Google Workspace Compliance Monitoring

Secure Google Workspace with continuous configuration assessment

Evaluate identity, Gmail, Drive, Calendar, application access and data-sharing controls from a single platform.

Google Workspace
CIS Benchmark assessment
89
Security controls
11
Fully API-supported
28
Partially API-supported
2
Evidence-assisted controls

What we assess

Coverage across your Workspace environment

89 checks across 10+ Workspace security areas

Directory

Directory and administrator accounts

Gmail

Gmail security and authentication

Drive & Docs

Drive and Docs sharing

Calendar

Calendar access controls

Chat & Groups

Google Chat and Groups

Applications

OAuth and third-party applications

Session security

Session and sign-in security

Data protection

DLP and security reporting

Detection

Suspicious activity rules

Automation coverage

What we can collect — and what we refuse to guess

We separate what the CIS benchmark labels automated from what public APIs can reliably return today.

11
Full API
28
Partial API
2
API-assisted evidence
48
Evidence / manual workflow

We never mark an environment compliant when the required configuration cannot be reliably retrieved. Unsupported or incomplete evidence is reported as Unknown, not Passed.

Evidence integrity

  • 2 API-assisted evidence controls
  • 48 manual or authoritative evidence controls
  • 0 unsupported checks silently marked compliant

What you receive

Every assessment produces

1 overall compliance score
4 result states: Compliant, Non-compliant, Not applicable, Unknown
Control-level evidence
Risk-based findings
Step-by-step remediation guidance
Framework mappings
Downloadable audit report
Historical configuration tracking

Four result states — not Pass/Fail guesses

Compliant

All required conditions were verified.

Non-compliant

At least one required condition was not met.

Not applicable

The control is outside the documented scope.

Unknown

Data or permission was insufficient — the result was not guessed.

Example findings

What assessments actually surface

Super Admin Redundancy Risk

Only 1 Super Admin account detected. Recommended minimum: 2.

External Drive Sharing Detected

37 files are accessible outside the organization.

Third-Party Application Risk

12 applications have access to sensitive Google Workspace scopes.

MFA Coverage Gap

18 of 240 users are not enrolled in 2-Step Verification.

Example findings shown for demonstration purposes.

How it works

Connect, assess, remediate

01

Connect

Authorize read-only access using delegated OAuth or service credentials.

Guided read-only connection
02

Assess

Trusteed collects configuration, identity, policy and activity evidence from the connected environment.

89 checks per Google Workspace tenant
03

Remediate

Review prioritized findings, evidence and remediation steps from a single dashboard.

1 remediation workflow per failed control

Framework mapping

Map technical findings to the frameworks your customers and auditors care about.

One technical check. Multiple compliance frameworks.

CIS Controls v8SOC 2ISO/IEC 27001NIST CSFHIPAAPCI DSSFedRAMP

Secure by design

Least privilege. Read-only. No guessed Pass.

Read-only by default
0 customer passwords stored
4 result states — no false Pass on missing evidence
Least-privilege OAuth scopes
Tenant-isolated data processing
Complete evidence timestamps

Domain-wide delegation is used only for controls requiring per-user Gmail, Calendar or Drive evidence.

Benchmark reference

Version and coverage details

Benchmark
CIS Google Workspace Foundations Benchmark
Version
v1.3.0
Published
June 30, 2025
Control count
89
Supported profiles
Enterprise Level 1 and Level 2
Integration version
Trusteed Integration v1.x
Last updated
July 2026

Start assessing Google Workspace continuously

Connect read-only access, run the full control set, and get evidence-backed results — Compliant, Non-compliant, Not applicable, or Unknown.