Information security in registrar's operations
It is the registrar's duty to prepare detailed instructions for dealing with information security threats. The domain name registrar must ensure that
- events that are relevant for information security will not go unnoticed
- problems and irregularities identified in information security are addressed.
In order to develop and manage information security, registrars must have up-to-date documentation of their information security plans. The documentation also helps FICORA to verify, where appropriate, that registrars meet their obligations regarding information security. The documentation policy of information security issues depends on the scale of the company's operations.
Under section 3(1)(28) of the Information Society Code, information security means the administrative and technical measures taken to safeguard the confidentiality, integrity and availability of data. These measures ensure that
- data and information systems can be used only by those who are entitled to use them
- data can only be modified only by those who are entitled to do so.
FICORA's Domain Name Regulation (68/2014 M, chapter 4) describes the minimum requirements for information security management that all domain name registrars must meet in their operations. The purpose of the requirements is
- to safeguard a basic level of information security in the registrars’ operations
- to minimise the harmful impact of information security risks on the registrars’ operations and on fi-domain name holders.