backlinks

Graph View