# Penetration Testing

* Snowdrop contracts for third parties to perform Penetration Testing on MRS on a regular basis.
* OWASP Top Ten vulnerability testing is performed regularly during our development and build process.
* Google adheres to various global and regional compliance regimes for its data centers.
  * ISO/IEC 27001
  * SOC 1
  * HIPAA
  * FedRamp
* Note: Regional compliance is also taken into account. Google adheres to a large number of country and bank specific standards: 

  <https://cloud.google.com/security/compliance/offerings#/regions=EMEA>&#x20;

  <https://cloud.google.com/security/compliance/>