Tag: ISO 27001 certification

Nameshield renews its ISO 27001 certification on all its registrar activity

Nameshield renews its ISO 27001 certification

First French registrar certified ISO 27001 since 2017, for its activities of domain names portfolio, DNS and TLS/SSL certificates management, Nameshield is proud to announce the renewal of its ISO 27001 certification in February 2023.

What is the ISO 27001 certification?

ISO 27001 is an international standard that describes the requirements for the implementation of an Information Security Management System, intended to select the security measures to be implemented in order to ensure the protection of a company’s sensitive assets on a defined perimeter. In Nameshield’s case, this covers the entire registrar activity.

At a higher level, the ISO 27001 standard requires that the managers of the company are involved in the cyber defense. In parallel, a steering committee follows the implementation of the new measures respecting the standard.

Why the ISO 27001 certification?

To be ISO 27001 certified is to guarantee to our clients and partners that the security of information systems is fully integrated in each of the services offered by Nameshield, that we are committed to a process of continuous improvement, requiring specific resources that we have chosen to deploy.

The ISO 27001 certification also confirms the competence of Nameshield’s employees and their expertise in protecting critical information.

What this ISO 27001 certification guarantees

The ISO 27001 certification, delivered by LRQA, the World Leader of the certification of value added Management systems, ensures:

  • The involvement of all Nameshield’s employees in the continuous improvement of our security arrangements;
  • An answer to our security goals and those of our clients through an annual analysis of the risks and their processing, according to the Ebios method;
  • The deployment of more secure products and services, with higher added values, that better meet our clients’ expectations;   
  • Our mobilization in case of incidents and our ability to always do better by analyzing the processing of each alert;
  • The continuity of our activities, whatever the threats, by ensuring our remote activities (backup site, telecommuting, redundant servers…).

The renewal of this ISO 27001 certification confirms Nameshield’s determination to offer the best services to its clients under conditions of optimal security.

Nameshield renews its ISO 27001 certification

ISO 27001 - Nameshield renews its ISO 27001 certification

Nameshield Group is an expert in domain names, DNS, TLS/SSL certificates management.

Through our experience gained from world-renowned customers with ever-increasing security requirements, we have also become technical experts in Information security. That is why we have implemented an Information Security Management System (ISMS).

In 2017, we obtained the ISO 27001 certification of this ISMS for our activities of domain names portfolio, DNS and TLS/SSL certificates management. Nameshield Group has thus become the sole French registrar ensuring such a level of security for its customers.

Since then, our employees involved in the ISMS continuously contribute to the constant improvement of our security arrangements.

An analysis of the risks and their processing, according to the Ebios method, answer to our security goals and those of our clients.

We permanently adapt to security, performance and sustainability needs. It results in the deployment of more secure products and services, with higher added values, that meet our clients’ expectations more and better.

We know how to mobilize ourselves in case of incidents and learn to always do better by analyzing the processing of each alert.

We have and control a business continuity plan. Therefore, we are able to carry out our activities remotely (backup site, telecommuting, redundant servers…), whatever the threats.

Information security is the DNA of Nameshield Group and all its employees.

Logically, our ISO 27001 certificate has been renewed for 3 years in last February without any non-compliance nor comments being notified.

This international recognition ensures you:

  • An availability rate (domain names management platform and DNS Premium)
  • Tests implementation allowing us to permanently review ourselves and anticipate incidents
  • The raising awareness of all Nameshield employees to all Information security aspects
  • The reliability and performance of our system
  • The study of our experience feedbacks to continuously improve our security and thus yours

The continuation of the Equifax case or how the controls implemented in the context of an ISMS (ISO 27001) can help to prevent security incidents?

Cybersecurity - The continuation of the Equifax case

October 3rd, 2017, Equifax’s ex CEO, Rick Smith, had to explain to the American Congress how the private data of almost one out of two Americans could be hacked.

Let us briefly recall the chronology of events (for more information, we invite you to read Adriana Lecerf’s complete article):

  • March 9th, 2017: An Apache Struts flaw is detected. Less than a week after, the security patch is validated and planned, but the latter is not applied on all the servers.
  • March 15th, 2017: a scan is carried out but no vulnerability is detected.
  • April 2017: Hackers take advantage of this breach (the security patch which was not applied on all the servers) and steal the precious data.
  • July 31th, 2017: The ex CEO is informed of the information theft.
  • September 8th, 2017: Official communication on the hacking.

How can the ISO 27001 certification and the establishment of an associated ISMS (Information Security Management System) help to prevent this kind of incident?

The ISO 27001 standard is the reference regarding validation and constant improvement of an ISMS. It relies on 114 control points which scan all the domains for the establishment of an ISMS, including the implementation of procedures and the platforms update processes.

That includes the implementation and regular control of the risks management process aiming to ensure the data security. The main purpose of this management system is to carry out the appropriate measures in order to reduce, even eliminate threats impact on users or customers.

The ISMS is a wheel of constant improvement and in the case of Equifax, the processes of control established and tracked with an ISMS could have eventually helped to prevent this kind of incident.

This case demonstrates again the obligation to rethink the security strategy within companies and to implement necessary protocols to ensure the discovery of possible security flaws and the corrective action to apply.

Nameshield certified ISO 27001

Nameshield: The first French registrar certified ISO 27001 on all its registrar activity

Nameshield's ISO 27001 certification

 

 

Nameshield is proud to announce its ISO 27001 certification on all its registrar activity, the product of many months of work.

Why the ISO 27001 certification?

Since its creation, 23 years ago, Nameshield has taken to heart to provide to its customers the best services under conditions of optimal security. By choosing the ISO 27001 standard, this constant care given to all our services is now certified by a competent authority.

The impressive rise of the occurrence and the force of the cybercriminal attacks has comforted the founder and CEO of Nameshield, Jean-Paul Béchu, in his determination to propose to all our users an ISO 27001 certification on all our registrar activity.

Today, it’s frequent that cybercriminals attack services providers in order to reach indirectly their final targets. And if our Security Officer of Information System monitored already the security of our infrastructure, the ISO 27001 reinforces the requirements.

If Nameshield has engaged in this process, the result of an important investment, human and financial, it’s because it’s essential for us to demonstrate and certify the dimension of our engagement in term of security.

To be certified ISO 27001 is to ensure our customers and partners that the security of the Information systems is completely integrated and that Nameshield is committed to a process of constant improvement requiring specific resources, which we have chosen to deploy.

The certification confirms the competence of Nameshield’s employees and their expertise in the protection of critical information.

 

What is the ISO 27001 certification?

ISO 27001 is an international standard which describes the requirements for the establishment of an Information security Management System. This one is intended to choose the security measures to set up in order to ensure the protection of sensitive goods of a company on a defined perimeter. In the case of Nameshield, it covers all of its registrar activity.

At a higher level, the ISO 27001 standard requires that the managers of the company are involved in the cyber defense. In parallel, a steering committee follows the implementation of the new arrangements respecting the standard.

An audit carried out by LRQA, the World Leader of the certification of value added Management systems, allows us to deploy our security measures and to become the first French registration office to be certified on the complete perimeter of its registrar activity.

Nameshield, your trusted partner.