Contractual Compliance: Difference between revisions

Line 23:

The Audit Program is a continuous, ongoing activity that follows a recurring cycle.<ref>[https://www.icann.org/resources/pages/audits-2012-02-25-en ICANN.org - Contractual Compliance Audit Program]</ref> Each audit round consists of six phases:<ref name="phases">[https://www.icann.org/en/system/files/files/audit-phases-timeline-01aug17-en.pdf Audit Phases, ICANN]</ref><br/>

# Planning Phase: ICANN plans the audit scope and timeline.

# Request for Information Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request.

# Request for Information (RFI) Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request.

# Audit Phase: ICANN reviews, tests, and validates the responses to ensure compliance with the contractual obligations.

# Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity.

# Remediation Phase: ICANN collaborates with the auditees to remediate issues.

# Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report.<ref name="phases" />

===2009 RAA Audit Rights===

ICANN's right to audit registrars for compliance with contract provisions was added to the [[Registrar Accreditation Agreement]] in 2009 during the amendment process for the RAA.<ref>[https://archive.icann.org/en/topics/raa/ ICANN.org Archive - Consultation on RAA Amendments], 2009</ref> The amendments permitted ICANN to audit registrars for compliance with the following contract requirements:

* maintenance of a functioning WHOIS lookup service;

* collection, verification, review, and retention of valid registrant data;

* inclusion of mandatory provisions and policies in the registrar's registrant agreement;

* inclusion of mandatory provisions and policies in the registrar's reseller agreements, as well as RAA-mandated handling of any registrant data submitted via a proxy or privacy service;

* compliance with all consensus and temporary policies in existence (at the time, the UDPR, Expired Domain Deletion Policy, and WHOIS Data Reminder Policy);

* published link to ICANN's registrant educational information;

* proof of completion of a required training course by the registrar's primary contact or designee; and

* maintenance of valid contact information on the registrar's website and within RADAR.<ref>[https://www.icann.org/en/system/files/files/audit-plan-2009-raa-25may16-en.pdf ICANN.org - Contractual Compliance 2009 RAA Audit Plan] (PDF)</ref>

===2013 Expansion of Audit Rights===

===DNS Security Threat Audits===

@@ Line 23: / Line 23: @@
 The Audit Program is a continuous, ongoing activity that follows a recurring cycle.<ref>[https://www.icann.org/resources/pages/audits-2012-02-25-en ICANN.org - Contractual Compliance Audit Program]</ref> Each audit round consists of six phases:<ref name="phases">[https://www.icann.org/en/system/files/files/audit-phases-timeline-01aug17-en.pdf Audit Phases, ICANN]</ref><br/>
 # Planning Phase: ICANN plans the audit scope and timeline.
-# Request for Information Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request.
+# Request for Information (RFI) Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request.
 # Audit Phase: ICANN reviews, tests, and validates the responses to ensure compliance with the contractual obligations.
 # Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity.
 # Remediation Phase: ICANN collaborates with the auditees to remediate issues.
 # Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report.<ref name="phases" />
+===2009 RAA Audit Rights===
+ICANN's right to audit registrars for compliance with contract provisions was added to the [[Registrar Accreditation Agreement]] in 2009 during the amendment process for the RAA.<ref>[https://archive.icann.org/en/topics/raa/ ICANN.org Archive - Consultation on RAA Amendments], 2009</ref> The amendments permitted ICANN to audit registrars for compliance with the following contract requirements:
+* maintenance of a functioning WHOIS lookup service;
+* collection, verification, review, and retention of valid registrant data;
+* inclusion of mandatory provisions and policies in the registrar's registrant agreement;
+* inclusion of mandatory provisions and policies in the registrar's reseller agreements, as well as RAA-mandated handling of any registrant data submitted via a proxy or privacy service;
+* compliance with all consensus and temporary policies in existence (at the time, the UDPR, Expired Domain Deletion Policy, and WHOIS Data Reminder Policy);
+* published link to ICANN's registrant educational information;
+* proof of completion of a required training course by the registrar's primary contact or designee; and
+* maintenance of valid contact information on the registrar's website and within RADAR.<ref>[https://www.icann.org/en/system/files/files/audit-plan-2009-raa-25may16-en.pdf ICANN.org - Contractual Compliance 2009 RAA Audit Plan] (PDF)</ref>
+===2013 Expansion of Audit Rights===
 ===DNS Security Threat Audits===