Global Certification Overview Based on certification examination in conformity with defined requirements in ISO/IEC 17021:2015 and ISO/IEC 27006:2015, the Information Security Management System and relevant controls as defined and implemented by

Google, Inc.*

located in Mountain View, California, United States of America, are compliant with the requirements as stated in the standards: ISO/IEC 27001:2013 ISO/IEC 27017:2015 ISO/IEC 27018:2014 Publish date of this global certification overview: 18 April 2017 Expiry date of this global certification overview: 17 April 2018 EY CertifyPoint has performed certification audits for the in-scope products as listed on the back of this certification overview document. Each certified product has reference to an individual certificate number which includes details on offerings and locations.

Page 1 of 2

© Copyrights with regard to this document reside with Ernst & Young CertifyPoint B.V. headquartered at Antonio Vivaldistraat 150, 1083 HP Amsterdam, The Netherlands. All rights reserved.

Google, Inc. Global Certification Overview

The scope of this ISO/IEC 27001:2013 global certificate is bounded by the products and their offerings as listed below, along with the certificate numbers of each individual certificate.  ISO/IEC 27001:2013: G Suite Certificate number: 2012-001a

Google Cloud Platform Certificate number: 2012-001b

Ads & Analytics Certificate number: 2016-006

Android Pay Certificate number: 2016-008

Firebase Certificate number: 2012-001c

Google Common Infrastructure Certificate number: 2012-001d

 ISO/IEC 27017:2015: G Suite Certificate number: 2016-004a

Google Cloud Platform Certificate number: 2016-004b

Firebase Certificate number: 2016-004c  ISO/IEC 27018:2014: G Suite Certificate number: 2016-005a

Google Cloud Platform Certificate number: 2016-005b

Firebase Certificate number: 2016-005c

The ISMS mentioned in the above scope is restricted as defined in the scope of individual certifications. Page 2 of 2