By 2025, up to 99% of cloud security incidents will be due to a user error. Such vulnerabilities can be effectively prevented.

What is a security audit?

A security audit involves a detailed check of your Google Workspace instance’s settings to ensure that it is secure against data leaks, cyberattacks, or fraudulent employee actions.

Remember that the security concept in the cloud is based on the Shared Responsibility Model

Cloud provider
Takes care of the physical infrastructure security

Secures access to their data, systems, and applications.

The Google Workspace suite complies with stringent ISO/EIC 27001, SOC 2/3, and FedRAMP standards. However, even the best-protected cloud environment will not guarantee the security of your company data if you leave the door ajar for cybercriminals.

Why carry out a security audit?

Consider what will happen if:

Your accountant's work laptop falls into the wrong hands?
Someone takes over access to the drives on which you store sensitive data?
An email from which you previously sent company card details will be hacked?
A rogue manager will pass on confidential information to a competitor?
Your lawyers will need information from an already deleted email?

With a security audit:

You will find out who is sharing company data within and outside your organisation.
You will implement two-step verification and seal access to resources stored in the cloud.
You will gain the ability to restore data after malicious or accidental deletion.
You will learn about advanced security settings for the applications included in the suite.
You will reduce the risk of unauthorised access to Google Workspace accounts on mobile devices.

Check the security level of your data

What areas will we examine?

During a security audit, we look at more than 150 risk points within eight key areas.

Identity verification and authentication

Including account recovery, password management, multi-factor authentication, and SSO.


Including access control for IT service management staff and Google Vault.

Application integration

Including management of add-ons and third-party access according to the OAuth standard.

Security operations

Including alerts for administrators, threat analysis tool, and incident response handling.

Mail settings

Including authentication, encryption, security, and compliance with various requirements.

Drive settings

Including sharing settings, synchronisation tools, and DLP rules.

Other service settings

Including access control for Calendar, Chat, Spaces, Groups, Meet, or Websites.

Device management

Including control policies for browsers, mobile and desktop devices.

How is the process going?

The security audit under the care of the FOTC is carried out in four stages.


A kick-off meeting, where we will get to know your organisation's needs, plan the process, and set up working teams.


Carrying out an audit, meaning a detailed review of the security settings of your company's Google Workspace instance.


Recommendations – we will prepare a list of guidances to be implemented to increase your company's cyber security level.


A workshop, to explain to your team how to deliver the changes with the highest priority.

1300 €

4 weeks

Download the report excerpt

If you would like to get familiar with the level of detail in analysis and understand better what you can expect from the FOTC audit, download an extract of a sample report.

Google Cloud partner support

Since 2014, our specialists have moved more than 2,500 companies to the cloud. Today we take care of almost 150,000 Google Workspace licences. You, too, can benefit from our knowledge and experience. During the four weeks of the security audit, we will always be in touch with you. We will support you with implementing the most critical changes, advise you on actions to take in the future, and answer all your questions.

Order an audit

What do our customers say about us?

The best supporters of our brand are customers. Learn about their opinions on cooperation with FOTC.

Piotr Pisarz

Co-Founder and CEO at Uncapped

Thanks to the collaboration with FOTC, we pay less for the same Google Cloud services and use a more convenient payment method. We can also rely on technical support, both for ad hoc requests and larger projects. Having such a partner, we can even more benefit from Google Cloud technologies and Google Workspace applications.

Kamil-Kik, CEO

Kamil Kik


The first licenses were implemented in direct collaboration with Google, but we later discovered that there were rebates and technical support associated with using the local partner's services. It is good to know that there is someone who can always offer support in Polish language, with new challenges related to the use of the service.

Piotr Buszka

Piotr Buszka

Co-Founder w feeCOMPASS

Google Cloud services allow us stress-free scaling of the system, which also translates into business scalability. Thanks to the high availability of infrastructure and monitoring of service efficiency, we can in good conscience establish cooperation with large customers, who have high expectations.


Our competence


No, the auditor won't have access to your data - neither on the Drive nor on your mail. They will only be able to see general information about the space taken up in these applications. In the reports, they will also see the basic information about the activities performed on the Drive. You can always check the extent of the activities performed by the auditor in the administration logs.

Not if you are our customer and do not block reseller access to the Google Workspace instance. Otherwise, creating an account for auditors may be necessary.

No, our auditors will prepare a list of recommendations for you to implement to improve your company's security level. However, you will need to decide whether to implement them in the console. Your team members will be responsible for making any changes. They are the ones who know best how to break down the process so as not to disrupt users in your organisation.

We provide you with a comprehensive file containing a set of guidances and security best practices you should introduce to your company. During the workshop at the end of the audit, we will discuss the key points and answer your questions so that you can plan your improvement process accordingly. You can download an excerpt from the sample report here.

No, we do not.

Yes, you can count on us in this regard.

No, because we do not enforce the implementation of our recommendations. Nor do we not have control over whether changes are implemented. All this makes it impossible for us to grant you a certificate.

Yes, we will explain how to introduce the key changes and answer all your questions.

We will have access to the administration console settings. We recommend that the company we are auditing is our customer and that the instance has open reseller access. Then you can be sure that we are not privy to any sensitive data you store in Gmail, Drive and other services.

There is no need for your employees to be present at every stage. We will need your team only to grant access to the console, complete the form, and turn up at the workshop. We will take care of the rest ourselves.