First SSAC Organizational Review
The First SSAC Organizational Review was initiated in June 2008 and completed in June 2010, with the implementation of improvements continuing through 2011.[1]
Background edit
Article 4.4 of the ICANN Bylaws requires periodic review of all supporting organizations and advisory committees, as well as the Nominating Committee.[2] The bylaws state three objectives for the review:
- to determine whether that organization, council or committee has a continuing purpose in the ICANN structure;
- if so, whether any change in structure or operations is desirable to improve its effectiveness; and
- whether that organization, council or committee is accountable to its constituencies, stakeholder groups, organizations and other stakeholders.[2]
Organizational reviews are conducted by independent examiners, selected through a competitive bidding process.[2] The independent examiner works in consultation with a working group assembled by the board, who will act as implementation shepherds once the final report of the independent examiner is submitted.[3] The review parameters are set by the ICANN Board, and those parameters as well as other avenues of inquiry are typically included in the request for proposals (RFP) for independent examiners.[2][3] Reviews can take anywhere from three to five years to complete. The full review process includes seven phases, including the implementation of recommendations from the review.[3] Reviews must be conducted at least every five years, measuring from the date that the final report of the previous review was accepted by the ICANN Board.[3] The Security and Stability Advisory Committee is one of the organizations subject to the review requirements of Article 4.4.[3]
Initiation edit
The ICANN Board formed the SSAC1 Review Working Group (RWG) in June 2008, naming the following members to the RWG: Dennis Jennings (Chair), Robert Blokzijl, Reinhard Scholl and Suzanne Woolf.[4] In September 2008, the board posted an RFP for an independent reviewer to conduct the review of the SSAC.[5] The Terms of Reference (ToR) for the RFP included 30 questions related to the two principal questions in the Article 4.4 of the ICANN Bylaws at the time: does the SSAC have a continuing purpose in the ICANN structure; and is there any change in structure or operations that could improve the SSAC's effectiveness?[6]
At a special meeting in October 2008, the board approved the charter for the RWG.[7]
Independent Examiner edit
In the lead-up to ICANN 33 in Cairo, JAS Communications was selected as the independent examiner for SSAC1.[8] This permitted JAS the opportunity to begin work at the meeting.
Methodology edit
JAS's standard approach to reviews of technical organizations was put to the test, as the IE's draft final report makes clear:
Data collection began in Cairo and it quickly became apparent that organizational issues would dominate our study. With so much uncertainty around scope and mission, we found it difficult to apply typical group performance metrics because there was no baseline in terms of a clear charter, specific tasking, or even agreed upon strategic direction. Put another way, it is difficult to evaluate the performance of a group when it is not clear what they are supposed to be doing. It was very clear that SSAC was working diligently, but JAS was asked whether the work it was doing was the right work.[8]
JAS determined that the assessment would largely be based on qualitative findings. In order to ensure that there was a basis for community input on quantifiable performance metrics, JAS worked with an organizational behavioral expert to create a "custom survey instrument to produce quantitative data around specific recurring organizational questions unearthed during the interviews."[8] The survey was deployed with an eye toward verifying qualitative observations of the review team, and to provide a dataset against which demographic and cultural correlations could be tested.[8]
After a series of rounds of hypothesis testing and data collection, JAS submitted a draft version of its findings, analysis, and recommendations to selected individuals within the ICANN community for feedback.[8]
IE Draft Final Report edit
Following receipt of feedback from the limited-distribution draft, JAS published its Draft Final Report for public comment on February 16, 2009.[1] The IE's draft final report identified three core themes within their findings:
- Lack of organizational clarity and charter;
- Lack of formality leading to concerns about transparency; and
- Perceived and actual conflicts of interest.[8]
In particular, the longstanding relationships of SSAC members, most of which predated ICANN involvement, led to a collegial and informal culture that affected both the outside perception of the SSAC and internal and external understanding of the SSAC's role within the ICANN ecosystem. As an example, JAS noted that policies and procedures around conflicts of interest were nearly nonexistent:
An unreleased internal draft SSAC policies and procedures document provided to JAS contains the following language regarding perceived and actual conflicts of interest:
The committee does not ordinarily concern itself with conflicts of interest. All members are always permitted to participate in all activities. However, the committee may elect to state potential conflicts of interest as an integral part of any publication if it deems this to enhance the final result. An individual may elect not to participate in any activity of the committee at his or her own discretion.
We observe that this is an accurate characterization of SSAC's current views on perceived or actual conflicts of interest; in practice, we find little to no formal attention to the issue.[8]
Despite the perceptual issues, the importance and quality of the SSAC's work was universally acknowledged. The executive summary of the draft final report stated that the SSAC was "functioning, functioning well, and filling a relevant purpose."[8] In addition, the report called out the community's appreciation and respect for the SSAC's handling of the Verisign Site Finder situation.[8] The draft report offered thirty-four recommendations to improve organizational and communication clarity inside the SSAC and in cross-community work, address gaps in formalized policy or procedures within the SSAC, and generally alleviate the "growing pains" experienced by the SSAC in the first years of its existence.[8]
Public Comment on Draft Final Report edit
JAS presented its findings and recommendations in a workshop session at ICANN 34 in Mexico City.[9] The comments receieved at the session were largely from current or former members of the SSAC, and expressed varying degrees of skepticism about the value and clarity of the findings and recommendations.[10]
In addition to the session in Mexico City, two written comments were received on the draft report during the public comment period. Hiro Hotta expressed admiration for the SSAC and suggested that diverse viewpoints might even further improve the SSAC's abilities. ISOC submitted a statement in agreement with many of the recommendations, particularly the implementation of a conflicts of interest policy, and emphasizing focus on SSAC's core mission as an advisory committee.[11]
IE Final Report edit
JAS submitted its final report on May 15, 2009.[1] The final report acknowledged the comments received, as well as feedback from the RWG and other sources in the time between the draft final report and the final report.[12] JAS noted that the feedback and input had resulted in several changes and refinements, including a stronger focus on the big picture issues presented by the data, and the simplification of some of the more heavily detailed recommendations in favor of addressing those big picture issues.[12] The findings and recommendations of the final report were largely the same.
Public Comment on the IE's Final Report edit
The final report received only one substantive written comment, which encouraged the SSAC to work more closely with other constituencies and "improve its overall transparency."[13]
Review Working Group Reports edit
After receipt of the IE's final report, the SSAC membership engaged in a self-assessment exercise, resulting in a report to the RWG in June 2009[14] During ICANN 35 in Sydney, the RWG discussed the final report from JAS as well as the SSAC self-assessment report, and began to formulate proposals for the implementation of improvements recommended in each report.[14]
In its draft report, the RWG collated the IE's recommendations, the SSAC's response, and the working group's consensus opinion on each recommendation from the IE's final report, as well as the additional recommendations from the SSAC Self-Assessment:
Rec. Number(s) | Recommendation(s) | SSAC Position | RWG Conclusion |
---|---|---|---|
IE 1-4 | 1. Maintain a technical advisory body2. SSAC maintain its identity as an AC to the board3. Do not combine SSAC and RSSAC4. SSAC members should not be required to sign confidentiality agreements or duty of loyalty agreements | Agree | Agree |
IE 5 | Amend SSAC charter to prevent dealings with confidential or proprietary information unless directly guided to do so by the Board | Disagree - this information is often useful to analyze safety and security issues | Disagree with recommendation - "SSAC has a legitimate right to ask for access to confidential or proprietary information that is needed to fill its mandate, requests that need to be motivated by appropriate reasons. |
IE 6 | Amend SSAC charter to exclude involvement with or review of ICANN internal operations except as directed by the Board | Disagree - "Where contracts or normal employment practices (e.g. the name of an employee who made an error) prohibit disclosure, SSAC should not have special access, but review and access to information on operational function such as root system provisioning and root server operations, these functions should be within SSACís purview." | SSAC is entitled to advise when it considers that ICANN's internal operations threaten the safety and stability of the DNS. ICANN's internal operations, including IANA functions, should report any security issues, as well as report annually on measures adopted to prevent threats that may be caused by ICANN's operations. Board can share these reports with SSAC as they deem appropriate. |
IE 7 | Correct the perception of SSAC "independence" through improvements in formality, transparency, and increased Board interaction | Disagrees that there are perceptions of independence | No specific measures to be implemented on this recommendation - many subsequent recommendations propose changes to the SSAC's processes & communication |
IE 8 | Amend SSAC charter to require that the SSAC Chair and the SSAC Board Liaison be different people | Disagrees with either requiring or prohibiting one person to wear two hats | Disagrees with recommendation & agrees with SSAC's comment |
IE 9 | ICANN reimburse expenses for SSAC Chair to travel to meetings when relevant | Agree | Agree |
IE 10 | ICANN Board to investigate the possibility of paying a stipend or honorarium to SSAC chair or members | Agree | Agree |
IE 11 | Amend SSAC charter to specifically include non-technical threats to the security & stability of the DNS | Disagree - SSAC considers such risks now, but should focus on objective facts | Disagree - SSAC has shown that it can evaluate the technical impacts of non-technical developments - no need to amend charter |
IE 12 | SSAC to maintain focus on developing and sharing knowledge of new and evolving risks; specifically avoid tactical involvement in response or mitigation | Agree | Agree - no specific implementation steps needed |
IE 13 | SSAC leadership should improve sensitivity to political and business issues:* provide a "heads-up" when uncomfortable situations might reasonably ensue to avoide "blind-siding" individuals and orgs* recognize that, as an advisory body, SSAC's goal is to provide the best advice possible; there is, however, no requirement for anyone to follow that advice* recognize that ICANN has complex business and contractual relationships that may preclude following SSAC's advice* maintain the value of SSAC's brand by continuing to conduct itself with the utmost professionalism and integrity | Agree, so long as the proffered advice is understood to be limited to:* avoid blind-siding individuals* recognize that there is no requirement for anyone to follow SSAC advice* SSAC's guidance may conflict with contractual obligations* SSAC must continue to conduct itself with the highest level of professionalism and integrity | Agrees with the comment formulated by SSAC, and does not consider additional action to be necessary |
IE 14 | Amend SSAC charter to give guidance to focus on policy and strategic matters, and to avoid tactical operational issues | Disagree - current charter is adequate on this subject | Disagree - agrees with SSAC that the current charter makes this distinction |
IE 15 | In conjunction with the ICANN Board, staff, and public consultation, SSAC should undertake an annual planning process to review the previous year, determine SSAC's research and publication agenda, define membership outreach strategy, and list resource requirements for the coming year. Submit plan to Board for approval | Agrees with the need for planning, but "it should not be constrained to annual cycles" | Agrees that SSAC needs to create a lightweight planning process |
IE 16 | SSAC should keep and publish meeting minutes on its website in a timely fashion | Agree | Agree |
IE 17 | SSAC should endeavor to keep their website current to include work in progress and planned future work | Agree | Agree |
IE 18 | As part of the first annual plan, SSAC should revisit task area one in its charter with ICANN staff (Task area one was: "Develop a security framework for Internet naming and address allocation services that defines the key focus areas, and identifies where the responsibilities for each area lie") | Task area one should be removed from the charter | Agree with SSAC's determination to remove task area one |
IE 19-22 | 19. SSAC should find the best experts globally, without regard to geographic proximity; there should be no artificial geographic quotas in SSAC membership20. Membership terms of three years, renewable by the Board at the recommendation of the SSAC Chair21. No limit on the number of terms an SSAC member may serve22. Stagger SSAC member terms so that approx. 1/3 of the membership is up for renewal each year | Agree | Agree |
IE 23 | SSAC Board Liaison should serve a maximum of three consecutive one-year terms | Disagree - | WG believes all Board Liaisons should serve three-year terms, with a maximum of three consecutive terms |
IE 24 | Article XI of the ICANN Bylaws should be amended to include a mechanism to remove an advisory committee chair or member by a simple majority vote of the Board | Disagree - the combination of an approval process for candidate members, three-year terms, and renewal at the discretion of the Board and SSAC Chair is adequte. "Any appearance that the board can punish a member of SSAC for leading an unpopular study would undermine credibility." | WG agrees that protective measures should be put in place to remove a disruptive or under-performing advisory committee chair or member |
IE 25 | SSAC to implement a policy explicitly stating that the SSAC brand is only to be used on approved work product | Focus on "branding" is inconsistent with objective fact-finding and advice | WG considers that SSAC members should specify, whenever appropriate, whether they are speaking on their own behalf, or citing positions taken by the SSAC in work products. |
IE 26-27 | 26. The SSAC Chair should select, implement, and enforce the regular use of a transparent decision making and documentation strategy fitting of the membership and culture of the SSAC27. The SSAC should formally approve and release all work products pursuant to the chosen decision making and documentation strategy | Disagree - the formality of quorum, voting, Robertís Rules, recusal, dissent and approval are unnecessary because SSAC is not representational | Agree - the WG notes that SSAC's position was formulated in response to the draft final report, which contained an excessively formal approach to decision making and documentation processes. The final report proposes improvements that appear consistent with the culture of the SSAC |
IE 28 | SSAC should formall and visibly adopt a confidentiality policy. Other policies could be used by mutual agreement | Agree | Agree |
IE 29 | Utilize these recommended mechanisms, including the annual planning process, to regularly evaluate SSAC performance against objectives and resource utilization | Disagree - evaluating performance against objectives is "appropriate for employees, but not volunteer experts often outside the domain-name business" | WG recommends that the SSAC produce a lightweight, yearly report of activities to the Board; report published as appropriate |
IE 30 | SSAC should publish simple conflict disclosure forms for each SSAC member on its website. Candidate SSAC members will be required to provide a complete disclosure to the Board prior to appointment to the SSAC, and update disclosures as necessary | Agree, but SSAC doesn't like signing things and prefers an informal process | WG agrees with the recommendation and agrees with SSAC's proposed implementation approach |
IE 31-33 | 31. SSAC work product should include a "Dissents" section, with anonymous or named dissents listed, and "no dissent" if there is full consensus32. SSAC work product should include a "Recusals" section, with anonymous or named recusal listed, and "no recusals" if there were none33. SSAC should develop and publish a conflicts of interest policy based on the ICANN Board policy | Agree | Agree |
SSAC 1 | The SSAC charter should be reconsidered as part of the review process | WG agrees and notes that the standard ToR for organizational reviews presently calls for this | |
SSAC 2 | A membership committee should review individual contributions regarding renewal of terms | WG agrees with this proposal, which is an operational measure aimed to implement IE Recommendations 20 and 21 | |
SSAC 3 | SSAC should (continue to) choose what studies to pursue | SSAC should continue to choose what studies it pursues, being sensitive to the concerns of and issues identified by the ICANN community. The ICANN Board may also task the SSAC | |
SSAC 4 | SSAC should consider which reports to ask ICANN to translate into other languages | WG agrees with this proposal | |
SSAC 5 | SSAC should consider (staffing) a continuous process of feedback from the ICANN community on its work | WG agrees with this proposal | |
SSAC 6 | SSAC should conduct a dedicated meeting annually | WG sees merit in the SSAC developing such a proposal to ICANN | |
SSAC 7 | ICANN's regional liaisons should provide periodic briefings to SSAC members | WG agrees in principle - professional background of liaisons to be considered when defining briefing content | |
SSAC 8 | SSAC should consider maintaining public comments on its documents | WG agrees in principle - but SSAC should not allow public comment periods to delay the delivery of reports | |
SSAC 9 | SSAC Executive Committee minutes should be made available to SSAC members | WG agrees |
References edit
- ↑ 1.0 1.1 1.2 ICANN.org - SSAC1 Review Dashboard, last updated March 18, 2011
- ↑ 2.0 2.1 2.2 2.3 ICANN Bylaws - Article 4.4
- ↑ 3.0 3.1 3.2 3.3 3.4 ICANN.org - Organizational Reviews
- ↑ Resolution of the Board - Appointment of Independent Review Working Groups, June 26, 2008
- ↑ ICANN.org Announcment - RFP for Independent Review of the SSAC, September 16, 2008
- ↑ SSAC1 RFP and Terms of Reference, September 16, 2008 (PDF)
- ↑ Board Meeting Minutes, October 1, 2008
- ↑ 8.00 8.01 8.02 8.03 8.04 8.05 8.06 8.07 8.08 8.09 SSAC1 - Draft Final Report of the IE, February 16, 2009
- ↑ ICANN 34 - SSAC Review Workshop], March 5, 2009
- ↑ ICANN 34 Archive - Transcript, SSAC Review Workshop, March 5, 2009
- ↑ SSAC1 Listserv Archive - Comments on IE Draft Final Report, March 20 - April 22, 2009
- ↑ 12.0 12.1 SSAC1 Review - IE Final Report, May 15, 2009 (PDF)
- ↑ SSAC1 Listserv Archive - Comment of Michele Neylon on the IE Final Report, June 29, 2009
- ↑ 14.0 14.1 SSAC1 - Draft Report of the RWG, September 18, 2009