Information security in registrar's operations

Registrars must ensure the information security of their operations by preparing against threats and addressing irregularities. The minimum requirements for information security are intended to protect both the registrars' operations and domain name holders' rights.

Registrars must pay attention to the different areas of information security in all phases of their operations: when planning, maintaining and terminating the operations. To make information security an everyday routine, registrars must create processes and practices.

Documented contingency plan

It is the registrar's duty to prepare detailed instructions for dealing with information security threats. The domain name registrar must ensure that

  • events that are relevant for information security will not go unnoticed
  • problems and irregularities identified in information security are addressed.

In order to develop and manage information security, registrars must have up-to-date documentation of their information security plans. The documentation also helps FICORA to verify, where appropriate, that registrars meet their obligations regarding information security. The documentation policy of information security issues depends on the scale of the company's operations.

Minimum requirements laid down for information security

Under section 3(1)(28) of the Information Society Code, information security means the administrative and technical measures taken to safeguard the confidentiality, integrity and availability of data. These measures ensure that

  • data and information systems can be used only by those who are entitled to use them
  • data can only be modified only by those who are entitled to do so.

FICORA's Domain Name Regulation (68/2014 M, chapter 4) describes the minimum requirements for information security management that all domain name registrars must meet in their operations. The purpose of the requirements is

  • to safeguard a basic level of information security in the registrars’ operations
  • to minimise the harmful impact of information security risks on the registrars’ operations and on fi-domain name holders.
View graphic [pdf, 401 KB] of registrars information security obligations

Key words: Information security , Internet , Domain names

Updated 11.10.2018

LinkedIn Print