Skip to main content

Minutes | Board Risk Committee (BRC) Meeting

BRC Attendees: Harald Alverstrand, Rafael Lito Ibarra (Chair), Merike Kaeo, Akinori Maemura, Kaveh Ranjbar, Matthew Shears, and Tripti Sinha

Other Board Member Attendees: Cherine Chalaby

ICANN Organization Attendees: Susanna Bennett (SVP, Chief Operating Officer). Michelle Bright (Director, Board Operations Content), Franco Carrasco (Board Operations Specialist), James Caulfield (Vice President, Risk Management), David Closson (Director, Data Center & Cloud Operations), Vinciane Koenigsfeld (Director, Board Operations), Elizabeth Le (Associate General Counsel), Ashwin Rangan (SVP Engineering & Chief Information Officer) and Amy Stathos (Deputy General Counsel)

The following is a summary of discussions, actions taken and actions identified:

  1. E&IT Report on Disaster Recovery Testing and Incident Response Tabletop Exercise - The Committee received a briefing and overview of the annual disaster recovery testing. The Disaster Recovery (DR) Plan is tested every 12 months from the July through September timeframe to ensure that it is still functional and effective. The testing is broken into two main groups. The two test groups are full interruption test group and parallel test group. The 2018 test results, which reflected that all services failed over to an alternate region successfully, have been fully collated and absorbed into the organization. The 2019 tests have been completed but the results are not yet available. The BRC also received an update on the incident response tabletop exercise, which is conducted to ensure incident response best practices are followed and that sufficient information security processes and safeguards are in place. The exercise is conducted every 24 months by an external expert "Red Team." The incident response tabletop exercise was conducted approximately four months ago. The BRC noted that the presentation on the annual disaster recovery testing and the incident response tabletop exercise will be presented to the full Board at the Montreal workshop in November 2019.
  2. Organization Risk Register Update – The Committee discussed the updates to the Organization Risk Register. The Committee is reminded that many of the Committee's discussions, including the discussion relating to the Organization Risk Register, contain highly sensitive and confidential information. The BRC reviewed the controls and mitigation in place for these updated risks. The Committee agreed to further discuss face to face whether certain risks belong on the Organization Risk Register.
  3. Meeting Materials for ICANN 66 - The Committee reviewed and discussed materials prepared for the full Board at ICANN 66, which includes a draft Board Risk Committee Report and materials for the Risk Management Workshop. The materials for the workshop are being developed and will be distributed to the Committee within the next week. The Committee was presented with a draft agenda for the workshop.

    • Action: ICANN org to prepare and circulate materials for Board workshop.
  4. BRC Activities – The Committee reviewed its activities to date, which are on target with the Committee's work plan and which include consistent risk management activities, strengthening the cadence of Committee meetings, and work on the deliverable for Board Operational Priority 3.3 (monitoring and reporting the existential threats and opportunities that may impact ICANN).
  5. Mapping Strategic Risks to the Organization Risk Register – The Committee received a briefing on mapping of strategic risks to the risks in the Organization Risk Register. It was noted that while two risks do not map directly to the Organization Risk Register; they are covered in Function Risk Registers.
  6. BRC Workplan – The Committee discussed its current workplan, which is on target and the draft workplan for FY20.

Published on 21 November 2019

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."