Line 61: |
Line 61: |
| | | |
| ====Registry Agreement Audit Rights==== | | ====Registry Agreement Audit Rights==== |
− | The base [[Registry Agreement]], created in advance of the [[New gTLD Program| new gTLD round]], grants ICANN or its subcontractor the right to perform "contractual and operational compliance audits" after "reasonable advance notice" has been provided to the registry operator.<ref name="basera1">[https://newgtlds.icann.org/en/applicants/agb/agreement-approved-02jul13-en.pdf ICANN.org Archive - Base Registry Agreement], as approved July 2, 2013</ref> | + | The base [[Registry Agreement]] (RA), created in advance of the [[New gTLD Program| new gTLD round]], grants ICANN or its subcontractor the right to perform "contractual and operational compliance audits" after "reasonable advance notice" has been provided to the registry operator.<ref name="basera1">[https://newgtlds.icann.org/en/applicants/agb/agreement-approved-02jul13-en.pdf ICANN.org Archive - Base Registry Agreement], as approved July 2, 2013</ref> |
| + | |
| + | Prior to the creation of the base RA, audit provisions tended to be limited to financial records and technical reports. For example, Verisign's Registry Agreement to manage the [[.com]] domain contained no mention of compliance audits until its amendment in December 2012.<ref>[https://www.icann.org/en/registry-agreements/com/com-registry-agreement-1-12-2012-en ICANN.org - .com Registry Agreement], as amended December 1, 2012. Compare with [https://www.icann.org/en/registry-agreements/com/com-registry-agreement---1-march-2006-amended-22-september-2010-22-9-2010-en the .com Registry Agreement] as amended September 22, 2010</ref> |
| | | |
| ===Three-Year Audit Program=== | | ===Three-Year Audit Program=== |
− | In advance of the [[New gTLD Program]], Contractual Compliance launched a three-year audit of all ICANN-accredited registrars and TLDs launched before 2013.<ref name="3yr">[https://www.icann.org/resources/pages/compliance-past-audits-2015-12-04-en#three-year ICANN.org - Past Audit Programs: Three-Year Audit]]</ref> One-third of all active registries and registrars were audited over each of the three years. The audit excluded ccTLDs, [[.arpa]], [[.mil]], [[.gov]], and [[.edu]].<ref name="3yr" /> | + | In advance of the [[New gTLD Program]], Contractual Compliance launched a three-year audit of all ICANN-accredited registrars and TLDs launched before 2013.<ref name="3yr">[https://www.icann.org/resources/pages/compliance-past-audits-2015-12-04-en#three-year ICANN.org - Past Audit Programs: Three-Year Audit]]</ref> One-third of all active gTLD registries and registrars were audited over each of the three years. The audit excluded ccTLDs, [[.arpa]], [[.mil]], [[.gov]], and [[.edu]].<ref name="3yr" /> At [[ICANN 45]] in Toronto, Contractual Compliance presented on the specifics of the program and its process.<ref>[https://toronto45.icann.org/meetings/toronto2012/presentation-compliance-audit-17oct12-en.pdf ICANN 45 Archive - Compliance Audit Presentation Slides], October 17, 2012</ref> The registry audits resulted in "observation reports" to each participating registry. The audit results for registrars are summarized below: |
| + | |
| + | {| class="wikitable" |
| + | |- |
| + | ! Year |
| + | ! Breach Notices (Registrars) |
| + | ! Terminations (Registrars) |
| + | ! Report |
| + | |- |
| + | | 2012 |
| + | | 12 |
| + | | 3 |
| + | | [https://www.icann.org/en/system/files/files/registrar-registry-audit-2012-25jun13-en.pdf Year One Audit Report] (PDF) |
| + | |- |
| + | | 2013 |
| + | | 11 |
| + | | 3 |
| + | | [https://www.icann.org/en/system/files/files/registrar-registry-audit-2013-07jul14-en.pdf Year Two Audit Report] (PDF) |
| + | |- |
| + | | 2014 |
| + | | 10 |
| + | | 10 (including 5 self-terminations) |
| + | | [https://www.icann.org/en/system/files/files/contractual-compliance-audit-report-2014-13jul15-en.pdf Year Three Audit Report] (PDF) |
| + | |} |
| | | |
| ===DNS Security Threat Audits=== | | ===DNS Security Threat Audits=== |