Professional Documents
Culture Documents
Specifically, Akamai's Information Security Management System (ISMS) is based on the ISO
27001/2 (formerly British Standard 17799) Code of Practice for Information Security
Management. .
What follows is a glimpse of how Akamai's procedures apply — and how the company helps
customers address their own needs — around the standard.
Akamai's ISO 27002 assessments affect the entire company, both corporate facilities and the
production network of tens of thousands servers in approximately a thousand networks. We
provide the Executive Summary of Akamai's ISO 27002 Assessment Report to customers as
evidence that its security program is in place and functional. The ISO report listed a few "minor"
observations, for which we have the following Responses to Observations in ISO 27002 Report.
Some additional documents that may be of interest to customers follow:
We are often asked why we are not certified compliant with the ISO 27001 or other ISO
standards.
ISO 27002 (unlike it's sibling standard 27001) is an advisory standard, and therefore does not provide for
certification. As the ISO 27002 controls are less in the yes/no category and more in the open-ended range,
Akamai receives an assessment of our compliance under these controls.
In general, Akamai's is committed to ensuring that our platform provides industry-leading safety and security
for our customers and their data. We undergo compliance assessments to provide our customers with evidence
that we exceed these industry-wide security standards, and not primarily to focus on individual controls from
any particular standard. To that end, Akamai only pursues assessments and audits when they are:
As none of the ISO standards are legally required, and Akamai could conceivably receive assessment under a
huge range of security standards, Akamai selected ISO 27002 from the 27000 family of standards for its
breadth and depth, as well as its global recognition.
As an organization interested in improving its security practice as well as its security framework, we appreciate
the scrutiny from a third party assessor across policy and practice that the 27002 report provides.