ISO 27001, ISO 27017, ISO 27018

F5 Distributed Cloud Services are ISO 27001 Certified with an extension of ISO 27017 and ISO 27018 

Global Support is ISO 27001 certified only

ISO 27001 is an international standard to manage information security. It is the world's best-known standard for information security management systems (ISMS). The ISO 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system.

Conformity with ISO 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the organization, and that this system respects all the best practices and principles enshrined in this International Standard.

ISO 27001 promotes a holistic approach to information security by vetting people, policies, and technology. An information security management system implemented according to this standard ensures risk management, cyber-resilience, and operational excellence.

ISO 27001 is the only auditable international standard that defines the requirements of an ISMS that must be met. 

ISO 27001 is made up of 93 Controls broken into 4 domains:

  • Organizational
  • People
  • Physical
  • Technological        

ISO 27017 is a Code of Practice for Information Security Controls based on ISO 27001 for Cloud Services and is an information security framework for organizations using cloud services. Cloud service providers need to comply with this standard because it keeps their cloud service customers (and others) safer by providing a consistent and comprehensive approach to information security.

ISO 27017 includes 37 security controls based off the ISO 27002 guidelines.

ISO 27018 is a Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting is PII Processors. This standard outlines best practices for public cloud service providers (CSPs) on how to better protect personally identifiable information (PII) that it processes.

ISO 27018 includes 16 Controls based off 27002 as well as 25 new privacy and security controls.

FAQ


What specific security measures does F5 provide for personal data?

F5 and its services prioritize the protection of personal data and uphold the highest standards of data privacy.  The technical and organizational controls that protect personal data collected by F5 are listed in the specific service contracts (for example, the Service-Specific Terms applicable to services provided under our End User Services Agreement) and in F5's SOC2 Type II report. F5 Global Support is ISO 27001 certified and F5 Distributed Cloud Services are ISO 27001 certified with an extension of ISO 27017 and ISO 27018. F5 is also PCI-DSS Compliant as a Level 1 Service Provider for the F5 Distributed Cloud Services. Additional security certifications apply to specific F5 services and F5 hardware. Find more detailed information about data security practices at https://www.f5.com/company/policies/privacy-notice