0

Can anyone share me whether Google Cloud has a bridge/gap letter like other cloud platforms or not. Or maybe it is in other name but having the same purpose to identify and address any material changes to the internal control environment that have occurred during the “gap” period for the period that didn't covered by the SOC 2 Type 2 report.

I've tried to look for it on Compliance Reports Manager and also contact Google Cloud agent, but still not get the answer I want.

Rawisara
  • 1

1 Answers1

0

Actually Google Cloud has its own bridge/gap letter, its name is Compliance Reports Manager which provides easy on-demand access to some of the compliance reports.

Some of the reports available in the Compliance Reports Manager including SOC1 ,SOC2, PCI DSS, CSA Star, BSI C5, ISO 27001, ISO 27017, ISO 27018, SOC3, etc.

Google Cloud’s industry-leading security, third-party audits and certifications, documentation, and contract commitments help support your compliance. Compliance reports manager provides you with easy, on-demand access to these critical compliance resources, at no additional cost. Key resources include our latest ISO/IEC certificates, SOC reports, and self assessments.

In case that you need a different request you can create a Support Case with GCP and they could help you.

Jose Luis Delgadillo
  • 494
  • 2
  • 10
  • Thanks a lot !! Seems like Google cloud has only 'SSAE18 - SOC 2 AICPA Trust Service Criteria' Dec 16, 2020 that is relevant to SOC 2. And the cover period is from 1 Nov 2019-31Oct2020. – Rawisara Feb 18 '21 at 03:30
  • As I mentioned, if you need something more specific you could request it in a [Support case](https://console.cloud.google.com/support). On the other hand, if you find my answer useful, please consider upvoting/accepting it, thank you! – Jose Luis Delgadillo Feb 18 '21 at 13:54