DNS.Business’s successful ISO/IEC 27001:2013 audit demonstrates our commitment to security, data privacy and stability.
Cyber-security threats are an ever-escalating risk in the 21st century. Recent local security breaches make it extremely clear that South Africa is no less at risk than larger, more sophisticated economies (e.g. Transunion, SA Government Departments and other data breaches).
DNS.Business’s central role in the South African and international domain name industry means that implementing solid data security protocols, protection against cyber-attacks, unauthorised access, and data breaches are critical.
Recognising this, the entire DNS.Business team has applied itself to integrating sound data privacy and security practices into all aspects of the business, from Finance and HR to software development and infrastructure operations.
ISO, POPIA and GDPR
This organisation-wide, committed and sustained focus resulted in DNS.Business achieving a second unqualified audit of its ISO/IEC 27001:2013 implementation in February 2022. The re-certification was awarded after DNS not only maintained the well-designed ISMS (Information Security Management System) presented during our first audit a year ago but also implemented several improvements.
The ISO/IEC 27001:2013 standard specifies a best-practice ISMS. In addition, it describes the specific controls and measures to be adopted to secure information and information management systems.
Complying with the standard supports compliance with a wide range of legal and contractual requirements for security and data privacy, including POPIA, GDPR, and the Mauritius Data Protection Act. This is particularly important given the number of reports of data privacy breaches in South Africa since the introduction of POPIA alone. According to IT Web, the Information Regulator indicated that 139 South African organisations reported they suffered a data breach between mid-2021 (when POPIA came into force) and December 2021.
Our proactive approach also means that any Registry or Registrar doing business with DNS.Business has the assurance that we are committed to supporting them in meeting their information security and data privacy obligations and taking cyber security seriously.
Integrating security best practices into DNS.Business
Although information security is considered everyone’s responsibility, DNS.Business also has a dedicated team tasked explicitly with keeping security issues top-of-mind.
One of the most time-consuming parts of an ISMS implementation project is developing the documentation that sets out how the ISMS works and the documentation explicitly required by the Standard. To help us tackle this daunting task DNS.Business engaged the services of an external consultant to guide the ISO Team on the requirements of the ISO standard.
Now that the framework is well-established, this team has turned its attention to embedding and maintaining solid security practices. The team provides regular staff awareness and training sessions; it reviews and manages documented policies, procedures and controls; and sets out responsibilities for information management and data collection as the needs of the business evolve.
This approach has helped to embed and sustain a culture of operational security. Having a dedicated team also helps mitigate the risk of a breach and offers specific guidance when required.
Visible proof
The ISO/IEC 27001:2013 certification and continued compliance are valuable and visible proof of DNS.Business’s commitment to meeting internationally accepted data and information security standards.
It is not only crucial that we protect confidential and sensitive information – but also that we are seen to be protecting it. DNS firmly believes that well-managed Information Security is a cornerstone of conducting business into the future.
But, achieving this certification is not simply a marketing exercise for DNS.Business. As well as ensuring we comply with international data protection and cyber security laws, the ability to prove that DNS.Business complies with the Standard gives our clients peace of mind that their data is safe.