The purpose of a domain name policy is to give guidance and support to the various stakeholders within a business for the management of the organisations’ domain name portfolio. A domain name policy should be the definitive reference source for how a business and its people should approach the registration and renewal of domain names, how the domain names within the portfolio should be categorised, factoring in best practice security protocols, and outline who should own the key processes in the management of a business’ critical digital assets.
Domain names should be considered as important as other non-tangible assets such as Trademarks, Copyrights and Patents. They represent the business’ vision, values, objectives, and brand messages online. They enable brands to operate in any geographical market without the need for any physical presence and be present 24 x 7.
A strong domain name policy should improve a brand’s digital footprint within its target domestic and global markets, strengthen its security posture, create strong processes for BAU domain name activity (such as DNS update, registration, and renewal rules) as well as critical events such as how to manage domain names in merger & acquisitions events.
Strengthening a Business Continuity Plan – People and Security
The creation of a centralized domain name policy ensures that all stakeholders within a business, whether they be IT, Security, Marketing, Search or Legal, understand:
- What critical domain names are in a portfolio and how they are managed;
- What business domain names are in the portfolio and how they are managed;
- What brand protection domains and redirect domains are in the portfolio and how they should be managed.
This policy should cover who has responsibility for the domain names and what each user’s role is within the portfolio management process. It should clearly state the domain name security protocols for each classification of the domain name category. For example, a critical domain name could incorporate the following principles:
- Two-factor authentication enabled for any domain name changes (DNS, transfer etc)
- Registrar Transfer Lock enabled;
- Registry Lock enabled;
- Enterprise DNS for a critical domain name with failover, DNS redundancy, and weight load balancing;
- Domain name monitoring to track identical or 3rd party registrations;
- DNS monitoring and alerts when critical domain names records are changed;
- Approval workflows built in a user portal for any domain name updates
The Domain Name Management Team (DNMT)
The creation of a core team, the DNMT, that has overall responsibility for the management and administration of a brand’s domain name portfolio is critical for best practice both in terms of ensuring that their intellectual property is protected but also sufficient enough to take advantages of the current growth in the breadth of the domain name world.
it is important to define who the departments and external stakeholders are, and their interest is in the management of the brand’s domain name portfolio and will form the DNMT. For example:
- Legal – Due diligence to ensure domain names don’t infringe on another party’s IP, address domain name disputes and create a process around the transfer of M&A domain names.
- Information Technology – DNS management, SSL management and the technical transfer of domain names
- Digital Marketing – Registration and renewal management of domain names (budget owner).
- Security – User controls, security reviews of domain names, and business owner of the maintenance of the business’ domain name policy.
The DNMT is responsible for the development of the domain registration policy to ensure that it reflects the needs of the business today and in the future. The only persons that should alter this policy are the DNMT and should be reviewed every 6-12 months, anyone wishing to make changes or additions to this policy should request such changes to the DNMT. Communication protocols should be established in order to keep the business informed of any updates to the domain name policy and periodic meetings (every 6 – 12 months) to ensure that the policy is meeting the business’ current and future needs.
The central management of a brand’s domain name portfolio is critical for the long-term health of the digital assets of the organisation. Not only will the policy create an initial snapshot, identifying where the gaps are in the portfolio and remedial action to take but it will also define how future registrations should be handled and define processes to mitigate risks and defend against threats to the business-critical domains.
brandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.