We believe that information security is a fundamental building block of our business.
In order to provide secure, high-quality services to our customers, both in our technical operations and business processes, EURid has implemented several abuse prevention services and follows the ISO 27001 security standard.
How we fight abuse
We have enforced key security protocols such as DNSSEC. This helps to reduce the chance that visitors are led to fake websites and tricked into supplying personal information if they enter a protected web address into their browser.
Lock Services provide added protection to those domain names for which it is enabled. This service can be used to provide a greater level of safety for domain names, and is intended to reduce the potential for unintended changes, deletions or transfers.
We developed DNSQuality Score, through which registrants can check the quality level of their DNS for improved and more secure domain name performance.
We also combat malicious registrations by actively screening newly-registered domain names (APEWS) and work closely with law enforcement authorities (EUIPO, CAC, WIPO Center) to fight cybercrime
In the context of personal data protection, our policies and procedures continue to align with the General Data Protection Regulation, which was introduced on 25 May 2018.
About our ISO27001 certification
The ISO/IEC 27001 standard specifies the requirements to establish, implement, maintain and continually improve an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.
As part of the certification process, we implemented an Information Security Management System (ISMS), based on the ISO27001:2013 standard. The objective of the ISMS is to protect the confidentiality, integrity and availability of the information we receive, process and store in the EURid environment. The ISMS follows a risk-based approach to ensure that we can achieve the following standards:
- Identify information security risks through an appropriate risk assessment process;
- Select controls (policies, standards, procedures and technical measures) to reduce any identified risks to an acceptable level;
- Regularly audit, review and maintain the controls, and keep them up-to-date to cope with emerging threats and risks. We evaluate information security risks by taking into account the confidentiality, integrity and availability requirements of EURid's information assets.
For more information on the ISO standards and ISO27001 specifically, see http://www.iso.org.
Our certificate number is IS 599234 and was issued by BSI.