SOC Audits Confirm Proper Controls in Place for IANA Functions
LOS ANGELES -
The Internet Corporation for Assigned Names and Numbers organization (ICANN org) has successfully completed its annual Service Organization Control (SOC) audits of the key systems used to deliver the Internet Assigned Numbers Authority (IANA) functions. No exceptions were reported even under unprecedented circumstances due to the COVID-19 pandemic. Conducted by the accounting firm RSM US LLP, the audits assessed the Registry Assignment and Maintenance Systems (RAMS) for the period of 1 October 2019 through 30 September 2020, and the root zone Domain Name System Security Extensions (DNSSEC) services for the period of 1 December 2019 through 30 November 2020.
Completed for the eighth consecutive year, the SOC2 audit of the RAMS found that ICANN org has the appropriate controls in place to ensure the security, availability, and integrity of processing IANA requests.
For the eleventh year in a row, an exception-free SOC3 audit of the management of the DNSSEC root zone key signing key (KSK) – the trust anchor of the Domain Name System (DNS) – was recorded, demonstrating that effective security, availability, and process integrity controls necessary for managing the root zone KSK remain in place.
"The successful audits of the RAMS and root zone KSK highlight our commitment to successfully providing the IANA functions even under difficult circumstances," said Kim Davies, Vice President of IANA Services and President, PTI. "In particular, our Cryptographic Business Operations team was able to adapt quickly and keep operational standards at the highest level while facing unforeseen challenges due to the pandemic."
As a result of the COVID-19 pandemic, a number of changes were made to the key signing ceremony during the audit period. To minimize the risk to participants, most roles were conducted remotely including those of the Trusted Community Representatives and the auditors. Schedules and processes were also adjusted to temporarily reduce the need for staff to work together in the same room. The increase in remote participation resulted in the April 2020 ceremony having the highest streaming viewership ever recorded.
SOC audits evaluate an organization's controls in relation to the "trust services principles and criteria" outlined by the American Institute of Certified Public Accountants (AICPA). IANA's participation in these annual audits is part of its commitment to ensuring the security and stability of the Internet's unique identifier system. For more information, click here.
ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.