Skip to content

GCP

Status

Status: Limited peer review

TDA Precedence

TDA Submission Relationship
67 Digital Admissions Influenced by
75 Activate Account Used in answers and approved (version 0.1.0)

NFRs

NFRs Relationship
NFR.023 Potentially Answers
NFR.024 Potentially Answers
NFR.025 Potentially Answers
NFR.079 Potentially Answers
NFR.082 Potentially Answers
NFR.049 Partially Answers
NFR.050 Partially Answers
NFR.053 Partially Answers

Means to achieve

1 - GCP services

There are no licensing restrictions for most parts of the service. Adding environments does incur additional costs.

There are no limitations on how data is moved or transformed between environments. Moving production data to non-production environments only occurs under careful consideration and is generally avoided for UK GDPR and general security best practices.

GCP is one of the big 3 cloud providers. All providers are multi-tenancy with strong, mature and well trusted isolation mechanisms.

All GCP services used are covered by their ISO 27017 certification https://cloud.google.com/security/compliance/iso-27017.

All GCP services used are covered by their ISO 27001 certification https://cloud.google.com/security/compliance/iso-27001.

Services are a predominately deployed to europe-west2 (some managed services are multi-region in nature) which is a "Low CO2" region.

Estimated CO2 emission data is available per project.

Details of responsibility split between GCP and UIS is documented here: https://cloud.google.com/terms/secops

Privileged access to cloud resources (e.g. production database read access) is only available through a dedicated admin account. See https://guidebook.devops.uis.cam.ac.uk/explanations/gcloudadmin-accounts/#more-information.

Compliance Requirements