Information on GCP compliance requirements is here:
Much of it is about broader issues around server reliability, encryption etc mostly things that ODK could be demonstrated to achieved.
Specifically I think my proposal here aim to address the two main points with which ODK is not currently able to demonstrate compliance:
IT08.04 bp Available audit trail: The audit trail for any particular data item is visible and readable from the user interface for authorised users
IT08.05 bp Searchable audit trail: The audit trail is searchable and capable of
producing audit trail reports
Two other points which I think there are different approaches too but which are related are:
IT13.01 Requests for Amendment: Any requests must be in writing and retained,
and must include the justification for the change
IT13.02 Recording Amendments: Any changes made must be logged and the details noted
These two points could also be addressed by the user submitting a specific error report form - we have done this for projects - because this point is about requesting a change AFTER data submitted to the central server)