3,197
edits
Changes
→Auditing
# Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report.<ref name="phases" />
# Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report.<ref name="phases" />
===RAA Audit Rights===
===Audit Rights===
====2009 Amendment Process====
ICANN is authorized to audit registries and registrars based on contractual provisions within the the Registry Accreditation Agreement (RAA) and Registry Agreements (RA) with registry operators.
====2009 RAA Amendment Process====
ICANN's right to audit registrars for compliance with contract provisions was added to the [[Registrar Accreditation Agreement]] in 2009 during the amendment process for the RAA.<ref>[https://archive.icann.org/en/topics/raa/ ICANN.org Archive - Consultation on RAA Amendments], 2009</ref> The amendments permitted ICANN to audit registrars for compliance with the following contract requirements:
ICANN's right to audit registrars for compliance with contract provisions was added to the [[Registrar Accreditation Agreement]] in 2009 during the amendment process for the RAA.<ref>[https://archive.icann.org/en/topics/raa/ ICANN.org Archive - Consultation on RAA Amendments], 2009</ref> The amendments permitted ICANN to audit registrars for compliance with the following contract requirements:
* maintenance of a functioning WHOIS lookup service;
* maintenance of a functioning WHOIS lookup service;
* Requirements regarding DNS abuse and security threat reporting.<ref>[https://www.icann.org/en/system/files/files/audit-plan-2013-raa-31mar16-en.pdf ICANN.org - 2013 RAA Audit Plan Scope] (PDF)</ref>
* Requirements regarding DNS abuse and security threat reporting.<ref>[https://www.icann.org/en/system/files/files/audit-plan-2013-raa-31mar16-en.pdf ICANN.org - 2013 RAA Audit Plan Scope] (PDF)</ref>
===Registry Agreement Audit Rights===
====Registry Agreement Audit Rights====
The base [[Registry Agreement]], created in advance of the [[New gTLD Program| new gTLD round]], grants ICANN or its subcontractor the right to perform "contractual and operational compliance audits" after "reasonable advance notice" has been provided to the registry operator.<ref name="basera1">[https://newgtlds.icann.org/en/applicants/agb/agreement-approved-02jul13-en.pdf ICANN.org Archive - Base Registry Agreement], as approved July 2, 2013</ref>
The base [[Registry Agreement]], created in advance of the [[New gTLD Program| new gTLD round]], grants ICANN or its subcontractor the right to perform "contractual and operational compliance audits" after "reasonable advance notice" has been provided to the registry operator.<ref name="basera1">[https://newgtlds.icann.org/en/applicants/agb/agreement-approved-02jul13-en.pdf ICANN.org Archive - Base Registry Agreement], as approved July 2, 2013</ref>
===Three-Year Audit Program===
In advance of the [[New gTLD Program]], Contractual Compliance launched a three-year audit of all ICANN-accredited registrars and TLDs launched before 2013.<ref name="3yr">[https://www.icann.org/resources/pages/compliance-past-audits-2015-12-04-en#three-year ICANN.org - Past Audit Programs: Three-Year Audit]]</ref> One-third of all active registries and registrars were audited over each of the three years. The audit excluded ccTLDs, [[.arpa]], [[.mil]], [[.gov]], and [[.edu]].<ref name="3yr" />
===DNS Security Threat Audits===
===DNS Security Threat Audits===