Minutes – Board Risk Committee (RC) Meeting 10 February 2011

RC Attendees: Steve Crocker (Chair), Rajasekhar Ramaraj, Bruce Tonkin and Suzanne Woolf

Apologies: Mike Silber

Staff Attendees: Akram Atallah – Chief Operating Officer; John Jeffrey – General Counsel and Secretary; Patrick Jones, Diane Schroeder and Amy Stathos


The following is a summary of discussions, actions taken and actions identified:

  1. The Committee discussed the meeting schedule for the upcoming year, which includes five face to face meetings, and three or four telephonic meetings, if needed.

    • Action: Committee members to email comments on proposed schedule.

  2. The Committee discussed the proposed work plan for the year. The committee members made some additional suggestions relating to adding to the risk presentation for the Board, including risks relating to the new gTLD Program and ICM’s proposed Registry Agreement for a .XXX sTLD. Staff confirmed that risk mitigation is included in the operational planning for project implementation.

    • Action: Staff to enhance risk analysis for presentation to the Board, in SV/SF meeting and distribute to committee via email before Risk Committee meeting in March 2011.

  3. Staff provided a report on the past enterprise risk assessment and the ongoing risk reassessment, including schedule for upcoming events relating to the reassessment.

    • Action: Staff to provide to committee chair a copy of risk assessment validation report by 25 February.

  4. Staff provided a report on the formation of the community working group intending to do a gap analysis of the actual threats to the DNS. This is the DNS Security & Stability Analysis Working Group (DSSA-WG). Staff reported that there is staff support for the DSSA-WG and that the working group members, and members of ALAC, SSAC, GNSO, ccNSO, and NRO will meet in SV/SF. Staff further reported on the status of interplay between DSSA-WG and the Affirmation of Commitments (AoC) Security, Stability and resiliency (SSR) Review Team.

    • Action: Committee chair to informally talk with SSR Review Team chair and DSSA-WG chair to determine status of both.

  5. The Committee discussed the appropriate scope and range of comments relating to the DNS infrastructure in various jurisdictions around the globe.

  6. The Committee discussed the need to develop risk analysis relating to the Affirmation and Commitments and reviews called for therein.

  7. The Committee discussed risks with respect to the IDN program.

  8. The Committee discussed the status of the process document relating to re-delegation of ccTLDs.

    • Action: Staff to put this project on the work plan.