Skip to main content

Minutes - Risk Committee (RC) Meeting

Committee Attendees: Bruce Tonkin – Chair, Steve Crocker, Steve Goldstein, Ray Plzak, Rajasekhar Ramaraj, and Wendy Seltzer

Other Board Attendees: Peter Dengate Thrush – Chair of the Board and Suzanne Woolf

Invited Attendees: George Sadowsky and Jonne Soininen

Staff members present: Doug Brent – COO, John Jeffrey – General Counsel, Greg Rattray – Chief Internet Security Advisor, Theresa Swinehart – VP, Global and Strategic Partnerships, Kevin Wilson – CFO; Samantha Eisner, Patrick Jones, Diane Schroeder, and Amy Stathos

The following is a summary of discussions, actions taken and actions identified:

  1. Received update on and discussed ongoing efforts to formalize a successful risk management process within the organization and the risk identification process, including:
    1. Reviewed the revised risk inventory;
    2. Reviewed the three-year risk identification and compared to the 12-month risk identification;
    3. Reviewed proposed risk mitigation approaches for six key risks;
    4. Discussed the integration of the risk identification process into ICANN’s project process, and received a report that this integration has already begun with the New gTLD program;
    5. Received update on staff’s work to review key scenarios, such as natural disasters, to integrate a non-quantitative approach to risk management; and
    6. Received update on initial list of strategic programs, in addition to the New gTLD program, that have been identified to integration of a project-level risk management process.
      • Actions:
        • Staff to continue to refine work.
        • Staff to continue to refine terminology and determine the relationship among the 20 items reflected on the risk inventory to further refine the list and better describe ICANN’s trust relationship with governments.
        • RC members to review the risk inventory and provide feedback.
        • Staff to provide Board Governance Committee with information on perceived risks of Board member conflicts of interest.
        • Staff to map risk planning to budget to determine if there are any items requiring resources during FY10 that are not currently accounted for in the budget, particularly as they relate to the corporate business continuity program, and also identify budgetary needs for risk mitigation implementation as part of the FY11 planning and budgeting process.
        • Staff to refine list of projects proposed for integration of a project-level risk management process.
        • Staff, working with the CEO, to recommend a structure to provide briefing to RC on risk management work in significant programs, such as the New gTLD Program, and provide best practices for project reporting to include in an Enterprise Risk Management policy.
  2. Received update from Staff on development of a charter for management Risk Oversight Committee.
    • Action:
      • Staff to work with CEO to provide the RC a recommendation and report on management’s risk oversight process.
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."