Accessibility
Reports for TestGenius
TestGenius Cloud-based Testing System Voluntary Product Accessibility Template (VPAT)
Accessibility Conformance Report - International Edition (Based on VPAT Version 2.5)
Download (PDF)STAR
Reports & Certificates
CSA STAR Audit Report
The CSA’s Security, Trust and Assurance Registry Program (CSA STAR) is designed to help customers assess and select a cloud service provider through a three-step program of self-assessment, third-party audit, and continuous monitoring. (Spring 2024)
Download (PDF)CSA STAR Certificate
The CSA’s Security, Trust and Assurance Registry Program (CSA STAR) is designed to help customers assess and select a cloud service provider. This CSA STAR Level 1 - Customer Assessment Initiative Questionnaire (CAIQ) is a self-assessment that evaluates a cloud provider against CSA's Cloud Control Matrix.
Download (PDF)ISO/IEC
Statements of Applicability & Certificates
ISO/IEC 27001:2013 Certificate
ISO/IEC 27001 provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.
Download (PDF)ISO/IEC 27001:2013 Statement of Applicability
ISO/IEC 27001 provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.
Download (PDF)ISO/IEC 27001:2022 Certificate
ISO/IEC 27001 provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.
Download (PDF)ISO/IEC 27001:2022 Statement of Applicability
ISO/IEC 27001 provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.
Download (PDF)ISO/IEC 27017:2015 Certificate
ISO/IEC 27017:2015 provides guidelines for information security controls applicable to the provision and use of cloud services.
Download (PDF)ISO/IEC 27017:2015 Statement of Applicability
ISO/IEC 27017:2015 provides guidelines for information security controls applicable to the provision and use of cloud services.
Download (PDF)ISO/IEC 27018:2019 Certificate
ISO/IEC 27018 focuses on privacy and security controls for public-cloud service providers that process personally identifiable information (PII).
Download (PDF)ISO/IEC 27018:2019 Statement of Applicability
ISO/IEC 27018 focuses on privacy and security controls for public-cloud service providers that process personally identifiable information (PII).
Download (PDF)ISO/IEC 27701:2019 Statement of Applicability
Information technology -- Security techniques Enhancement to [ISO/IEC](http://ISO/IEC) 27001 for privacy management
Download (PDF)ISO/IEC 27701:2019 Certificate
ISO/IEC 27701 is the first global privacy standard that focuses on the collection and processing of personally identifiable information (PII). This standard was developed to help organizations comply with international privacy frameworks and laws.
Download (PDF)PCI
Audit Reports
PCI 3-D Secure (PCI 3DS) v1.0 Audit Report
PCI 3-D Secure is a security protocol that adds an extra layer of protection to online payments. Google Cloud has undergone a third-party audit to attest to compliance with the PCI 3DS Core Security Standard.
Download (PDF)PCI-DSS v4.0 Audit Report
PCI DSS is a set of network security and business best practices guidelines adopted by the PCI Security Standards Council to establish a “minimum security standard” to protect customers’ payment card information. The Attestation of Compliance provides formal assurance from a Qualified Security Assessor (QSA) as to adherence to the PCI DSS.
Download (PDF)SOC
Reports
SSAE18 - SOC 1 Audit Report
A SOC 1 (Service Organization Controls Report) report documents a cloud service provider’s internal controls that may be relevant to a customer’s financial reporting. This report is particularly useful for organizations that audit financial statements.
Download (PDF)RSSAE18 - SOC 1 Bridge Letter
Bridge letters are attestations made by management of the service provider, in this case, Google Cloud, and are intended to “bridge” the gap from the end date of the SOC (Service Organization Controls Report) report to the customer’s period end date. Bridge letters summarize material changes or issues identified within the internal control environment beyond the period end date of the most recent SOC report.
Download (PDF)SSAE18 - SOC 2 AICPA Trust Service Criteria Bridge Letter
Bridge letters are attestations made by management of the service provider, in this case, Google Cloud, and are intended to “bridge” the gap from the end date of the SOC report to the customer’s period end date. Bridge letters summarize material changes or issues identified within the internal control environment beyond the period end date of the most recent SOC report.
Download (PDF)SSAE18 - SOC 2 AICPA Trust Service Criteria Audit Report
Bridge letters are attestations made by management of the service provider, in this case, Google Cloud, and are intended to “bridge” the gap from the end date of the SOC report to the customer’s period end date. Bridge letters summarize material changes or issues identified within the internal control environment beyond the period end date of the most recent SOC report.
Download (PDF)SSAE18 - SOC 3 AICPA Trust Service Criteria Audit Report
The SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality.
Download (PDF)Other
Reports
Apigee Edge API Management Platform Report
Report on Google LLC’s Description of Its Apigee Edge API Management Platform and on the Suitability of the Design and Operating Effectiveness of Its Controls Relevant to Security, Availability, and Confidentiality Throughout the Period April 1, 2022 to March 31, 2023
Download (PDF)Bitsight Technologies Executive Report
A Bitsight Technologies Executive Report is a document designed to present a high-level overview of an organization's cybersecurity posture to non-technical stakeholders like executives and board members
Download (PDF)Google Cloud California Consumer Privacy Act
This whitepaper provides information to our customers about the CCPA and how Google Cloud leverages Google’s industry-leading data privacy and security capabilities to store, process, maintain, and secure customer data.
Download (PDF)HECVAT Lite 3.05 OPAC/TestGenius
Higher Education Community Vendor Assessment Toolkit (HECVAT) Lite 3.05 for OPAC/TestGenius
Download (XLSX)Network Sitemap Request - NDA
To request a copy of the TestGenius sitemap, submit this non-disclosure agreement (NDA) with your request to support@biddle.com. After we have confirmed your eligibility to recieve the sitemap, it will be sent to you.
Download (PDF)NIST Survey Report
Completed NIST survey report for Biddle Consulting Group / TestGenius for local compliance.
Download (PDF)Privacy Policy
TestGenius is part of Biddle Consulting Group. This privacy policy will explain how our organization uses the personal data we collect from you when you use our website.
Download (PDF)TestGenius Flow
A technical flow chart depicting the process and data flow during a TestGenius test administration.
Download (PDF)Biddle Consulting Group Written Information Security Program (WISP)
NIST CSF - Written Information Security Program (WISP) (05.01.2023) - Table of Contents Only.
Download (PDF)