30(a) Security Policy: Summary of the security policy for the proposed registry

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.FRLMetaregistrar B.V.metaregistrar.comView

Metaregistrarʹs Policy on Information Security ensures itʹs business continuity and minimizes the risk of damage by preventing security incidents and reducing their potential impact.

The Metaregistrar platform is designed and managed by a team of highly experienced engineers and is mostly based on the technology and experience from our sister company Mijndomein. The Mijndomein platform has an excellent track record for security and availability for the last 10 years, and is continiously improving their capabilities in this area.

The .frl gTLD does not require strict certification or industry compliance, however Metaregistrar and its subsidiaries are working hard to achieve ISO 27001 level within the next 2 years. An independent assessment report on security level and capabilities is planned within the next 8 to 12 months. As an additional service to its customers, Metaregistrar will allow high-profile clients to review the external assesment report or perform itʹs own security assessment if requested.

The policy uses the three main components to describe the measures: people, process and technology, a summary for each chapter is listed below:

People
· a description of roles and responsibilities concerning staff members and governance and resourcing of IT security
· a policy ensuring background checks, proper staff entry- and exit measures

Process
· a policy on regular internal and external audits, penetration testing and threat analyses
· a description of the business continuity management measures
· a description of the incident management process, ensuring a timely response, logging and analysis of incidents and 24⁄7 stand-by shifts
· a description of the change management process, ensuring proper approval, risk management and testing of changes

Technology
· a description of physical security measures taken to prevent unauthorised access and ensures business continuity
· a policy on logical access control and the access control list (ACL), the use of role based access control (RABC) and password policies
· a description of technical measures to ensure and monitor the availability of the platform and itʹs mission critical services, backup and restore procedures
· a policy on logging transactions and monitoring and detecting suspicious behaviour

Similar gTLD applications: (0)

gTLDFull Legal NameE-mail suffixzDetail