Skip to main content

Minutes | Board Risk Committee (RC) Meeting

Published 27 February 2016

BRC Attendees:  Rafael Lito Ibarra, Ram Mohan (Co-Chair), George Sadowsky, Mike Silber (Co-Chair), Jonne Soininen, Kuo-Wei Wu, and Suzanne Woolf

Other Board Member Attendees:  Asha Hemrajani, Markus Kummer, and Erika Mann

ICANN Executives and Staff Attendees:  Susanna Bennett (Chief Operating Officer), Megan Bishop (Board Operations Coordinator), Michelle Bright (Board Operations Content Manager), Xavier Calvez (Chief Financial Officer), Vinciane Koenigsfeld (Board Operations Content Manager), Ashwin Rangan (Chief Innovation and Information Officer), Amy Stathos (Deputy General Counsel), and Nicholas Tomasso (Vice President, Meetings)

The following is a summary of discussions, actions taken, and actions identified:

  1. BRC Workplan – Staff explained that the BRC Workplan for the 2016 calendar year will be redesigned and updated based upon BRC feedback on the roadmap of the Enterprise Risk Management (ERM) strategy implementation, milestones, and deliverables.  The Workplan will also include quarterly reviews of ICANN's cyber security efforts as well as risk assessment.
    • Actions:
      • Staff to develop an interim BRC Workplan for the next several meetings and circulate it to the BRC.
      • Staff to develop a draft 2016 Workplan and circulate it to the BRC after the ERM strategy roadmap is completed (see below).
  2. ICANN55 Security Update – Staff provided an overview of the security considerations and analysis prepared for ICANN Public Meetings including risk assessment, security planning, communications, staff preparedness, incident response, evacuation, medical support, and insurance protection.  The goal is to ensure that ICANN has sufficient security coverage for all the delegates who are attending ICANN meetings.  Some additional security measures will be implemented on a going forward basis for all ICANN meetings.  Staff provided an overview of these security measures to the SO/AC leaders, posted a security blog on the ICANN website, and posted security tips on the ICANN meetings webpage. 
    • Action:
      • Staff to prepare a meeting security framework that addresses a broader scope of security preparation and measures to be undertaken for all ICANN Public Meetings.
  3. ERM Strategy Roadmap – Staff provided background information regarding ICANN's ERM, explaining that ICANN conducted an assessment of its ERM function, with the assistance of an external firm, and produced an evaluation of the effectiveness of the ERM framework and methodology.  Subsequently, there was a Risk Workshop in September 2015 to help fine-tune the ERM strategy that should be adopted going forward.  Staff provided an overview of that strategy and roadmap, as well as the current status and target positions for each of the seven types of risk management activities.  Staff further explained that, during the Risk Workshop, the BRC had defined a conceptual horizon of three years to achieve the target positions.  The BRC discussed the categories of risk management activities, the appropriate target positions, the proposed timeline and objectives to reach each target position, as well as the key success factors used to measure progress.
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."