First Security, Stability, and Resiliency Review

From ICANNWiki
Jump to navigation Jump to search

The First Security, Stability, and Resiliency Review (SSR1) was initiated in 2010 and completed in 2012, with implementation of review recommendations continuing through 2015.[1]


The Affirmation of Commitments, an agreement between ICANN and the United States Department of Commerce, establishes ICANN's obligations to perform its duties with specific commitments in mind. All of the commitments bear on public and consumer trust of the organization. ICANN is to perform its functions in a manner that:

  • ensures accountability and transparency of decision-making;
  • preserves the security, stability, and resiliency of the DNS;
  • promotes competition, consumer trust, and consumer choice; and
  • enables access to registration data.

ICANN is also charged to periodically review and assess its performance through the lens of each of the above commitments.[2]

ICANN's board enshrined these commitments (and the associated reviews) in its Bylaws in Article 1 (Mission, Commitments, and Core Values)[3] and in Article 4 (Accountability and Review).[4] Article 4.6 deals with "Specific Reviews," each of which are tied to one of the commitments in the Affirmation of Commitments.[5]

The Organizational Effectiveness Committee of the board oversees the conduct of specific reviews.[6] The SSR is one such review. The Bylaws contain specific requirements for the composition of the SSR review team, including a requirement that "independent experts" be appointed to the team.[5]

Review Scope and Planning

Applications for volunteers began in June 2010.[1] in addition, the review planning team solicited applications from independent experts to serve on the review team.[7] The review team was appointed in September of 2010.[1]

The team held its first in-person meetings at ICANN 39 in Colombia and used those meetings to draft its Terms of Reference (ToR).[8] The team held a day-long public session at ICANN 40 to refine the Terms of Reference and receive comments and suggestions from the community.[9] The final version of the Terms of Reference was submitted to the board in June 2011.[1] The ToR highlighted three central issue areas for investigation and review:

  1. The scope of ICANN's SSR responsibilities;
  2. Effectiveness and implementation of ICANN's SSR plan; and
  3. Risk landscape and contingency plan.[10]

Within each of the issue areas, multiple topics were identified for the review team to examine as part of its fact finding.[11] The ToR formed the basis for dividing into three subteams, based around the topic areas.[12]

Findings and Draft Report

The review team published its draft report for public comment in March 2012.[1] The draft report listed twenty-eight recommendations based on the team's findings.[13]. A common theme was improving clarity of mission and messaging around each of the main topic areas.

ICANN staff also prepared and published a mission statement document for public comment in response to recommendations #1 and #3.[14] The statement was intended to refine and spell out ICANN's obligations and commitments to the stability, security, and resilience of the Internet's unique identifier systems. Public comment was substantial and largely positive toward the effort to clarify and synthesize ICANN's mission.[15]

Final Report and Implementation

The final report was submitted to the ICANN board and published for public comment in June 2012. Public comments on the final report were minimal: only ALAC, RySG, and Andrew Sullivan on behalf of Dynamic Network Services posted comments. These were largely congratulatory, with some issues raised regarding the clarity and purpose of some specific recommendations, and the need for close and nuanced reading of the report itself.[16]

The board acknowledged receipt of the report in September 2012, and instructed staff to present feasibility assessments and propose an implementation plan on the recommendations.[17] In October 2012, the board took action on the recommendations, noting that ICANN staff had proposed implementation of all of the recommendations, finding them all feasible. The board approved the report and the implementation of all of its recommendations.[18]

The final implementation update report was published in June 2015.[19] As of December 2015, the SSR1 implementation has been deemed complete.[1]