Skip to main content

Board Risk Committee (RC) – Minutes

RC Attendees: Steve Crocker, Bill Graham, Ram Mohan, Mike Silber – Chair, Jonne Soininen, Suzanne Woolf, and Kuo-Wei Wu

Other Board Member Attendees: Erika Mann, Bruce Tonkin

ICANN Executives and Staff Attendees: Francisco Arias (Director, Technical Services), Akram Atallah (President – Global Domains Division), Edward Beck (VP, Information Technology), Susanna Bennett (Chief Operating Officer), Megan Bishop (Board Support Coordinator), Michelle Bright (Board Support Manager), Xavier Calvez (Chief Financial Officer), John Jeffrey (General Counsel and Secretary), Patrick Jones (Global Stakeholder Engagement Senior Director), Jacks Khawaja (Enterprise Risk Director), Elizabeth Le (Senior Counsel), and Amy Stathos (Deputy General Counsel)

Apologies: Gonzalo Navarro

The following is a summary of discussion, actions taken, and actions identified:

  1. DNS Risk Assessment Status Update – Staff provided an update on the DNS Risk Assessment. The RC discussed scope and methodology of the assessment and whether quality input is being received. The RC also discussed the timing of deliverables and next steps. It is anticipated that a strawman proposal will be published between the Singapore and London public meetings and a workshop to be held during the London meeting.

  2. Enterprise Risk Management Status Update – Staff provided an update on the ERM status and the progress that the ERM Team has made toward identifying key enterprise risks, risk interactions, and risk mitigation efforts. The framework has been revised to align risk mitigation to key success factors (KSFs), key performance indicators (KPIs), and metrics. This will allow for the progress of each risk mitigation strategy to be measured and tracked. It is anticipated that the collection of KSFs, KPIs, and metrics will be completed by the end of March 2014. Staff provided an update on the timeline of the comparative analysis of past and current risk assessments.

  3. IT Best Practices Review Update – Staff provided an update on the status of the IT best practices review. Some key items that have been accomplished include: the strategic plan; the development and implementation of skills based staffing strategy; a key systems rollout of the core enterprise solution which allows for the management and tracking of several ongoing concurrent development projects; auditing of systems; and business continuity planning. The RC discussed building a matrix to identify DNS risks associated with the New gTLD Program.

  4. New gTLD Risk Assessment – The RC received a report from staff regarding the status of New gTLD Program risk assessment efforts. The new risk assessment will be conducted in 2014 by an outside firm. The data from the previous assessment that was performed will be folded into consideration for the new assessment. It is anticipated that a vendor will be engaged in March 2014, and the goal is for the work to be completed by London in June 2014. The RC discussed how new gTLD risks are being evaluated by the New gTLD Program Committee and asked staff to prepare an analysis of how new gTLD risks should be addressed by the RC.

    • Action – Staff to prepare an analysis on how new gTLD risks should be addressed by the RC.

  5. Name collision – Steve Crocker and Ram Mohan abstained from this discussion, noting conflicts. Staff presented the RC with a status update on name collision.

Published on 22 March 2014

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."