Skip to main content

Board Risk Committee (RC) – Minutes

RC Attendees: Steve Crocker, Ram Mohan, Thomas Narten, Gonzalo Navarro, Mike Silber – Chair, Judith Duavit Vazquez, and Suzanne Woolf

Other Board Attendees: Chris Disspain, Bill Graham, George Sadowsky and Bruce Tonkin

Staff Attendees: Akram Atallah – Chief Operating Officer; John Jeffrey – General Counsel and Secretary; Megan Bishop, Michelle Bright, Samantha Eisner, Daniel Halloran, Patrick Jones, Jeff Moss and Amy Stathos

Invited Attendee: Jonne Soininen

The following is a summary of discussions, actions taken and actions identified:

  1. Minutes of Previous Meeting: The RC approved the minutes of its previous meeting in April 2013.
  2. Review of Action Items: The RC reviewed the open action items from the previous meeting. Regarding the alignment of the IT Best Practices Implementation plan with the Strategic Plan, the BRC agreed that due to the pending strategic planning work, this item should be slated for discussion at the RC meeting in Durban, South Africa. The BRC also discussed the role of an Enterprise Risk Manager within ICANN and the support that role will bring to the RC. The RC discussed how to provide staff with feedback on ICANN's risk appetite and mitigation efforts.
    • Action:
      • RC members to provide thoughts to the RC regarding the scope of authority of an Enterprise Risk Manager.
      • Staff to provide recommendations for how staff would like to receive feedback from the RC on risk-related items, so that a framework can be discussed with the RC in Durban.
  3. IT Best Practices review & recommendations: The RC continued a discussion about the summary of recommendations made following a review of IT systems and operations and a proposal for incorporating IT Best Practices. The RC noted that due to the delay in the delivery of the materials, the RC was not prepared to have an in-depth discussion on the document.
    • Action:
      • Staff to schedule an RC call to discuss the IT Best Practices Review.
  4. ERM Update: The RC received a short update on the Enterprise Risk Management work, as well as a review of an incident report.
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."