This page provides a high-level view of the compliance certifications and security controls that are supported by Agent Search.
Certifications
Agent Search has various compliance certifications.
To find out if a product has a compliance certification, search for the product name in the security pages; for example, the following:
- FedRAMP
- ISO 27001
- ISO 27017
- ISO 27018
- ISO 27701
- SOC 1
- SOC 2
- SOC 3
- PCI DSS
- BSI C5:2020
- HIPAA—Agent Search Pre-GA offerings are included in the Google Cloud Business Associate Agreement (BAA). If you will be using Agent Search to store or process Protected Health Information in a manner subject to the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and/or any amendments or regulations under HIPAA, you must enter into an appropriate BAA with Google. For more information, see HIPAA Compliance on Google Cloud.
Security controls
Agent Search provides security horizontals. The CMEK controls are only available in the Enterprise Edition.
| Security controls compliance | Standard Edition | Enterprise Edition |
|---|---|---|
| Data Residency (DRZ) | ✔ US and EU multi-region APIs only | ✔ US and EU multi-region APIs only |
| Customer-managed encryption keys (CMEK) | ✘ | ✔ US and EU multi-region APIs only * |
| VPC Service Controls | ✔ | ✔ |
| Access Transparency | ✔ US and EU multi-regions only | ✔ US and EU multi-regions only |
* Using external key manager (EKM) or hardware security module (HSM) with CMEK is in GA with allowlist.
The following table identifies security controls for RAG APIs.
| Security controls compliance | Ranking API | Grounded generation API | Check grounding API |
|---|---|---|---|
| Data Residency (DRZ) | N/A | N/A | N/A |
| Customer-managed encryption keys (CMEK) | N/A | N/A | N/A |
| VPC Service Controls | ✔ | ✔ | ✔ |
| Access Transparency | ✔ | ✔ | ✔ |
What's next
Learn more about Google Cloud compliance.