− | The Audit Program is a continuous, ongoing activity that follows a recurring cycle. Each audit round consists of six phases:<ref>[https://www.icann.org/en/system/files/files/audit-phases-timeline-01aug17-en.pdf Audit Phases, ICANN]</ref><br/> | + | The Audit Program is a continuous, ongoing activity that follows a recurring cycle.<ref>[https://www.icann.org/resources/pages/audits-2012-02-25-en ICANN.org - Contractual Compliance Audit Program]</ref> Each audit round consists of six phases:<ref>[https://www.icann.org/en/system/files/files/audit-phases-timeline-01aug17-en.pdf Audit Phases, ICANN]</ref><br/> |
| # Request for Information Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request. | | # Request for Information Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request. |
| # Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity. | | # Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity. |
− | # Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit [https://www.icann.org/resources/pages/compliance-reports-2021 report] | + | # Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit [https://www.icann.org/resources/pages/compliance-reports report] |
| In November 2018, ICANN Contractual Compliance (Compliance) launched a Registry Operator Audit for Addressing DNS Security Threats.<ref>[https://www.icann.org/en/blogs/details/contractual-compliance-addressing-domain-name-system-dns-infrastructure-abuse-8-11-2018-en ICANN.org Blog - Contractual Compliance Addressing DNS Infrastructure Abuse], November 8, 2018</ref> The audit was conducted over seven months, from November 2018 to June 2019.<ref>[https://www.icann.org/en/announcements/details/icann-publishes-registry-operator-audit-for-addressing-dns-security-threats-17-9-2019-en CC Audit of DNS Security Threats, ICANN Announcements]</ref> The report on the audit, released in September 2017, reported that of the 1207 TLDs reviewed during the audit, "approximately five percent (5%) of the audited ROs subject to Specification 11, Section 3(b) were not performing any security threat monitoring, despite having domains registered in their gTLDs."<ref name="19audit">[https://www.icann.org/en/system/files/files/contractual-compliance-registry-operator-audit-report-17sep19-en.pdf ICANN.org - Report on the RO Audit for Addressing DNS Security Threats], September 17, 2019 (PDF)</ref> The report noted that many of the non-complying registries had a limited number of registrations: | | In November 2018, ICANN Contractual Compliance (Compliance) launched a Registry Operator Audit for Addressing DNS Security Threats.<ref>[https://www.icann.org/en/blogs/details/contractual-compliance-addressing-domain-name-system-dns-infrastructure-abuse-8-11-2018-en ICANN.org Blog - Contractual Compliance Addressing DNS Infrastructure Abuse], November 8, 2018</ref> The audit was conducted over seven months, from November 2018 to June 2019.<ref>[https://www.icann.org/en/announcements/details/icann-publishes-registry-operator-audit-for-addressing-dns-security-threats-17-9-2019-en CC Audit of DNS Security Threats, ICANN Announcements]</ref> The report on the audit, released in September 2017, reported that of the 1207 TLDs reviewed during the audit, "approximately five percent (5%) of the audited ROs subject to Specification 11, Section 3(b) were not performing any security threat monitoring, despite having domains registered in their gTLDs."<ref name="19audit">[https://www.icann.org/en/system/files/files/contractual-compliance-registry-operator-audit-report-17sep19-en.pdf ICANN.org - Report on the RO Audit for Addressing DNS Security Threats], September 17, 2019 (PDF)</ref> The report noted that many of the non-complying registries had a limited number of registrations: |