TÜV Nord attests well-constructed systematic approach and practical implementation at a high level for DENIC's ISMS
Actually, DENIC had counted on the result as a matter of course. Since as an operator of critical infrastructure (KRITIS) in Germany, information security has great priority for us. Nevertheless, it certainly makes us proud that we have once again passed the ISO/IEC 27001 Information Security Management System (ISMS) re-certification audits with flying colours.
The ISMS is reviewed every year and subjected to a comprehensive re-certification audit every three years. It is one of the components that form DENIC's basis for the provision of evidence in the KRITIS context. In addition to the implementation of numerous regulatory requirements (German IT Security Act), this also includes a Business Continuity Management System (BCMS) standardised in accordance with ISO 22301, which is also regularly reviewed by independent auditors and was last re-certified in September 2022. The two management systems ISMS and BCMS are applied to all of DENIC's business processes and thus also include the core processes relating to registry and DNS operations. They render a decisive contribution to the secure and reliable provision of these so-called "critical services under the KRITIS Regulation".
The auditors of TÜV Nord rated DENIC's Information Security Management System (ISMS) as excellent again in the third re-certification cycle. With the systematic holistic approach of ISMS and BCMS, DENIC has chosen an efficient and effective high-scale solution to comply with normative requirements in the praxis. With best practices such as the separate communication channels for emergencies we have in place independent of DENIC's own infrastructure, we could score additional points. Security is and remains a central concern of DENIC, as we have proven again with this great audit result.
Interested members can download the new ISO/IEC 27001 certificate from our website.
