Minutes – Board Risk Committee (BRC) Meeting
Published on 15 June 2016
BRC Attendees: Rafael Lito Ibarra, Ram Mohan (Co-Chair), George Sadowsky, Mike Silber (Co-Chair), Jonne Soininen, Kuo-Wei Wu, and Suzanne Woolf
Other Board Member Attendees: Rinalia Abdul Rahim, Chris Disspain, Asha Hemrajani, Erika Mann, and Bruce Tonkin
ICANN Executives and Staff Attendees: Susanna Bennett (Chief Operating Officer), Xavier Calvez (Chief Financial Officer), Melissa King (VP, Board Operations), Wendy Profit (Board Operations Specialist), Ashwin Rangan (Chief Innovation and Information Officer), and Amy Stathos (Deputy General Counsel)
Invited Guests: J. Beckwith Burr
The following is a summary of discussions, actions taken, and actions identified:
BRC Workplan – Staff provided an overview of the BRC Workplan for the 2016 calendar and identified a few changes to the timing of certain topics and the format of the Workplan. The BRC discussed the scheduled updates from IT and the third-party consultant regarding ICANN’s cybersecurity and IT-related risks to ensure that such risks are appropriately mitigated.
ERM Roadmap – Staff discussed the BRC’s previous comments regarding the format of the ERM Roadmap, which were directed at ensuring ease of review and comment by the BRC members. Staff reported that staff has changed the format of the ERM Roadmap and made it available through a shared system that will allow the BRC to work collaboratively on the ERM Roadmap. The BRC discussed the process by which access can be granted to the shared system. The BRC then discussed the upcoming ICANN56 meeting in Helsinki, and whether to conduct a BRC Workshop during that meeting or sometime after that meeting.
BRC Workshop – The BRC discussed the activities for the anticipated upcoming BRC Workshop. The desired outcome would be to finalize the ERM Roadmap, following receipt of comments by the BRC members. The BRC also noted that another topic that needs to be addressed at the BRC Workshop is the best manner of engaging with the community regarding risk management, further noting that it is important that the community understands that the BRC is paying close attention to risk management and considers it a priority. The BRC also discussed potential methods of and sensitivities relating to community engagement. Staff reported that it is in the process of identifying potential IANA Stewardship Transition-related risks, and updating the list of top ten risks, both of which staff intends to present to the BRC at the Workshop.
Members of the BRC to reach out to the RSSAC, the SSAC, and the IETF and request input regarding suggested methods of community engagement with the BRC.
Updates to BRC
- Quarterly Risk Assessment – The quarterly risk assessment is in process and will be used to update the top ten risks list. Staff will review the draft with the BRC at ICANN56.
- Cybersecurity Improvements – Current cybersecurity projects are on track and staff will provide the BRC with a more in-depth review at ICANN56.
- Business Continuity Plan (BCP) – The development of the BCP is progressing. The first step, the business impact analysis, has been completed, and staff is starting development of continuity plans by function and location.