Skip to main content

Board Risk Committee (RC) – Minutes

BRC Members: Steve Crocker; Ram Mohan (Non Voting Liaison); Thomas Narten (Non Voting Liaison); Gonzalo Navarro; Mike Silber – Chair; Judith Duavit Vazquez; and Suzanne Woolf (Non Voting Liaison)

Staff Attendees: Akram Atallah – Chief Operating Officer; Edward Beck; Megan Bishop; Dan Halloran; John Jeffrey – General Counsel and Secretary; Patrick Jones; Erika Randall; and Amy Stathos

The following is a summary of discussions, decisions, and actions identified:

The Meeting was called to order at 18:35 UTC.

  1. Approval of Minutes – The BRC approved the minutes from the 16 May 2013 meeting.

  2. Review of Action Items: The BRC reviewed the open action items from the previous meeting. Regarding the alignment of the IT Best Practices Implementation plan with the Strategic Plan, the BRC agreed that due to the pending strategic planning work, this item should be slated for discussion at the BRC meeting in Durban, South Africa. Staff provided an update on the timing for hiring an Enterprise Risk Manager within ICANN. Regarding the discussion on ICANN's risk appetite and mitigation efforts, the BRC agreed to defer this topic to be considered at its meeting in Durban.

  3. IT Best Practices review and recommendations: The BRC engaged in an in-depth discussion regarding the IT Best Practices Report. This discussion was a continuation to initial conversations in previous meetings regarding the recommendations in the report. The BRC focused its discussion on what steps ICANN is currently taking or is proposing to take to address the recommendations, which included a progress report on the roll out of to replace TAS, IT governance plans, and data and security policies. The BRC also discussed the quality control processes in place for properly designing, documenting and testing systems before they are deployed. Staff presented a technology roadmap to facilitate the BRC's discussion of the consolidation of ICANN's portfolio of software.

    • Action:
      • Staff to prepare an update on actions taken or proposed to be taken in response to items identified in the IT Best Practices Report as critical or highly recommended.

      • BRC to discuss and prepare an update to the community on implementation of IT Best Practices Report recommendations after the Durban meeting.

  4. Any Other Business – The BRC discussed current and planned security measures for MyICANN.

The meeting was adjourned at 20:25 UTC.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."