For CloudSQL MySQL databases, you can have a look at the Cloud SQL database disaster recovery documentation:

Overview

In Google Cloud, database disaster recovery (DR) is about providing continuity of processing, specifically when a region fails or becomes unavailable. Cloud SQL is a regional service (when Cloud SQL is configured for HA). Therefore, if the Google Cloud region that hosts a Cloud SQL database becomes unavailable, then the Cloud SQL database also becomes unavailable.

To continue processing, you must make the database available in a secondary region as soon as possible. The DR plan requires you to configure a cross-region read replica in Cloud SQL. A failover based on export/import is also possible, but that approach takes longer, especially for large databases.

DR architecture

The following diagram shows the minimal architecture that supports database DR for an HA Cloud SQL instance: The architecture works as follows:

• Two instances of Cloud SQL (a primary instance and a standby instance) are located in two separate zones within a single region (the primary region). The instances are synchronized by using regional persistent disks.
• One instance of Cloud SQL (the cross-region read replica) is located in a second region (the secondary region). For DR, the cross-region read replica is set up to synchronize (by using asynchronous replication) with the primary instance using a read replica setup.

The primary and standby instances share the same regional disk, so their states are identical.

For the case of Filestore, the Back up data for disaster recovery documentation shows you how to back up data for disaster recovery using Filestore backups.

Backing up data for disaster recovery

Imagine that you have a Filestore instance in us-west1-c, and you want to protect your data against disasters that affect this region. You can schedule a job that regularly creates backups of this instance to a remote region, say us- east1. If a disaster occurred involving us-west1-c, you can create a new instance in another location from any previous backup.

Finally, the Getting started with Backup and DR: protect and recover a Compute Engine instance exercise guides you through the steps of discovering and protecting a Compute Engine instance, and finally mounting a fully-functional new Compute Engine instance from the backup image to a new location

As shown in the Google Cloud documentation related to SOC 2:

Google Cloud undergoes a regular third-party audit to certify individual products against this standard. Audit Reports

SOC 2 Type 2 reports are issued semi-annually around June and December (period ending 30-April and 31-October) and can be requested via the Compliance Reports Manager, for Google Cloud and Google Workspace. Google creates a total of 3 bridge letters¹⁾ covering a 3 month period on 12/31, 3/31, and 6/30 and are issued 2 weeks after the period ends (e.g. April bridge letter includes January 1 - March 31). Bridge letters can only be created looking back on a period that has already passed. Additionally, bridge letters can only be issued up to a maximum of 6 months after the initial reporting period end date.

Bridge Letters are available separately from the compliance reports manager, and can be obtained by contacting sales.

Potential customers can reach out to sales for more information.

¹⁾Bridge Letters are only available for SOC 1 and SOC 2 Reports

Also there is a list with the Google Cloud services in scope for SOC 2.

See also:

• Hosting Web Applications on Google Cloud: An Overview