3,197
edits
Changes
Jump to navigation
Jump to search
Line 61:
Line 61: − + + + − + + + + + + + + + + + + + + + + + + + + + + + +
no edit summary
====Registry Agreement Audit Rights====
====Registry Agreement Audit Rights====
The base [[Registry Agreement]], created in advance of the [[New gTLD Program| new gTLD round]], grants ICANN or its subcontractor the right to perform "contractual and operational compliance audits" after "reasonable advance notice" has been provided to the registry operator.<ref name="basera1">[https://newgtlds.icann.org/en/applicants/agb/agreement-approved-02jul13-en.pdf ICANN.org Archive - Base Registry Agreement], as approved July 2, 2013</ref>
The base [[Registry Agreement]] (RA), created in advance of the [[New gTLD Program| new gTLD round]], grants ICANN or its subcontractor the right to perform "contractual and operational compliance audits" after "reasonable advance notice" has been provided to the registry operator.<ref name="basera1">[https://newgtlds.icann.org/en/applicants/agb/agreement-approved-02jul13-en.pdf ICANN.org Archive - Base Registry Agreement], as approved July 2, 2013</ref>
Prior to the creation of the base RA, audit provisions tended to be limited to financial records and technical reports. For example, Verisign's Registry Agreement to manage the [[.com]] domain contained no mention of compliance audits until its amendment in December 2012.<ref>[https://www.icann.org/en/registry-agreements/com/com-registry-agreement-1-12-2012-en ICANN.org - .com Registry Agreement], as amended December 1, 2012. Compare with [https://www.icann.org/en/registry-agreements/com/com-registry-agreement---1-march-2006-amended-22-september-2010-22-9-2010-en the .com Registry Agreement] as amended September 22, 2010</ref>
===Three-Year Audit Program===
===Three-Year Audit Program===
In advance of the [[New gTLD Program]], Contractual Compliance launched a three-year audit of all ICANN-accredited registrars and TLDs launched before 2013.<ref name="3yr">[https://www.icann.org/resources/pages/compliance-past-audits-2015-12-04-en#three-year ICANN.org - Past Audit Programs: Three-Year Audit]]</ref> One-third of all active registries and registrars were audited over each of the three years. The audit excluded ccTLDs, [[.arpa]], [[.mil]], [[.gov]], and [[.edu]].<ref name="3yr" />
In advance of the [[New gTLD Program]], Contractual Compliance launched a three-year audit of all ICANN-accredited registrars and TLDs launched before 2013.<ref name="3yr">[https://www.icann.org/resources/pages/compliance-past-audits-2015-12-04-en#three-year ICANN.org - Past Audit Programs: Three-Year Audit]]</ref> One-third of all active gTLD registries and registrars were audited over each of the three years. The audit excluded ccTLDs, [[.arpa]], [[.mil]], [[.gov]], and [[.edu]].<ref name="3yr" /> At [[ICANN 45]] in Toronto, Contractual Compliance presented on the specifics of the program and its process.<ref>[https://toronto45.icann.org/meetings/toronto2012/presentation-compliance-audit-17oct12-en.pdf ICANN 45 Archive - Compliance Audit Presentation Slides], October 17, 2012</ref> The registry audits resulted in "observation reports" to each participating registry. The audit results for registrars are summarized below:
{| class="wikitable"
|-
! Year
! Breach Notices (Registrars)
! Terminations (Registrars)
! Report
|-
| 2012
| 12
| 3
| [https://www.icann.org/en/system/files/files/registrar-registry-audit-2012-25jun13-en.pdf Year One Audit Report] (PDF)
|-
| 2013
| 11
| 3
| [https://www.icann.org/en/system/files/files/registrar-registry-audit-2013-07jul14-en.pdf Year Two Audit Report] (PDF)
|-
| 2014
| 10
| 10 (including 5 self-terminations)
| [https://www.icann.org/en/system/files/files/contractual-compliance-audit-report-2014-13jul15-en.pdf Year Three Audit Report] (PDF)
|}
===DNS Security Threat Audits===
===DNS Security Threat Audits===