Skip to main content

Security and compliance

What security and compliance policies are Flexsave governed by?

DoiT operates on the highest level of industry security standards, and Flexsave specifically is covered by the following security and compliance certifications:

  • ISO27001
  • SOC 2 Type II
  • SOC 3
  • GDPR

For a complete breakdown of compliance certifications and further information, please visit

What permissions are required for Flexsave to work?

Flexsave for GCP requires different permissions at different stages:

  • Estimation:
    • recommender.usageCommitmentRecommendations.list
  • Activation:
    • billing.accounts.get
    • billing.resourceAssociations.create

See Set up your estimate and Activate Flexsave for GCP for more information.

The ability to link/unlink projects is the only area where DoiT has edit access (as opposed to view or get access). The DoiT Flexsave projects have no running resources.

What information does DoiT NOT have access to?

At no point during either stage will DoiT have access to sensitive customer information, including:

  • The entire GCP environment configuration
  • Personally Identifiable Information (PII)
  • IP addresses
  • Metadata
  • Network configs, resources, or peering information
  • Security parameters, groups or credentials

DoiT will also never have the ability to create or run new resources, or edit any existing resources.

How long does DoiT's access last?

Access for the CUD recommendations need only last as long as it takes DoiT to generate and share the estimate with the customer. If you choose not to move forward, it can be disabled at any time.

Should you decide to become a customer, DoiT will have ongoing read-only access to the following for as long as you remain a user of Flexsave:

  • Your Cloud Billing account name
  • The BigQuery dataset that contains your Cloud Billing data

Note that these permissions are granted by the customer. The customer can disable these permissions by turning off Flexsave following the steps below:

  1. Raise a support ticket with DoiT asking to cancel.
  2. DoiT removes its Flexsave projects inventory from the organization.
  3. Customer deletes the DoiT Flexsave Role to removes DoiT service account's permissions.

Once the above steps are taken, the customer will no longer have access to the savings generated by Flexsave. Note that DoiT requires 30 days notice to cancel the service and complete the above steps.