STANDARDS & CERTIFICATIONS ISO 27001 (Information Security Management) ISO 27001 is one of the most widely recognized, internationally accepted independent security standards. Google has earned ISO 27001 certification for the systems, applications, people, technology, processes, and data centers that make up our shared Common Infrastructure as well as for G Suite and Google Cloud Platform. ISO 27017 (Cloud Security) ISO 27017 is an international standard of practice for information security controls based on ISO/IEC 27002, specifically for Cloud Services. Google has been certified compliant with ISO 27017 for G Suite and Google Cloud Platform. ISO 27018 (Cloud Privacy) ISO 27018 is an international standard of practice for protection of personally identifiable information (PII) in Public Cloud Services. Google has been certified compliant with ISO 27018 for G Suite and Google Cloud Platform. SSAE16 / ISAE 3402 (SOC 2/3) The American Institute of Certified Public Accountants (AICPA) SOC 2 (Service Organization Controls) and SOC 3 audit framework defines Trust Principles and criteria for security, availability, processing integrity, and confidentiality. Google has both SOC 2 and SOC 3 reports for Google Cloud Platform and G Suite. PAGE 9