Skip to main content

Security and Compliance

Sunset Announcement

DoiT no longer offers Flexsave for Google Cloud. Please take a moment to review the Flexsave for Google Cloud Sunset FAQ that we have prepared to address the most common questions you might have.

What permissions does Flexsave require?

Flexsave for GCP requires different permissions at different stages:

  • Estimation:
    • recommender.usageCommitmentRecommendations.list
  • Activation:
    • billing.accounts.get
    • billing.resourceAssociations.create

See Set up your estimate and Activate Flexsave for GCP for more information.

The ability to link/unlink projects is the only area where DoiT has edit access (as opposed to view or get access). The DoiT Flexsave projects have no running resources.

What information does DoiT NOT have access to?

At no point during either stage will DoiT have access to sensitive customer information, including:

  • The entire GCP environment configuration
  • Personally Identifiable Information (PII)
  • IP addresses
  • Metadata
  • Network configs, resources, or peering information
  • Security parameters, groups or credentials

DoiT will also never be able to create or run new resources or edit any existing resources.

How long does DoiT's access last?

Access to the CUD recommendations only needs to last as long as it takes DoiT to generate and share the estimate with the customer. If you choose not to move forward, it can be disabled anytime.

Should you decide to become a customer, DoiT will have ongoing read-only access to the following for as long as you remain a user of Flexsave:

  • Your Cloud Billing account name
  • The BigQuery dataset that contains your Cloud Billing data

Please note that since the customer grants these permissions, the customer can disable these permissions by turning off Flexsave:

  1. Raise a support ticket with DoiT, asking to cancel.
  2. DoiT removes its Flexsave projects inventory from the organization.
  3. The customer deletes the DoiT Flexsave Role to remove DoiT service account's permissions.

Once the steps above are complete, the customer will no longer have access to the savings generated by Flexsave.


DoiT requires 30 days' notice to cancel the service and complete the steps above.

What security and compliance policies are Flexsave governed by?

DoiT operates on the highest level of industry security standards, and the following security and compliance certifications explicitly cover Flexsave:

ISO 27001
SOC 2 Type II

For a complete breakdown of compliance certifications and further information, please visit the DoiT compliance offerings page.