We are both pleased and proud to announce that on the 14th December 2020, DNS.Business was notified that it qualified for ISO27001 certification. DNS.Business received this notification from Sancert, the ISO27001 auditor, that they were satisfied with the audit results and that they will submit the audit results for formal ISO27001 certification.
ISO27001 pertains to the establishment, implementation, maintenance and continuous improvement of information security management systems for the DNS.Business group of companies including Domain Name Services (Pty) Ltd and DNS Africa Ltd. This is particularly important for companies tasked with managing critical databases and systems of national interest such as the administration of country code and generic top level domain registries.
The DNS.Business ISO27001 project was started in 2019 with great progress during 2020 with first internal audit during September 2020 and second external certification audit on 14 December 2020.
Domain Name Services (Pty) Ltd operates the back-end infrastructure for .za on behalf of ZADNA, and co.za, org.za, net.za and web.za on behalf of the ZACR. With this comes the critical important responsibility of ensuring that all data collected, archived and published is maintained under the strictest security regime including adhering to both local and international regulations such as the Protection of Private Information Act (POPIA) of South Africa and the General Data Protection Regulations (GDPR) of the European Union. Not only does this pertain to all registry data but also to all systems involved in the handling of this registry data at rest, in processing and in transit.
Over the past year the Business Development Group (BUSDEV) ISO team, in collaboration with DevOps and other teams, has drafted the necessary policies and procedures to ensure that the ISO27001 Information Management System has been integrated within the overall management structure both at board and management levels. This was done to ensure that information security is considered at every aspect of the design of information systems and associated operational processes and controls. This, to a large extent, has been achieved using the JIRA Project Management Systems to manage the activities and the DNS.Business Confluence Documentation system as a repository for the resulting documents.
The ISO27001 process was largely driven by Elize Labuschagne with assistance from Thabelo Mulaudzi and Jerry Maleka who ensured that all the relevant areas necessary for the ISO27001 security aspects were identified resulting in all the policies and procedures to be drafted with input from the various DNS.Business teams.
Many thanks to the entire ISO team as well as all DNS.Business staff who contributed their time and expertise to make this very important certification a reality.