ISO 27017 ISO 27017 is an international standard of practice for information security controls—based—on—ISO/IEC—27002—speciically—for—cloud—services.—Our—compliance— with—the—international—standard—was—certiied—by—Ernst—&—Young—CertifyPoint,—an— ISO—certiication—body—accredited—by—the—Dutch—Accreditation—Council—”a—member— of—the—International—Accreditation—Forum,—or—IAF).——Our—ISO—27017—certiicate—is— available here. ISO 27018 ISO 27018 is an international standard of practice for protection of personally identiiable—information—”PII)—in—public—clouds—services.—Our—compliance—with— the—international—standard—was—certiied—by—Ernst—&—Young—CertifyPoint,—an—ISO— certiication—body—accredited—by—the—Dutch—Accreditation—Council—”a—member— of—the—International—Accreditation—Forum,—or—IAF).——Our—ISO—27018—certiicate—is— available here. SOC 2/3 In—2014,—the—American—Institute—of—Certiied—Public—Accountants—”AICPA)— Assurance Services Executive Committee (ASEC) released the revised version of the Trust Services Principles and Criteria (TSP). SOC (Service Organization Controls) is an audit framework for non-privacy principles that include security, availability,—processing—integrity,—and—conidentiality.—Google—has—both—SOC— 2 and SOC 3 reports. Our SOC 3 report is available for download without a—nondisclosure—agreement.—The—SOC—3—conirms—our—compliance—with—the— principles—of—security,—availability,—processing—integrity—and—conidentiality. FedRAMP The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that is intended to expedite U.S. government agency security assessments and help agencies move to secure cloud solutions. Google maintains a FedRAMP Authorization to Operate (ATO) for Google Apps [G Suite] and App Engine. 11