It's my understanding that this is something that is available to anyone.  There's nothing sensitive about them -- whether I download it or you download it, it only differs in the watermark.

I would direct your client to the link and let them know that Google publishes all their compliance reports (SOC-1, 2, 3, etc.) is is free to access -- although they will need to log in.  This is the norm I think for all cloud providers (AWS calls theirs AWS Artifact, it's free, but also requires an AWS account to access). 

Hey @Maybs I am going to send you a DM regarding our next steps for this. Thank you for your patience! 🙂 

Hi @Nick_Troutini, a general response here on the solution for this might be useful for those of us following this thread (or others who get here by searching in the future) 🙂

Thanks.

Hey @SJ thanks for the feedback. With this specific instance we need to get some account information in order for us to submit a ticket on your behalf. Once that ticket is approved it will give you access to the system that allows you to send those reports out to your customers. Feel free to DM me with any more questions! 

Hi @Nick_Troutini , I also now have the need to share Google's SOC-2 and other compliance docs with a third party. I've sent you a DM already, can you please let me know how? Thanks!

Hey @SJ check your DM's! 🙂 

Hi @Nick_Troutini we have the same situation, we need to give our partner the relevant GCP SOC 2.  Can you let me know how to make that request?

Hi Nick! 

I am also in the same situation where I have a customer requesting the SOC 2 report for GCP; what avenue would I take to create a request for this? 

Thanks so much! 

Thank you!! ❤️

Hi @Nick_Troutini! I was wondering if there was an update for the form... My client is getting a little antsy. 

Thank you!

Hey @Xenon I certainly haven't forgotten about you. I will have an update for you by EOD today. 

-Nick

Thank you for the follow up, Nick! 

I'm a relatively new admin, so how would I be able to find out who the Google Representative is for my organization? 

Thank you again! 

I would ask internally to see if anyone in your org knows. If that doesn't work, shoot me a DM and we can figure it out! 

Hey Nick.

Thank you for all your support here. We're a heavy customer of GCP. Our customers are also asking for ISO 27001 and SOC 2. I wrote a direct message to you a few days ago with no reply yet. I'm not sure how to find a sales rep from Google side. Could you please help with that?

Andrei

Anyone can help here? We have a customer waiting for the docs. I'm not sure if I can share the docs or not. I contacted Google sales support with their promise to return back with the feedback but no response yet from their side either.

Hi Apetrik, 

I got in contact with SADA and they stated to me that if I have access to the Compliance reports I'm ok to share them out. Not sure if you have a third party supplier who might be able to get an answer for you. 

Hey, Xenon.

Thank you for the hint on this. As Nick previously stated, it seems like we need an NDA signed with Google to move forward with sharing. I also think that we can share as soon as we have access to the documents and the portal itself doesn't provide any requirements on the NDA. I would still like to have a final word from Google representative on this.

Andrei

Hi Andrei, 

I understand. I tried to do it last year, as you see my previous message and the representatives never got back to me. SADA is a supplier that works closely with Google support, so that may be a possible advantage if you don't hear back from Google.

I'm really surprised Nick stated you need an NDA for something like this. I didn't see that in the thread. This could be a new business opportunity for Google Cloud to obtain new customers by sharing the reports. 

Hello,

You can request additional bridge letters by submitting a support case (existing customer), or by contacting sales (new customer). 

https://cloud.google.com/support-hub

I hope this helps.

I wish it did but support has no clue what I am talking about. I have attached a screenshot showing no bridge letters available 

Thanks for the screenshot. Which SOC are you using? 

1. Try selecting the drop down "Report Type" and choose Audit Report. 

2. Type "SOC" in the search field, instead of "bridge". 

3. Find the bridge letter for either SOC 1, 2, or 3 audit report. 

I hope this helps. 

yeah they are not there. I hope someone from Google sees thiss and can help me out cause both GCP support and Workspace support don't know where to get it

We're in the same boat. The host we use is on GCP, so they sent us to the reports manager, but there's no bridge letter and I technically don't have a GCP account, so I haven't even been able to connect with anyone to ask for a bridge letter. Why is the bridge letter so hard to get when everything else is downloadable? 

Anyone from GCP listening? We need help with this. My client is also getting frustrated that I cannot provide this letter.