This page provides a high-level view of the compliance certifications and security controls that are supported by Agent Search.
Certifications
Agent Search has various compliance certifications.
To find out if a product has a compliance certification, search for the product name in the security pages; for example, the following:
- FedRAMP
- ISO 27001
- ISO 27017
- ISO 27018
- ISO 27701
- SOC 1
- SOC 2
- SOC 3
- PCI DSS
- BSI C5:2020
- HIPAA —Agent Search Pre-GA offerings are included in the Google Cloud Business Associate Agreement (BAA). If you will be using Agent Search to store or process Protected Health Information in a manner subject to the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and/or any amendments or regulations under HIPAA, you must enter into an appropriate BAA with Google. For more information, see HIPAA Compliance on Google Cloud .
Security controls
Agent Search provides security horizontals. The CMEK controls are only available in the Enterprise Edition.
| Security controls compliance | Standard Edition | Enterprise Edition |
|---|---|---|
| ✔ US and EU multi-region APIs only | ✔ US and EU multi-region APIs only | |
| ✘ | ✔ US and EU multi-region APIs only * |
|
| ✔ | ✔ | |
| ✔ US and EU multi-regions only | ✔ US and EU multi-regions only |
* Using external key manager (EKM) or hardware security module (HSM) with CMEK is in GA with allowlist.
The following table identifies security controls for RAG APIs.
| Security controls compliance | Ranking API | Grounded generation API | Check grounding API |
|---|---|---|---|
| N/A | N/A | N/A | |
| N/A | N/A | N/A | |
| ✔ | ✔ | ✔ | |
| ✔ | ✔ | ✔ |
What's next
Learn more about Google Cloud compliance .
