NicAT ISO Certificate DomainPulse 2014

NIC.AT Gets ISO Certification. But What Is It And What Does It Mean?

NicAT ISO Certificate DomainPulse 2014It took one year of monitoring and optimising business processes, but has now officially received the ISO 27001 certificate.

Auditors of the certification body CIS confirmed the application and further development of an effective Information Security Management System complying with ISO 27001:2013. Additionally, the subsidiary IPCom and the sister company TLD-Box were certified.

“We at are constantly aware of our responsibility regarding .at and the other ccTLDs and gTLDs we are operating,” says Christian Proschinger, Chief Information Security Officer at “Going through the certification process allowed us to question and thus optimise our information security management system. We are very happy to have taken this step successfully and we will keep improving in the future.”

But what is ISO 27001? Its main focus is to establish, implement, maintain and continually improve an information security management system. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of an organisation.

Its importance was also addressed in a recent article. “How much does it cost to get it?” is a question Jos van Schaik, a founding partner at CumulusTrust, is often asked. In his article he says he likes to reply with a question: “how much does it cost when you don’t have it?”

“The answer to the first question is easy”, writes van Schaik, “but the answer to the second one is more complicated. As a financial I am interested in the business case. If the cost of not having an ISO 27001 certification is higher than the cost of getting and maintaining one, you can actually make a profitable investment by getting certified.”

Van Schaik looks at a few of the cost components of not having the ISO 27001 certificate – opportunity cost; lost customers (churn); trust and transparency: lost opportunity for a competitive advantage; risk of data loss, breach of privacy or confidentiality and outages and finally the business case. In conclusion after looking at the cost components Van Schaik writes “can you afford the cost of NOT having an ISO 27001 certification?”

The full article by Jos van Schaik, founding partner at CumulusTrust, is available on the CumulusTrust website at