Stay organized with collectionsSave and categorize content based on your preferences.
Preview
This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section
of theService Specific Terms.
Pre-GA features are available "as is" and might have limited support.
For more information, see thelaunch stage descriptions.
Complete the following steps to enable Compliance Manager at the
organization level:
To get the permissions that
you need to enable Compliance Manager,
ask your administrator to grant you the
following IAM roles on your organization:
Enable Compliance Manager using one of the following methods:
If you haven't activated Security Command Center in your organization, thenactivate
Security Command Center Enterprise. Compliance Manager is
automatically enabled as part of that process.
If you've already activated the Enterprise service tier of
Security Command Center, add Compliance Manager using theActivate
Compliance Managerpage.
The Cloud Security Compliance service agent
(service-org-ORGANIZATION_ID@gcp-sa-csc-hpsa.iam.gserviceaccount.com) is created when you enable
Compliance Manager. Compliance Manager uses this
service agent to access resources in your organization.
The following frameworks are applied to the organization automatically:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["| **Preview**\n|\n|\n| This feature is subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section\n| of the [Service Specific Terms](/terms/service-terms#1).\n|\n| Pre-GA features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\n\u003cbr /\u003e\n\n| Enterprise [service tier](/security-command-center/docs/service-tiers) (requires [organization-level activation](/security-command-center/docs/activate-scc-overview#overview_of_organization-level_activation))\n\nComplete the following steps to enable Compliance Manager at the\norganization level:\n\n1.\n\n To get the permissions that\n you need to enable Compliance Manager,\n\n ask your administrator to grant you the\n following IAM roles on your organization:\n\n - [Organization Policy Administrator](/iam/docs/roles-permissions/orgpolicy#orgpolicy.policyAdmin) (`roles/orgpolicy.policyAdmin`)\n - [Security Center Admin Editor](/iam/docs/roles-permissions/securitycenter#securitycenter.adminEditor) (`roles/securitycenter.adminEditor`)\n\n\n For more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\n You might also be able to get\n the required permissions through [custom\n roles](/iam/docs/creating-custom-roles) or other [predefined\n roles](/iam/docs/roles-overview#predefined).\n2. Enable Compliance Manager using one of the following methods:\n - If you haven't activated Security Command Center in your organization, then [activate\n Security Command Center Enterprise](/security-command-center/docs/activate-enterprise-tier). Compliance Manager is automatically enabled as part of that process.\n - If you've already activated the Enterprise service tier of Security Command Center, add Compliance Manager using the **Activate\n Compliance Manager** page.\n\n [Go to Activate Compliance Manager](https://console.cloud.google.com/security/command-center/config/service-activation;serviceName=complianceManager)\n3. When you enable Compliance Manager, the following services are also enabled:\n - [Sensitive Data Protection](/sensitive-data-protection/docs/sensitive-data-protection-overview) to use data sensitivity signals for default data risk assessment.\n - [Event Threat Detection](/security-command-center/docs/concepts-event-threat-detection-overview) (part of Security Command Center) at the organization level.\n - [Data Security Posture Management](/security-command-center/docs/dspm-data-security) for data security frameworks.\n - [AI protection](/security-command-center/docs/ai-protection-overview) for AI security frameworks.\n4. The Cloud Security Compliance service agent (`service-org-`\u003cvar translate=\"no\"\u003eORGANIZATION_ID\u003c/var\u003e`@gcp-sa-csc-hpsa.iam.gserviceaccount.com`) is created when you enable Compliance Manager. Compliance Manager uses this service agent to access resources in your organization.\n5. The following frameworks are applied to the organization automatically:\n - AI Protection\n - Data Security and Privacy Essentials\n6. \n\n\u003cbr /\u003e\n\nWhat's next\n\n- [Configure IAM roles for your compliance\n users](/security-command-center/docs/access-control-org#compliance-manager).\n- [Apply a framework](/security-command-center/docs/compliance-manager-apply-framework).\n- [Configure Data Security Posture Management](/security-command-center/docs/docs/dspm-data-security).\n- [Configure AI Protection](/security-command-center/docs/configure-ai-protection)."]]
