Page 18 - google-cloud-security-and-compliance-whitepaper
P. 18
specifically prohibited by law or court order.
Third-party suppliers
Google directly conducts virtually all data processing activities to provide
our services. However, Google may engage some third-party suppliers
to provide services related to G Suite, including customer and technical
support. Prior to onboarding third-party suppliers, Google conducts an
assessment of the security and privacy practices of third-party suppliers
to ensure they provide a level of security and privacy appropriate to their
access to data and the scope of the services they are engaged to provide.
Once Google has assessed the risks presented by the third-party supplier,
the supplier is required to enter into appropriate security, confidentiality,
and privacy contract terms.
Regulatory Compliance
Our customers have varying regulatory compliance needs.
Our clients operate across regulated industries, including
finance, pharmaceutical and manufacturing.
Google contractually commits to the following:
• Google will maintain adherence to ISO 27001, ISO 27018 and SOC 2/3
audits during the term of the agreement;
• Defined Security Standards. Google will define how data is processed,
stored, and protected through specific defined security standards;
• Access to our Data Privacy Officer. Customers may contact Google’s
Data Privacy Officer for questions or comments;
• Data Portability. Administrators can export customer data in
standard formats at any time during the term of the agreement.
Google does not charge a fee for exporting data.
Data processing amendment
Google takes a global approach to our commitments on data processing.
Google and many of our customers operate in a global environment. G Suite
offers a Data Processing Amendment and EU Model Contract Clauses to
facilitate compliance with jurisdictional-specific laws or regulations. Your
organization can opt into our data processing amendment by following the
instructions in our Help Center.
14
