SOC2
built-inSOC 2 Type II compliance controls for service organizations
Access Control
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✓ |
IAM least privilege
iam_no_public
|
Ensure no IAM bindings grant access to allUsers or allAuthenticatedUsers | No public IAM bindings found. | 2026-05-19 16:15 |
| ✓ |
Organization policies enforced
org_policy_enforced
|
Verify critical organization policies are active and enforced across the organization | All required org policies enforced: iam.disableServiceAccountKeyCreation, compute.requireOsLogin. | 2026-05-19 16:15 |
Availability
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✗ |
Cloud SQL high availability
sql_ha_enabled
|
Ensure Cloud SQL instances are configured for high availability with automatic failover | Instances without HA: pioneer-demo-cl-db, pioneer-production-cl-db, pioneer-demo-wb-db, pioneer-production-wb-db, pioneer-staging-cl-db, pioneer-demo-ow-db, pioneer-staging-wb-db, pioneer-staging-ow-db | 2026-05-19 16:15 |
Encryption
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✓ |
Encryption at rest
encryption_at_rest
|
Verify all data stores use encryption at rest with customer-managed or Google-managed keys | Google Cloud encrypts all data at rest by default using AES-256. | 2026-05-19 16:15 |
Logging
| Status | Check | Description | Evidence | Last Evaluated |
|---|---|---|---|---|
| ✓ |
Audit logging enabled
audit_logging_enabled
|
Verify Cloud Audit Logs are enabled for admin activity and data access | Audit logging sink(s) found: audit-log-sink | 2026-05-19 16:15 |