We believe that information security is a fundamental building block of our business. To help us handle information security in a structured manner, both in our technical operations and business processes, we choose to follow the ISO 27001 security standard. Our certificate number is IS 599234 and was issued by BSI.
About our ISO27001 certification
The ISO/IEC 27001 standard specifies the requirements to establish, implement, maintain and continually improve an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.
As part of the certification process, we implemented an Information Security Management System (ISMS), based on the ISO27001:2013 standard. The objective of the ISMS is to protect the confidentiality, integrity and availability of the information we receive, process and store in the EURid environment. The ISMS follows a risk-based approach to ensure that we can:
- Identify information security risks through an appropriate risk assessment process;
- Select controls (policies, standards, procedures and technical measures) to reduce the identified risks to an acceptable level;
- Regularly audit, review and maintain the controls and keep them up to date to cope with emerging threats and risks. We evaluate information security risks taking into account the confidentiality, integrity and availability requirements of EURid's information assets.
In 2015, EURid's certification was updated to the 2013 standard after a successful intermediate transition audit. As foreseen by the standard, EURid will be audited yearly and will be re-certified every three years; our next recertification audit will happen in 2016.
For more information on the ISO standards and ISO27001 specifically, see http://www.iso.org.
Our Business Continuity and Contingency Management program, which we started in 2006 as one of the first European registries, was integrated with the ISO27001 programme. The unique experience and expertise we gathered over the years in this field will further be expanded with information security related topics.