Scribd Logo
Upload

Welcome to Scribd!

  • Akamai Iso

    Uploaded by

    proyectos multi
    8 views2 pages

    Original Title

    AKAMAI ISO

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views2 pages

    Akamai Iso

    Uploaded by

    proyectos multi

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Akamai is currently assessed annually against the controls in ISO 27002:2013, an

    internationally-recognized standard of controls and best practices within the framework of an


    Information Security Management System.

    Specifically, Akamai's Information Security Management System (ISMS) is based on the ISO
    27001/2 (formerly British Standard 17799) Code of Practice for Information Security
    Management. .

    What follows is a glimpse of how Akamai's procedures apply — and how the company helps
    customers address their own needs — around the standard.

    First, some background:

    • ISO (International Organization for Standardization) is an independent, non-


    governmental membership organization and the world's largest developer of voluntary
    International Standards. Many of Akamai's security procedures were developed around
    its provisions.
    • ISO 17799 was originally published in the early 1990s as the "DTI Code of Practice" by
    the Department of Trade & Industry in the UK. In 1995, it was further developed by BSI
    committee BDD/2 and published as BS 7799. ISO 27002 is the re-badge or rename of
    ISO 17799. The name change was part of a large restructure by ISO of their information
    security related standards. No major change in terms of content was included, given that
    there was a comprehensive revision of ISO 17799 in 2005.
    • Another comprehensive revision of ISO 27002 took place in 2013.
    • The latest version, ISO 27002:2013, contains 35 control objectives and 114 specific
    controls, organized into 15 sections.
    • Supporting text under each control objective contains advice on how to satisfy the
    objective, and mentions a number of best practice information security controls.
    Throughout the standard, the need for risk assessment is emphasized.
    • You can read more about ISO security standards
    at http://www.iso.org/iso/home/about.htm

    Akamai's ISO 27002 assessments affect the entire company, both corporate facilities and the
    production network of tens of thousands servers in approximately a thousand networks. We
    provide the Executive Summary of Akamai's ISO 27002 Assessment Report to customers as
    evidence that its security program is in place and functional. The ISO report listed a few "minor"
    observations, for which we have the following Responses to Observations in ISO 27002 Report.
    Some additional documents that may be of interest to customers follow:

    • Information Security Policy


    • Information Security Program
    • Anti-Virus Policy
    • Global Background Check Policy
    • Business Continuity and Disaster Recovery Overview
    • Production Network Access Policy

    We are often asked why we are not certified compliant with the ISO 27001 or other ISO
    standards.

    ISO 27002 (unlike it's sibling standard 27001) is an advisory standard, and therefore does not provide for
    certification. As the ISO 27002 controls are less in the yes/no category and more in the open-ended range,
    Akamai receives an assessment of our compliance under these controls.

    In general, Akamai's is committed to ensuring that our platform provides industry-leading safety and security
    for our customers and their data. We undergo compliance assessments to provide our customers with evidence
    that we exceed these industry-wide security standards, and not primarily to focus on individual controls from
    any particular standard. To that end, Akamai only pursues assessments and audits when they are:

    1. Legally mandated, as in Sarbanes-Oxley; or


    2. Both commercially valuable to our customers AND provide guidance and reports on compliance that
    can be used to improve Akamai's ability to protect its customers and itself, as we have found with ISO
    27002, PCI DSS, and SOC 2.

    As none of the ISO standards are legally required, and Akamai could conceivably receive assessment under a
    huge range of security standards, Akamai selected ISO 27002 from the 27000 family of standards for its
    breadth and depth, as well as its global recognition.

    As an organization interested in improving its security practice as well as its security framework, we appreciate
    the scrutiny from a third party assessor across policy and practice that the 27002 report provides.

    You might also like