Domain governance · Digital trust

Your domain layer is a governance asset. This helps you talk about it.

A domain carries identity, communication and reputation. Most organisations only discover its governance layer when something fails. This is both a guide and an interactive self-assessment: read it to understand the baseline questions every organisation should be able to answer and the deeper maturity work above them - or work through it to create a reflection summary.

10 baseline questions 6 maturity themes No score · nothing sent anywhere

This is a reflection, not a score. Visible signals should not be over-interpreted, and internal answers are for you alone - nothing you enter leaves this browser tab. The goal is simply to make domain governance visible, discussable and improvable.

About this baseline · Version 1.0

A public baseline for explaining domain governance upwards

This baseline is intended for technology and risk leaders who need to turn domain ownership, DNS, email authority and public signals into a governance conversation with executive, board and service-leadership audiences.

What it is

A self-contained guide and reflection tool built from the essay Domain Governance as a Trust Surface by Bryan Chetcuti. It can be used individually, in a team discussion, or as the starting material for a facilitated Domain Governance Review.

Position

Most organisations do not govern the domain layer until something breaks. This baseline makes the questions visible before that moment.

Boundary

The output is a reflection summary or conversation brief, not an assurance report, compliance instrument, maturity score or rating.

Privacy

No backend, no analytics and no storage. Your answers remain in the browser tab and can be copied or printed if you choose.

How to use this in a governance conversation

Work through the baseline honestly, then use the reflection summary to identify which questions need ownership, evidence or escalation. The point is not to prove that the domain layer is good or bad. The point is to make it governable.

1 · Start with accountability

Use the internal questions to clarify who owns each domain, who has authority over it, and how changes or incidents are handled.

2 · Review public signals

Use the externally observable questions to consider how DNS, email authentication, RDAP and related signals present to outsiders.

3 · Move into maturity

Use the six maturity themes to decide what belongs in recurring governance: portfolio review, supplier assurance, change control, monitoring, public signal review and executive reporting.

This work is informed by public domain-layer signal observation, including .auDO, but the baseline is broader than .au. For facilitated use, work with Bryan Chetcuti on a Domain Governance Review.

Section 1

The baseline

Every organisation should be able to answer at least these ten questions. They are not advanced - they are the starting point. For each, mark where you honestly stand. Items marked externally observable form part of your public trust surface.

0 of 10 answered
Section 2 · The guide

Beyond the baseline - the maturity guide

The checklist is a starting point, not a full framework. There is room for deeper maturity work - and these six themes are that work, explained. Read each one as guidance, then consider where your organisation sits today. These conversations can only happen once the basics are visible. Each theme has a stable link you can cite and share.

0 of 6 considered
Your reflection

Reflection summary

Conversation priorities

Baseline questions you marked as partial, not in place, or not sure - ordered so the most open questions come first. Each is shown at three levels: board / exec / risk, technical, and public trust / service impact.

Your public trust surface

The externally observable items - the parts of your domain layer anyone can inspect from outside via DNS, RDAP, DMARC or certificate transparency.

What is already in place

Baseline items you can answer clearly today. Worth protecting - the maturity themes are how you keep them true.

Maturity themes

Where the deeper work sits, once the baseline is visible.

A missing signal does not mean an organisation is irresponsible, and a passing signal does not mean everything behind it is well managed. Observation is not judgement - but observation can improve governance conversations. Use this as a starting point to bring the domain layer into your broader digital governance.