Control packages
Assured Workloads provides control packages to support the creation of compliant data boundaries in Google Cloud. A control package is a set of controls that, when combined together, supports the baseline for a compliance framework, statute, or regulation. These controls include mechanisms to enforce data residency, data sovereignty, personnel access, and more.
Control packages are organized into control package families according to the type of controls they provide:
- Regional data boundaries provide data residency with optional personnel controls, regional support, and sovereignty features such as Key Access Justifications .
- Regulatory data boundaries provide certified controls tailored to meet specific regulatory and compliance statute requirements.
- Sovereign Controls by Partners provides data residency, personnel controls, regional support, and enhanced controls for data sovereignty such as Cloud External Key Manager (Cloud EKM), Cloud HSM, and Key Access Justifications.
This page provides a summary about each control package in Assured Workloads. Where available, you can view each control package's page for comprehensive information about supported products and its configuration details. Control packages are available in two pricing tiers: Free and Premium. See Assured Workloads pricing for more information about these tiers.
Regional data boundaries
| Control package | Description | Pricing tier |
|---|---|---|
| The Australia Data Boundary control package sets data location controls to support Australia-only regions . | Free | |
| The Australia Data Boundary and Support control package sets data location controls to support Australia-only regions . Support access and technical support are set to personnel who are located in five specific countries (United States, Canada, Australia, New Zealand, and United Kingdom), regardless of whether support is provided by Google or a Subprocessor . | Premium | |
| The Brazil Data Boundary control package sets data location controls to support Brazil-only regions . | Free | |
| The Canada Data Boundary control package sets data location controls to support Canada-only regions . | Free | |
| The Canada Data Boundary and Support control package sets data location controls to support Canada-only regions . Support access controls for first-level and second-level support are set to personnel who are legally eligible to work in Canada and physically located within the country of Canada, regardless of whether support is provided by Google or a Subprocessor . | Premium | |
| The Chile Data Boundary control package sets data location controls to support Chile-only regions . | Free | |
| The EU Data Boundary control package sets data location controls to support EU-only regions . | Free | |
| The EU Data Boundary and Support control package sets data location controls to support EU-only regions . Support access controls for first-level and second-level support are set to personnel who are EU personnel based in the EU, regardless of whether support is provided by Google or a Subprocessor . | Premium | |
| The EU Data Boundary with Access Justifications control package sets data location controls to support EU-only regions . Support access controls for first-level and second-level support are set to personnel who are based in the EU, regardless of whether support is provided by Google or a Subprocessor , and provides data residency and data sovereignty assurances for EU-based customers. | Premium | |
| The Hong Kong Data Boundary control package sets data location controls to support Hong Kong-only regions . | Free | |
| The India Data Boundary control package sets data location controls to support India-only regions . | Free | |
| The Indonesia Data Boundary control package sets data location controls to support Indonesia-only regions . | Free | |
| The Israel Data Boundary control package sets data location controls to support Israel-only regions . | Free | |
| The Israel Data Boundary and Support control package sets data location controls to support Israel-only regions . Support access controls for first-level and second-level support are set to personnel who are either security-cleared Israeli Personnel located in Israel or US Persons who have completed enhanced background checks located in the US, regardless of whether support is provided by Google or a Subprocessor . | Premium | |
| The Japan Data Boundary control package sets data location controls to support Japan-only regions . | Premium | |
The Kingdom of Saudi Arabia (KSA) Data Boundary with Access
Justifications control package is restricted to customers with a
billing address that is located outside of KSA, whether for a
business, residence, or a domicile. This control package sets data
location controls to support the me-central2
region
. |
Free | |
| The Qatar Data Boundary control package sets data location controls to support Qatar-only regions . | Free | |
| The Singapore Data Boundary control package sets data location controls to support Singapore-only regions . | Free | |
| The South Africa Data Boundary control package sets data location controls to support South Africa-only regions . | Free | |
| The South Korea Data Boundary control package sets data location controls to support South Korea-only regions . | Free | |
| The Switzerland Data Boundary control package sets data location controls to support Switzerland-only regions . | Free | |
| The Taiwan Data Boundary control package sets data location controls to support Taiwan-only regions . | Free | |
| The UK Data Boundary control package sets data location controls to support UK-only regions . | Free | |
| The US Data Boundary control package sets data location controls to support US-only regions . | Free | |
| The US Data Boundary and Support control package sets data location controls to support US-only regions . Support access controls for first-level and second-level support are set to personnel who are US Persons and are located in the US, regardless of whether support is provided by Google or a Subprocessor . | Premium |
Regulatory data boundaries
Control package
Description
Pricing tier
The Data Boundary for Canada Protected B control package sets data
location controls to support Canada-only regions
.
Support access controls for first-level and second-level support
are set to Canadian support personnel who have completed Reliability
Status screenings, regardless of whether support is provided by
Google or a Subprocessor
.
The Data Boundary for Criminal Justice Information Systems (CJIS)
control package sets data location controls to support US-only regions
.
Support access controls for first-level and second-level support
are set to personnel who have completed CJIS background checks and
are located in the US, regardless of whether support is provided by
Google or a Subprocessor
. This
means that Assured Workloads support cases are restricted
to CJIS-adjudicated first-level and second-level support staff
located in the US. Escorted session controls are also used to
supervise and monitor support actions by non-adjudicated staff. See
the CJIS compliance card
for more information.
The Data Boundary for FedRAMP High control package sets data
location controls to support US-only regions
.
Support access controls for first-level and second-level support are
set to personnel who have completed enhanced background checks and
are located in the US, regardless of whether support is provided by
Google or a Subprocessor
. This means that
Assured Workloads support cases are restricted to
FedRAMP-adjudicated first-level and second-level support staff
located in the US. See the FedRAMP compliance card
For more information.
The Data Boundary for FedRAMP Moderate control package sets
support access controls for first-level support personnel who have
completed enhanced background checks, regardless of whether support
is provided by Google or a Subprocessor
. This means that
Assured Workloads support cases are restricted to
FedRAMP-adjudicated first-level support staff. See the FedRAMP compliance card
for more information.
The Data Boundary for IL2 control package sets data location
controls to support US-only regions
.
Support access controls for first-level and second-level support are
set to personnel who have completed enhanced background checks, are
US Persons, and are located in the United States, regardless of
whether support is provided by Google or a Subprocessor
. See the United States Defense Information Systems compliance card
for more information.
The Data Boundary for IL4 control package sets data location
controls to support US-only regions
.
Support access controls for first-level and second-level support are
set to personnel who have completed enhanced background checks, are
US Persons, and are located in the United States, regardless of
whether support is provided by Google or a Subprocessor
. See the United States Defense Information Systems compliance card
for more information.
The Data Boundary for IL5 control package sets data location
controls to support US-only regions
.
Support access controls for first-level and second-level support are
set to personnel who have completed enhanced background checks, are
US Persons, and are located in the United States, regardless of
whether support is provided by Google or a Subprocessor
. See the United States Defense Information Systems compliance card
for more information.
The Data Boundary for ITAR control package sets data location
controls to support US-only regions
.
Support access controls for first-level and second-level support are
set to personnel who are US Persons, and are located in the US,
regardless of whether support is provided by Google or a Subprocessor
. This means that
Assured Workloads support cases are restricted to US
Persons for first-level and second-level support staff located in
the US. See the ITAR compliance card
for
more information.
The Data Boundary for IRS Publication 1075 control package sets
data location controls to support US-only regions
.
Support access controls for first-level and second-level support are
set to personnel who have completed fingerprint-based CJIS
background checks, state-level law enforcement checks, and
citizenship verification, regardless of whether support is provided
by Google or a Subprocessor
. This
means that Assured Workloads support cases are restricted
to background checked first-level and second-level support staff
located in the US. Escorted session controls are also used to
supervise and monitor support actions by non-background checked
staff.
The US Data Boundary for Healthcare and Life Sciences control
package supports data location controls restricted to US-only regions
.
Each in-scope service must meet the following requirements:
- Listed on Google Cloud's HIPAA Business Associate Agreement (BAA) page
- Listed on Google Cloud's HITRUST Common Security Framework (CSF) page
- Supports Cloud KMS Customer-managed encryption keys (CMEK)
- Supports VPC Service Controls
- Supports Access Transparency logs and Access Approval requests
- Supports at-rest data residency restricted to US locations
The US Data Boundary for Healthcare and Life Sciences with Support
control package supports data location controls restricted to US-only regions
.
Each in-scope service must meet the following requirements:
- Listed on Google Cloud's HIPAA Business Associate Agreement (BAA) page
- Listed on Google Cloud's HITRUST Common Security Framework (CSF) page
- Supports Cloud KMS Customer-managed encryption keys (CMEK)
- Supports VPC Service Controls
- Supports Access Transparency logs and Access Approval requests
- Supports at-rest data residency restricted to US locations
What's next
- Learn how to create an Assured Workloads folder
- Learn more about controlling access to data by personnel
- Learn which products are supported for each control package
