ISO/IEC 27001:2022
Full ISMS scope covering the registry, corporate systems and third-party integrations.
Least privilege
Role-based access. Just-in-time elevation with named approver.
Incident response
24/7 on-call. Public post-mortems within 20 working days of resolution.
Auditor access
External auditors receive read-only access to the audit log; annual attestation published.
Disclosure programme
Security researchers can report vulnerabilities via the coordinated disclosure programme. All confirmed reports are acknowledged publicly and, where warranted, credited.
