3,197
edits
Changes
Jump to navigation
Jump to search
Line 23:
Line 23: − + + + + + + + + + + + + + + +
→Auditing
The Audit Program is a continuous, ongoing activity that follows a recurring cycle.<ref>[https://www.icann.org/resources/pages/audits-2012-02-25-en ICANN.org - Contractual Compliance Audit Program]</ref> Each audit round consists of six phases:<ref name="phases">[https://www.icann.org/en/system/files/files/audit-phases-timeline-01aug17-en.pdf Audit Phases, ICANN]</ref><br/>
The Audit Program is a continuous, ongoing activity that follows a recurring cycle.<ref>[https://www.icann.org/resources/pages/audits-2012-02-25-en ICANN.org - Contractual Compliance Audit Program]</ref> Each audit round consists of six phases:<ref name="phases">[https://www.icann.org/en/system/files/files/audit-phases-timeline-01aug17-en.pdf Audit Phases, ICANN]</ref><br/>
# Planning Phase: ICANN plans the audit scope and timeline.
# Planning Phase: ICANN plans the audit scope and timeline.
# Request for Information Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request.
# Request for Information (RFI) Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request.
# Audit Phase: ICANN reviews, tests, and validates the responses to ensure compliance with the contractual obligations.
# Audit Phase: ICANN reviews, tests, and validates the responses to ensure compliance with the contractual obligations.
# Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity.
# Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity.
# Remediation Phase: ICANN collaborates with the auditees to remediate issues.
# Remediation Phase: ICANN collaborates with the auditees to remediate issues.
# Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report.<ref name="phases" />
# Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report.<ref name="phases" />
===2009 RAA Audit Rights===
ICANN's right to audit registrars for compliance with contract provisions was added to the [[Registrar Accreditation Agreement]] in 2009 during the amendment process for the RAA.<ref>[https://archive.icann.org/en/topics/raa/ ICANN.org Archive - Consultation on RAA Amendments], 2009</ref> The amendments permitted ICANN to audit registrars for compliance with the following contract requirements:
* maintenance of a functioning WHOIS lookup service;
* collection, verification, review, and retention of valid registrant data;
* inclusion of mandatory provisions and policies in the registrar's registrant agreement;
* inclusion of mandatory provisions and policies in the registrar's reseller agreements, as well as RAA-mandated handling of any registrant data submitted via a proxy or privacy service;
* compliance with all consensus and temporary policies in existence (at the time, the UDPR, Expired Domain Deletion Policy, and WHOIS Data Reminder Policy);
* published link to ICANN's registrant educational information;
* proof of completion of a required training course by the registrar's primary contact or designee; and
* maintenance of valid contact information on the registrar's website and within RADAR.<ref>[https://www.icann.org/en/system/files/files/audit-plan-2009-raa-25may16-en.pdf ICANN.org - Contractual Compliance 2009 RAA Audit Plan] (PDF)</ref>
===2013 Expansion of Audit Rights===
===DNS Security Threat Audits===
===DNS Security Threat Audits===