Google Workspace
security audit

Find out if your company data is safe in the age of remote working, mobile devices and public clouds

Write to us

By 2025, up to 99% of cloud security incidents will be due to a user error. Such vulnerabilities can be effectively prevented.

What is a security audit?

A security audit involves a detailed check of your Google Workspace instance’s settings to ensure that it is secure against data leaks, cyberattacks, or fraudulent employee actions.

Remember that the security concept in the cloud is based on the Shared Responsibility Model

Cloud provider
Takes care of the physical infrastructure security

Secures access to their data, systems, and applications.

The Google Workspace suite complies with stringent ISO/EIC 27001, SOC 2/3, and FedRAMP standards. However, even the best-protected cloud environment will not guarantee the security of your company data if you leave the door ajar for cybercriminals.

Why carry out a security audit?

Consider what will happen if:

Your accountant's work laptop falls into the wrong hands?
Someone takes over access to the drives on which you store sensitive data?
An email from which you previously sent company card details will be hacked?
A rogue manager will pass on confidential information to a competitor?
Your lawyers will need information from an already deleted email?

With a security audit:

You will find out who is sharing company data within and outside your organisation.
You will implement two-step verification and seal access to resources stored in the cloud.
You will gain the ability to restore data after malicious or accidental deletion.
You will learn about advanced security settings for the applications included in the suite.
You will reduce the risk of unauthorised access to Google Workspace accounts on mobile devices.

Check the security level of your data

What areas will we examine?

During the Basic Security Audit we will perform a detailed analysis of over 150 risk points in eight key areas.

Identity verification and authentication

Including account recovery, password management, multi-factor authentication, and SSO.


Including access control for IT service management staff and Google Vault.

Application integration

Including management of add-ons and third-party access according to the OAuth standard.

Security operations

Including alerts for administrators, threat analysis tool, and incident response handling.

Mail settings

Including authentication, encryption, security, and compliance with various requirements.

Drive settings

Including sharing settings, synchronisation tools, and DLP rules.

Other service settings

Including access control for Calendar, Chat, Spaces, Groups, Meet, or Websites.

Device management

Including control policies for browsers, mobile and desktop devices.

Extended Audit additionally encompasses the following elements

Google Drive Sharing

Export of all Google Drive shares by users on their own and on shared drives.

Google Chrome Audit

Verifying Google Chrome security-critical settings on user devices.

External Applications

Export of a list of all external applications (along with their permissions) which users allowed to access company data.

How is the process going?

An FOTC security audit Audyt proceeds in five stages and lasts four weeks.


A kick-off meeting, where we will get to know your organisation's needs, plan the process, and set up working teams.


Carrying out an audit, meaning a detailed review of the security settings of your company's Google Workspace instance.


Recommendations – we will prepare a list of guidances to be implemented to increase your company's cyber security level.


A workshop, where we will provide Your team with a step-by-step explanation how to implement the highest priority changes – we will suggest how to solve specific problems and present best practices.


Certificate - you will receive a document confirming the audit.

Download the report excerpt

If you would like to get familiar with the level of detail in analysis and understand better what you can expect from the FOTC audit, download an extract of a sample report. You will receive post-audit recommendations in the form of a PDF file and a special spreadsheet (with links to documentation) that will help you coordinate and monitor change implementation.

View report sheet

How much does an audit cost?

Basic Audit


Order audit
Identity and Authentication verification
Application integration
Security-related operations
Mail settings
Drive settings
Other service settings
Device management

Extended Audit


Order audit
Identity and Authentication verification
Application integration
Security-related operations
Mail settings
Drive settings
Other service settings
Device management
Google Drive sharing list
Google Chrome Audit
External Application Permission List
Video of "Basic Security for Users"

Google Cloud partner support

Since 2014, our specialists have moved more than 2,500 companies to the cloud. Today we take care of almost 150,000 Google Workspace licences. You, too, can benefit from our knowledge and experience. During the four weeks of the security audit, we will always be in touch with you. We will support you with implementing the most critical changes, advise you on actions to take in the future, and answer all your questions.

Order an audit

What do our customers say about us?

The best supporters of our brand are customers. Learn about their opinions on cooperation with FOTC.

Piotr Pisarz

Co-Founder and CEO at Uncapped

Thanks to the collaboration with FOTC, we pay less for the same Google Cloud services and use a more convenient payment method. We can also rely on technical support, both for ad hoc requests and larger projects. Having such a partner, we can even more benefit from Google Cloud technologies and Google Workspace applications.

Kamil-Kik, CEO

Kamil Kik


The first licenses were implemented in direct collaboration with Google, but we later discovered that there were rebates and technical support associated with using the local partner's services. It is good to know that there is someone who can always offer support in Polish language, with new challenges related to the use of the service.

Piotr Buszka

Piotr Buszka

Co-Founder w feeCOMPASS

Google Cloud services allow us stress-free scaling of the system, which also translates into business scalability. Thanks to the high availability of infrastructure and monitoring of service efficiency, we can in good conscience establish cooperation with large customers, who have high expectations.


Our competence


No, the auditor won't have access to your data - neither on the Drive nor on your mail. They will only be able to see general information about the space taken up in these applications. In the reports, they will also see the basic information about the activities performed on the Drive. You can always check the extent of the activities performed by the auditor in the administration logs.

Not if you are our customer and do not block reseller access to the Google Workspace instance. Otherwise, creating an account for auditors may be necessary.

No, our auditors will prepare a list of recommendations for you to implement to improve your company's security level. However, you will need to decide whether to implement them in the console. Your team members will be responsible for making any changes. They are the ones who know best how to break down the process so as not to disrupt users in your organisation. However, if your company lacks the proper resources to implement the post-audit recommendations, we can offer our support in this area too. We can implement the changes as part of your technical support package or extra consultations.

We will provide you with a comprehensive PDF file containing a set of specific changes and best security practices that you should implement and follow in your company. Additionally, you will receive a spreadsheet with links to documentation that will help you coordinate and monitor the change implementation process. During the workshop concluding the audit, we will discuss the key points and answer any questions You may have, to help you plan the process. You can download an excerpt from a sample report here.

No, we do not.

Yes, you can count on us in this regard.

Unfortunately no. Since we do not enforce our recommendations and we have no control over whether the recommended changes are implemented, we cannot provide you with a certification. Nevertheless, you will receive our badge and statement confirming the completion of an FOTC audit.

Yes, we will explain how to introduce the key changes and answer all your questions.

We will have access to the administration console settings. We recommend that the company we are auditing is our customer and that the instance has open reseller access. Then you can be sure that we are not privy to any sensitive data you store in Gmail, Drive and other services.

There is no need for your employees to be present at every stage. We will need your team only to grant access to the console, complete the form, and turn up at the workshop. We will take care of the rest ourselves.