DENIC eG as an operator of a critical infrastructure in Germany has been certified according to the international standards for an Information Security Management System (ISMS) – ISO/IEC 27001 and for a Business Continuity Management System (BCMS) – ISO/IEC 22301.
The certification demands a high degree of continuous development and improvement regarding the requirements to be met in terms of implementation. DENIC has established a multistage system of internal and external audits for this purpose.
A re-certification audit is performed every three years to check whether the conditions for a renewal of the certification are fulfilled. In September. the re-certification audit for the Business Continuity Management System (BCMS) – ISO/IEC 22301 was carried out and has now been completed successfully upon receipt of the audit report without any deviations. The corresponding certificate was issued for DENIC and is valid for another three years. In 2023, the re-certification of the Information Security Management System (ISMS) according to ISO/IEC 27001 is due.
Interesting Facts about DENIC's Multistage Auditing Procedure
Internal audits in cooperation with the registries nic.at, SIDN and SWITCH
The Chief Information Security Officers (CISOs) of the registries DENIC (Germany), nic.at (Austria), SWITCH (Switzerland) and SIDN (The Netherlands) meet four times a year to discuss current security topics and to conduct an internal audit in accordance with the international standard for Information Security Management Systems (ISMS) during each of the 2-day meetings.
The quad applies a cooperative approach to mutually check the degree to which the requirements pursuant to ISO 27001 are met by each of the registries. The special benefit for all the four parties involved: a comprehensive exchange of experiences and mutual recommendations for a continuous improvement of the security level. To achieve this aim, they are working jointly on reviewing the degree to which the requirements of the individual chapters of the standard are implemented and intend to perform such review in cycles of three years for all chapters of the standard.
In 2015, the cooperation project even was granted the CENTR Award in the "Security" category. Seven years later, all the parties involved are still gaining considerable added value from the undertaking for the further advancement of their information security management systems.
Annual External Surveillance Audits
Additionally, DENIC undergoes a so-called surveillance audit each year. External auditors check the two management systems on potential deviations and point out potentials for improvement.