F5 Distributed Cloud Services are SOC2 Type II Compliant
A SOC 2 Type II report is a Service Organization Control (SOC) report that focuses on the American Institute of Certified Public Accountants (AICPA) trust principles. It generally examines a service provider’s internal controls and systems related to security, availability, processing integrity, confidentiality, and privacy of data. These reports can play an important role in providing oversight of an organization, vendor management programs, and regulatory oversight. A Type II report covers both the suitability of an organization's controls and its operating effectiveness over a period of time.
At F5, the SOC 2 Type II report helps meet the needs of our customers who need detailed information and assurance about the controls at F5. It offers evidence to our customers that we are implementing the security controls that we say we do and that those controls are working as intended. Without eyes and ears across the cloud, it is difficult to assess how secure the information is in the hands of third-party vendors and a SOC 2 Type II report offers this peace of mind.
Of the five trust principles that an organization can choose to follow, SDC is certified for the security, availability, and confidentiality of the information processed by our systems.
Each trust principle lists control objectives which the organization decides how it wants to meet these control objectives. SOC 2 trust principles are modeled around:
F5 and its services prioritize the protection of personal data and uphold the highest standards of data privacy. The technical and organizational controls that protect personal data collected by F5 are listed in the specific service contracts (for example, the Service-Specific Terms applicable to services provided under our End User Services Agreement) and in F5's SOC2 Type II report. F5 Global Support is ISO 27001 certified and F5 Distributed Cloud Services are ISO 27001 certified with an extension of ISO 27017 and ISO 27018. F5 is also PCI-DSS Compliant as a Level 1 Service Provider for the F5 Distributed Cloud Services. Additional security certifications apply to specific F5 services and F5 hardware. Find more detailed information about data security practices at https://www.f5.com/company/policies/privacy-notice.