The Internet Corporation for Assigned Names and Numbers (ICANN) organization today issued a request for proposal (RFP) to identify a provider to conduct service organization control audits. These audits represent an important component of the accountability ICANN has to Internet stakeholders for the proper performance of the Internet Assigned Numbers Authority ("IANA") functions. The audits are mandated by the various contracts between ICANN and the Internet Engineering Task Force (IETF), the Regional Internet Registries (RIR) and Public Technical Identifiers (PTI).
The objective of this RFP is to select an independent audit firm to examine the security, process integrity, and availability of: (1) The controls created as part of the trust services principles and criteria for the Service Organization Control (SOC) 2 covering ICANN's Registry Assignment and Maintenance Systems (RAMS), and (2) The controls created as part of the trust services principles and criteria for the Service Organization Control (SOC) 3 covering ICANN's Root Zone Domain Name System (DNS) Security Extensions (DNSSEC) Key Signing Key (RZ DNSSEC KSK) System.
In seeking a comprehensive proposal for these services, ICANN is placing maximum emphasis on several key components of value, including a global presence, knowledge of Internet Protocols and DNS, and the ability to work within the guidelines established in this RFP.
For a complete overview of this RFP, including the timeline, please click here, here.
Indications of interest should be emailed to PTI.SOC2.SOC3.Audits-RFP@icann.org and provide the following information: 1. Company name; 2. Contact person name; 3. Contact person e-mail address.
Proposals should be electronically submitted using ICANN's sourcing tool at the latest by 23:59 UTC on 20 September 2022. Access to this tool may be requested via the same email.