Overview of Assured Workloads
This page provides information about Assured Workloads.
What is Assured Workloads?
Assured Workloads provides Google Cloud users with the ability to apply controls to a folder in support of regulatory, regional, or sovereign requirements.
When to use Assured Workloads
You can use Assured Workloads to achieve compliance-based outcomes on Google Cloud, using the following controls to support your requirements:
Data residency: Ensures Google Cloud customer data is stored in a customer-selected Google Cloud region. If a customer's developer attempts to store data at rest in a region outside of the selection, the action will be blocked.
Learn more about Data residency.
Data sovereignty: Ensures Google Cloud customers have mechanisms to exercise independent control over service provider's access to their data, approving access only for specific provider behaviors that are deemed appropriate and necessary by the customer.
The Sovereign Controls for EU control package is a key component of data sovereignty. See Restrictions and limitations in Sovereign Controls for EU for more information.
Personnel data access controls based on attributes: Ensures that only Google personnel who are able to satisfy certain physical location and background check requirements are able to access Google Cloud customer data when fulfilling support obligations. For example, Impact Level 4 (IL4) requires anyone accessing data be a US Person who has completed an ADP-1 Single Scope Background Investigation (SSBI).
Learn more about Personnel data access controls based on attributes.
Personnel support case ownership controls based on attributes: Ensures that only Google support personnel who satisfy certain requirements are able to provide support to Assured Workloads customers.
Learn more about Personnel support case ownership controls based on attributes.
Encryption: Google-owned and Google-managed encryption keys, provided by default, are FIPS-140-2 compliant and support FedRAMP Moderate compliance. Customer-managed encryption keys (CMEK) represent an added layer of control and separation of duties. For example, IL4 requires FIPS 140-2 validated modules.
Learn more about Supporting compliance with key management.
When not to use Assured Workloads
How to use Assured Workloads
You are required to create an organization prior to using Assured Workloads.
After you create an organization, create an Assured Workloads folder to start using Assured Workloads.
Control package renaming notice
Assured Workloads uses control packages to refer to sets of controls that support the baseline for a compliance framework, statute, or regulation. We will be changing the names for control packages in the console and APIs in June 2025.
The following table describes the upcoming and current names for some of the control packages. Only the names have changed; the underlying functionality has not changed.
| Upcoming name | Current name |
|---|---|
Australia Data Boundary |
Australia Regions |
Australia Data Boundary and Support |
Australia Regions with Assured Support |
Brazil Data Boundary |
Brazil Regions |
Canada Data Boundary |
Canada Regions |
Canada Data Boundary and Support |
Canada Regions and Support |
Chile Data Boundary |
Chile Regions |
Data Boundary for Canada Controlled Goods |
Canada Controlled Goods |
Data Boundary for Canada Protected B |
Canada Protected B |
Data Boundary for CJIS |
Criminal Justice Information Systems (CJIS) |
Data Boundary for FedRAMP High |
FedRAMP High |
Data Boundary for FedRAMP Moderate |
FedRAMP Moderate |
Data Boundary for Impact Level 2 (IL2) |
Impact Level 2 (IL2) |
Data Boundary for Impact Level 4 (IL4) |
Impact Level 4 (IL4) |
Data Boundary for Impact Level 5 (IL5) |
Impact Level 5 (IL5) |
Data Boundary for IRS Publication 1075 |
IRS Publication 1075 |
Data Boundary for ITAR |
International Traffic in Arms Regulations (ITAR) |
EU Data Boundary |
EU Regions |
EU Data Boundary and Support |
EU Regions and Support |
EU Data Boundary with Access Justifications |
Sovereign Controls for EU |
Hong Kong Data Boundary |
Hong Kong Regions |
India Data Boundary |
India Regions |
Indonesia Data Boundary |
Indonesia Regions |
Israel Data Boundary |
Israel Regions |
Israel Data Boundary and Support |
Israel Regions and Support |
Japan Data Boundary |
Japan Regions |
Kingdom of Saudi Arabia Data Boundary with Access Justifications |
Sovereign Controls for Kingdom of Saudi Arabia (KSA) |
Qatar Data Boundary |
Qatar Regions |
Singapore Data Boundary |
Singapore Regions |
South Africa Data Boundary |
South Africa Regions |
South Korea Data Boundary |
South Korea Regions |
Switzerland Data Boundary |
Switzerland Regions |
Taiwan Data Boundary |
Taiwan Regions |
UK Data Boundary |
UK Regions |
US Data Boundary |
US Regions |
US Data Boundary and Support |
US Regions and Support |
US Data Boundary for Healthcare and Life Sciences |
Healthcare and Life Sciences Controls |
US Data Boundary for Healthcare and Life Sciences with Support |
Healthcare and Life Sciences Controls with US Support |
What's next
- Learn how to create an Assured Workloads folder.
- Learn which products are supported for each control package.