Information security best practice is crucial to maintaining trust and confidence in the .au.
auDA accredited registrars must meet the security requirements in the auDA Registrar Agreement, which require them to achieve ISO 27001 certification or equivalent to maintain international best practice standards for information security.
The requirement for ISO 27001 or equivalent was introduced when the Registrar Agreement was updated in 2020-21. This replaces the previous auDA Information Security Standard (ISS) that was mandatory for auDA accredited registrars. Existing registrars have been supported to develop a progress plan to achieve ISO 27001 certification or equivalent.
New registrars are required to demonstrate that they are compliant with ISO 27001 or equivalent when they apply for auDA accreditation.
auDA achieved ISO 27001 certification in 2020.
Security obligations under Federal legislation
The .au Domain Name System (DNS) is recognised as a critical infrastructure asset under The Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (The SOCI Act). The SOCI Act contains security requirements for the .au supply chain that includes auDA, the .au registry operator and auDA accredited registrars. We have engaged with registrars on our shared security responsibilities under this new legislation.