Browse > Home / Domain News / Germany Registry DENIC Attains ISO 27001 Certification - KwelX - Making money with Domain Names

Germany Registry DENIC Attains ISO 27001 Certification

DENIC, the .de registry operator has had its information and security management system (ISMS) certified in accordance with the provisions of the ISO/IEC 27001:2013 standard under a full-scope audit by the German certification body TÜV Nord.

The main focus of ISO 27001 is to establish, implement, maintain and continually improve an information security management system. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of an organisation.

Its importance was addressed in an article earlier this year that asked “how much does it cost to get?” by Jos van Schaik, a founding partner at CumulusTrust. In his article he said he likes to reply with a question: “how much does it cost when you don’t have it?”

“The answer to the first question is easy”, writes van Schaik, “but the answer to the second one is more complicated. As a financial I am interested in the business case. If the cost of not having an ISO 27001 certification is higher than the cost of getting and maintaining one, you can actually make a profitable investment by getting certified.”

The certification was attained on 10 October 2014 when DENIC had its information and security management system (ISMS) certified in accordance with the provisions of the ISO/IEC 27001:2013 standard under a full-scope audit by the German certification body TÜV Nord. Covered by the audit were all the tasks, infrastructures and processes that are required to provide DENIC’s services of domain registration, name resolution and lookup services as well as its infrastructure services for operators of other name spaces.

“At DENIC, information security has always been of paramount importance and an integral part of all business processes. The certification according to the internationally recognized ISO/IEC 27001:2013 standard underscores the high-level implementation of our ISMS, which the auditors said to stand out by a large number of ‘good practices’,” says DENIC CEO Dr. Jörg Schweiger.

“The regular follow-up monitoring audits will assure ourselves, the members of our Cooperative and the Internet community that our business processes and our information security will consistently meet the high requirements of the ISO standard,” adds Chief Information Security Officer Boban Krsic, who has established the Information Security Management System at DENIC and brought it to certification readiness, together with his team.

The audit was successfully completed on 10 October 2014. Next to a systematic holistic approach for controlling security-related processes across the organization, TÜV Nord attests DENIC full transparency and traceability of its processes as well as an information security risk management that is in compliance with the requirements of the ISO/IEC 27001:2013 standard.