Minutes | Board Risk Committee (BRC) Meeting
BRC Attendees: Harald Alverstrand, Rafael Lito Ibarra (Chair), Merike Kaeo, Akinori Maemura, Kaveh Ranjbar, Matthew Shears, and Tripti Sinha
ICANN organization Attendees: Michelle Bright (Director, Board Operations Content), Xavier Calvez (SVP, Chief Financial Officer), Franco Carrasco (Board Operations Specialist), James Caulfield (Vice President, Risk Management), John Jeffrey (General Counsel & Secretary), Aaron Jimenez (Senior Coordinator, Board Operations), Sarmad Hussain (IDN Programs Director), Elizabeth Le (Associate General Counsel), Cyrus Namazi (SVP, Global Domains Division), Amy Stathos (Deputy General Counsel), and Christine Willett (VP, gTLD Operations)
The following is a summary of discussions, actions taken and actions identified:
- Internationalized Domain Names (IDN) Update on Variant TLDs – The BRC received a briefing on the status of the IDN variant top-level domains (TLDs) implementation and potential associated risks. In September 2010, the Board directed ICANN org to develop a report identifying what needs to be done with the evaluation, possible delegation, allocation and operation of IDN generic top-level domains (gTLDs) containing variants. Thereafter, ICANN org and the community undertook multiple studies of various scripts to understand the variant phenomenon. Based on the studies, integrated into a report titled A Study of Issues Related to the Management of IDN Variant TLDs (Report), ICANN org and the community identified two areas that needed to be addressed: the first thing needed was a definition of IDN variant TLDs, and second was an IDN variant TLD management mechanism. With respect to the definition, following community development of how to define variants, in April 2013 the Board resolved to define the variants using Root Zone Language General Rules (RZ-LGR) Procedure. The RZ-LGR Procedure has been implemented to incrementally develop the RZ-LGR to address the definition of variants. With respect to the management mechanism, ICANN org developed the Recommendations for Managing IDN Variant TLDs (Recommendations), a collection of six documents finalized after incorporating the public comment feedback. The Recommendations will be presented to the Board for consideration and approval at ICANN64. The Board will also be asked to request that the country code Names Supporting Organization and Generic Names Supporting Organization take into account the Recommendations while developing their respective policies to define and manage current and future IDN variant TLDs. Following the briefing on the status of the IDN variant TLDs implementation, the BRC discussed the possible risks and mitigation associated with the implementation efforts. There are nine risks that have been identified and documented by IDN WG, as well as their mitigation measures.
- New gTLD Risk Assessment – The BRC received an update on the risk assessment associated with the 2012 round of the new gTLD Program. In 2018, ICANN org underwent a process of reviewing the risks previously identified for the 2012 round. For the risks that were either resolved or no longer relevant, they were removed from the Organization Risk Register. The BRC discussed the analysis of possible costs associated with the remaining risks and the assumptions upon which the cost assessments are based. The BRC also noted that risk mitigation for the subsequent round would be partially leveraged on the knowledge and experience base in the organization from the 2012 round. The specific information that was presented around this topic is considered sensible and privileged.
Organization Risk Register – The BRC reviewed the Organization Risk Register, which has been updated since 31 December 2018. Two risks were removed this quarter due to either successful completion or more embedded policies and procedures and increased control effectiveness. One additional emerging risk was added relating to certain root service methods and the BRC requested additional information on the emerging risk.
- Action: ICANN org to provide BRC with additional information regarding the emerging risk relating to certain root service methods.
Published on 04 July 2019