Line 38: |
Line 38: |
| # Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report.<ref name="phases" /> | | # Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report.<ref name="phases" /> |
| | | |
− | ===RAA Audit Rights=== | + | ===Audit Rights=== |
− | ====2009 Amendment Process==== | + | ICANN is authorized to audit registries and registrars based on contractual provisions within the the Registry Accreditation Agreement (RAA) and Registry Agreements (RA) with registry operators. |
| + | |
| + | ====2009 RAA Amendment Process==== |
| ICANN's right to audit registrars for compliance with contract provisions was added to the [[Registrar Accreditation Agreement]] in 2009 during the amendment process for the RAA.<ref>[https://archive.icann.org/en/topics/raa/ ICANN.org Archive - Consultation on RAA Amendments], 2009</ref> The amendments permitted ICANN to audit registrars for compliance with the following contract requirements: | | ICANN's right to audit registrars for compliance with contract provisions was added to the [[Registrar Accreditation Agreement]] in 2009 during the amendment process for the RAA.<ref>[https://archive.icann.org/en/topics/raa/ ICANN.org Archive - Consultation on RAA Amendments], 2009</ref> The amendments permitted ICANN to audit registrars for compliance with the following contract requirements: |
| * maintenance of a functioning WHOIS lookup service; | | * maintenance of a functioning WHOIS lookup service; |
Line 58: |
Line 60: |
| * Requirements regarding DNS abuse and security threat reporting.<ref>[https://www.icann.org/en/system/files/files/audit-plan-2013-raa-31mar16-en.pdf ICANN.org - 2013 RAA Audit Plan Scope] (PDF)</ref> | | * Requirements regarding DNS abuse and security threat reporting.<ref>[https://www.icann.org/en/system/files/files/audit-plan-2013-raa-31mar16-en.pdf ICANN.org - 2013 RAA Audit Plan Scope] (PDF)</ref> |
| | | |
− | ===Registry Agreement Audit Rights=== | + | ====Registry Agreement Audit Rights==== |
| The base [[Registry Agreement]], created in advance of the [[New gTLD Program| new gTLD round]], grants ICANN or its subcontractor the right to perform "contractual and operational compliance audits" after "reasonable advance notice" has been provided to the registry operator.<ref name="basera1">[https://newgtlds.icann.org/en/applicants/agb/agreement-approved-02jul13-en.pdf ICANN.org Archive - Base Registry Agreement], as approved July 2, 2013</ref> | | The base [[Registry Agreement]], created in advance of the [[New gTLD Program| new gTLD round]], grants ICANN or its subcontractor the right to perform "contractual and operational compliance audits" after "reasonable advance notice" has been provided to the registry operator.<ref name="basera1">[https://newgtlds.icann.org/en/applicants/agb/agreement-approved-02jul13-en.pdf ICANN.org Archive - Base Registry Agreement], as approved July 2, 2013</ref> |
| + | |
| + | ===Three-Year Audit Program=== |
| + | In advance of the [[New gTLD Program]], Contractual Compliance launched a three-year audit of all ICANN-accredited registrars and TLDs launched before 2013.<ref name="3yr">[https://www.icann.org/resources/pages/compliance-past-audits-2015-12-04-en#three-year ICANN.org - Past Audit Programs: Three-Year Audit]]</ref> One-third of all active registries and registrars were audited over each of the three years. The audit excluded ccTLDs, [[.arpa]], [[.mil]], [[.gov]], and [[.edu]].<ref name="3yr" /> |
| | | |
| ===DNS Security Threat Audits=== | | ===DNS Security Threat Audits=== |