Registry has developed an information security policy to protect its informational assets against all internal, external, accidental and deliberate threats in the form of policies, operational documents, work instructions and training documents. We are systematically introducing measures for maintaining and improving information security into all our processes, whereby we are following an ISO/IEC 27001:2013 requirements.
- We are acting according to Registry’s mission, vision, values and strategic goals.
- We are meeting legal, regulatory and contractual obligations.
- We are preserving confidentiality, integrity and availability of information by addressing threats to and vulnerabilities of our business processes and IT operations with the methods of (1) risk management, (2) change management, (3) capacity management, (4) business continuity management, (5) vulnerability management, (6) incident management and (7) asset management.
- We have an established information security training programme for our employees to improve security awareness.
- We do a regular (1) risk analysis of critical processes, (2) Information Security Management System (ISMS) compliance checking and (3) ISMS performance evaluation using a structured methodology.
- We assign responsibility and ownership for particular information resources to individuals who have skills, tools and authority to keep them secure.
Security Policy applies to information and data, organizational and technical processes, network connections and sessions, system components (HW & SW), locations and employees.
Establishing and implementing the information security management system has been a joint effort of all of the Registry.si employees and SIDN. SIDN is a Dutch national domain registry that was awarded the ISO/IEC 27001:2013 certification and they have been maintaining it ever since. The close collaboration and work with the SIDN enabled us to gain knowledge, expertise and experience in a specific field reserved only for national domain registries.