SecOps Services in Scope by Compliance Program
Last modified: October 30, 2024
Capitalized terms have the meaning stated in the applicable agreement between Customer and Google.
A done in the table below indicates that the Service (row) is in scope for the specified certification or report (column).
| Service |
ISO 27001 Certification |
ISO 27017 Certification |
ISO 27018 Certification |
SOC 1 Report |
SOC 2 Report |
SOC 3 Report |
PCI DSS Certification |
|---|---|---|---|---|---|---|---|
|
Google Security Operations
|
done In scope | done In scope | done In scope | done In scope | done In scope | done In scope | done * In scope |
|
Mandiant Consulting Services
|
done In scope | done In scope | done In scope | done In scope | done In scope | ||
|
Mandiant Security Validation
|
done In scope | done In scope | done In scope | done In scope | done In scope | ||
|
Mandiant Advantage Threat Intelligence
|
done In scope | done In scope | done In scope | done In scope | done In scope | ||
|
Mandiant Attack Surface Management
|
done In scope | done In scope | done In scope | done In scope | done In scope | ||
|
Mandiant Managed Defense
|
done In scope | done In scope | done In scope | done In scope | done In scope | done In scope |
*Subject to specific service configuration by customer. Certain features (e.g., Google Security Operations Looker integration) are not included in certification.
PREVIOUS VERSIONS
