3. Employing technologies that automatically
remedy certain dangerous situations.
Google maintains incident response
procedures to help ensure prompt notification
and investigation of incidents.
Google has a rigorous incident management
process for security events that may affect the
confidentiality, integrity, or availability of
systems or data. If an incident occurs, the
security team logs and prioritizes it according to
its severity. Events that directly impact
customers are assigned the highest priority.
This process specifies courses of action,
procedures for notification, escalation,
mitigation, and documentation. Google’s
security incident management program is
structured around the NIST guidance on
handling incidents (NIST SP 800–61). Key staff
are trained in forensics and handling evidence
in preparation for an event, including the use of
third-party and proprietary tools. Testing of
incident response plans is performed for key
areas, such as systems that store sensitive
customer information. These tests take into
consideration a variety of scenarios, including
insider threats and software vulnerabilities. To
help ensure the swift resolution of security
incidents, the Google security team is available
24/7 to all employees. If an incident involves
customer data, Google or its partners will
inform the customer and support investigative
efforts via our support team.
Due to the fact that the incident response
system is standardized, customization of the
notification process is not supported for each
tenant.
The terms of service cover roles and
responsibilities. https://cloud.google.com/terms/
Google performs annual testing of its
emergency response processes.
Google reviews and analyzes security incidents
to determine impact, cause and opportunities
for corrective action.
The amount of security incident data is
currently statistically insignificantly small.