Why this exists
Operational systems handle sensitive data and must remain auditable. This initiative codifies privacy rules, access controls, and evidence trails so compliance is enforced by design instead of manual review.
Measures of success
- Access controls align with least-privilege expectations.
- Audit artifacts are available for sensitive workflows.
- Privacy-sensitive fields are redacted or minimized by default.
- Compliance checks are repeatable and documented.
Active projects
- Workspace Permission Audit Pipeline (GAM)
- Google Groups Guard
- Google Group 2SV Reporter
- MDM Integration Automation (Mosyle)
Key risks
- Permission drift exposes sensitive data.
- Audit evidence is missing during incidents or reviews.
- Privacy requirements change faster than tooling updates.