SWITCH recently received confirmation of its successful recertification in accordance with ISO 27001. This comes as an acknowledgement that the organisation and domain registry’s continual efforts to maintain and improve the security and stability of .ch and .li are demonstrating the desired success.
SWITCH received its first ISO 27001 certification in 2014 for the information security management system (ISMS) used for the .ch and .li domain name registry, making it one of the first European registries with a certified ISMS. ISO 27001 is the internationally recognised standard for ISMS certification. The ISMS aims to protect information based on an analysis of business risks concerning confidentiality, integrity and availability, and to continually adapt security to changing requirements via its management system.
"The audit went well, in accordance with the auditor’s expectations and the ISO 27001 standard guidelines. The registry faces strict requirements due to being classified as critical infrastructure by OFCOM."Martin Leuthold, Head of Security & Network and security representative at SWITCH
The recertification audit took place at the beginning of September 2017. The full scope of the registry’s ISMS was assessed over three days. The requirements are strict, as the registry is classified as critical infrastructure. Its failure would have serious consequences for the Swiss people and economy – in the worst-case scenario, .ch domains would no longer be accessible. Winning the registry tender for .ch and .li obliged SWITCH to observe OFCOM’s strict information security requirements. The successful certification allows SWITCH to once again fulfil an important requirement.
SWITCH shares its expertise regarding its ISMS and certification with other registries to ensure that security within the whole domain name system improves continuously. The foundation also takes part in reciprocal audits with DENIC, nic.at and SIDN, actively sharing its good practice experience with these registries while also benefiting from their expertise.
Numerous Swiss universities are also concerned with ISMS. SWITCH supports them with reference to its experiences with the ISMS working group. This group is very active and is constantly gaining new members, as information security management is becoming ever more important for universities. In 2017, SWITCH hosted a total of three workshops and three working group meetings. The group is currently working together on university policy templates covering various topics, to ensure that individual universities don’t have to start from scratch. The goal is to create a best practice for Swiss universities through collective effort and on the basis of pooled experience.
Information security is one of SWITCH’s chief concerns, as well as a strategic business area, and the foundation supports it on multiple levels within a framework of national and international partnerships and networks.