Line 23: |
Line 23: |
| The Audit Program is a continuous, ongoing activity that follows a recurring cycle.<ref>[https://www.icann.org/resources/pages/audits-2012-02-25-en ICANN.org - Contractual Compliance Audit Program]</ref> Each audit round consists of six phases:<ref name="phases">[https://www.icann.org/en/system/files/files/audit-phases-timeline-01aug17-en.pdf Audit Phases, ICANN]</ref><br/> | | The Audit Program is a continuous, ongoing activity that follows a recurring cycle.<ref>[https://www.icann.org/resources/pages/audits-2012-02-25-en ICANN.org - Contractual Compliance Audit Program]</ref> Each audit round consists of six phases:<ref name="phases">[https://www.icann.org/en/system/files/files/audit-phases-timeline-01aug17-en.pdf Audit Phases, ICANN]</ref><br/> |
| # Planning Phase: ICANN plans the audit scope and timeline. | | # Planning Phase: ICANN plans the audit scope and timeline. |
− | # Request for Information Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request. | + | # Request for Information (RFI) Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request. |
| # Audit Phase: ICANN reviews, tests, and validates the responses to ensure compliance with the contractual obligations. | | # Audit Phase: ICANN reviews, tests, and validates the responses to ensure compliance with the contractual obligations. |
| # Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity. | | # Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity. |
| # Remediation Phase: ICANN collaborates with the auditees to remediate issues. | | # Remediation Phase: ICANN collaborates with the auditees to remediate issues. |
| # Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report.<ref name="phases" /> | | # Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report.<ref name="phases" /> |
| + | |
| + | ===2009 RAA Audit Rights=== |
| + | ICANN's right to audit registrars for compliance with contract provisions was added to the [[Registrar Accreditation Agreement]] in 2009 during the amendment process for the RAA.<ref>[https://archive.icann.org/en/topics/raa/ ICANN.org Archive - Consultation on RAA Amendments], 2009</ref> The amendments permitted ICANN to audit registrars for compliance with the following contract requirements: |
| + | * maintenance of a functioning WHOIS lookup service; |
| + | * collection, verification, review, and retention of valid registrant data; |
| + | * inclusion of mandatory provisions and policies in the registrar's registrant agreement; |
| + | * inclusion of mandatory provisions and policies in the registrar's reseller agreements, as well as RAA-mandated handling of any registrant data submitted via a proxy or privacy service; |
| + | * compliance with all consensus and temporary policies in existence (at the time, the UDPR, Expired Domain Deletion Policy, and WHOIS Data Reminder Policy); |
| + | * published link to ICANN's registrant educational information; |
| + | * proof of completion of a required training course by the registrar's primary contact or designee; and |
| + | * maintenance of valid contact information on the registrar's website and within RADAR.<ref>[https://www.icann.org/en/system/files/files/audit-plan-2009-raa-25may16-en.pdf ICANN.org - Contractual Compliance 2009 RAA Audit Plan] (PDF)</ref> |
| + | |
| + | ===2013 Expansion of Audit Rights=== |
| + | |
| | | |
| ===DNS Security Threat Audits=== | | ===DNS Security Threat Audits=== |