Skip to main content
Close Menu
    Home
    • .au Domain names
      • .au domain names
      • Accredited registrars
      • Help, tools, resources
      • Policies and compliance
      • Complaints and disputes
    • .au members
      • Join .au
      • .au member benefits
      • .au member resources
    • Industry
      • Accredited registrars
      • Information for registrars
      • The .au registry
      • auDA Registrar Portal
    • News, events, insights
      • Statements
      • Events
      • Speeches
      • Reporting
      • Submissions
      • The .au Blog
    • Consultation
      • Public consultations
      • Policy Panels
    • About auDA
      • About .au Domain Administration
      • Governance
      • Strategies, values, policies
      • Our partners
      • Careers at auDA
      • Contact Us

    Information security standards

    Breadcrumb

    1. Home
    2. Industry
    3. Information for registrars
    4. Information security standards

    In this section

    • Registrars
    • Co-Marketing and Innovation Fund
      • Co-Marketing and Innovation Program - approved projects
    • Code of practice
    • Domain Name System Security Extensions (DNSSEC)
    • Information security standards
    • Registrar Accreditation

    Information security best practice is crucial to maintaining trust and confidence in the .au.  

    auDA accredited registrars must meet the security requirements in the auDA Registrar Agreement, which require them to achieve ISO 27001 certification or equivalent to maintain international best practice standards for information security.   

    The requirement for ISO 27001 or equivalent was introduced when the Registrar Agreement was updated in 2020-21. This replaces the previous auDA Information Security Standard (ISS) that was mandatory for auDA accredited registrars. Existing registrars have been supported to develop a progress plan to achieve ISO 27001 certification or equivalent. 

    New registrars are required to demonstrate that they are compliant with ISO 27001 or equivalent when they apply for auDA accreditation. 

    auDA achieved ISO 27001 certification in 2020.  

    Security obligations under Federal legislation  

    The .au Domain Name System (DNS) is recognised as a critical infrastructure asset under The Security Legislation Amendment (Critical Infrastructure Protection) Act 2022  (The SOCI Act).  The SOCI Act contains security requirements for the .au supply chain that includes auDA, the .au registry operator and auDA accredited registrars. We have engaged with registrars on our shared security responsibilities under this new legislation. 

     

    • .au Domain names
      • .au domain names
      • Accredited registrars
      • Help, tools, resources
      • Policies and compliance
      • Complaints and disputes
    • .au members
      • Join .au
      • .au member benefits
      • .au member resources
    • Industry
      • Accredited registrars
      • Information for registrars
      • The .au registry
      • auDA Registrar Portal
    • News, events, insights
      • Statements
      • Events
      • Speeches
      • Reporting
      • Submissions
      • The .au Blog
    • Consultation
      • Public consultations
      • Policy Panels
    • About auDA
      • About .au Domain Administration
      • Governance
      • Strategies, values, policies
      • Our partners
      • Careers at auDA
      • Contact Us

    © 2021 .au Domain Administration Ltd    |   Privacy Policy  |  Website terms and conditions

    Twitter
    Image
    Twitter
    LinkedIn
    Image
    Linkedin
    Facebook
    Image
    Facebook