Skip to main content

Minutes | Board Risk Committee (BRC) Meeting

BRC Attendees: Harald Alverstrand, Rafael Lito Ibarra (Chair), Merike Käo, Akinori Maemura, Kaveh Ranjbar, Nigel Roberts, and Matthew Shears

Other Board Member Attendees: Avri Doria and Danko Jevtović

ICANN Organization Attendees: Xavier Calvez (SVP, Planning and Chief Financial Officer), Franco Carrasco (Board Operations Specialist), James Caulfield (Vice President, Risk Management), David Conrad (SVP, Chief Technical Officer), Vinciane Koenigsfeld (Senior Director, Board Operations), Elizabeth Le (Associate General Counsel), Wendy Profit (Board Operations Specialist), and Amy Stathos (Deputy General Counsel)

The following is a summary of discussions, actions taken and actions identified:

  1. Organization Risk Register Update – The Committee discussed the updates to the Organization Risk Register and reviewed the controls and mitigation in place for the updated risks.
  2. Update to Risk Management Target Model – The BRC reviewed the status of the risk management target model (Model) and considered whether the Model should be updated to reflect developments since it was established. The Model was developed in 2014-2015 by ICANN org, the BRC, and external consultants, and agreed by the Board. The org's then Risk Management program was benchmarked to the Model and the gaps identified. Over the past few years, the org has worked to close those gaps. With only minor gaps remaining, and in some cases the org exceeded the target or various elements of Model, ICANN org proposes to review the Model and determine whether the target level of maturity of the various elements should be updated to reflect developments since the Model was established. The Committee discussed two actions that ICANN org intends to take during the next quarter. One action is a communications plan which includes publishing an overview paper on the org's Risk Management Framework and presenting the Risk Management Framework as part of a Finance and/or Planning session at an ICANN Public meeting. The other proposed action is to further enhance the assurance process to test and validate risk control and mitigating activities, starting in July 2021. For existing controls, a formal discussion between the risk owners and the Risk Management function will be held for each risk annually to have a thorough understanding of the controls in place and their effectiveness.
  3. BRC Report to the Board - The Committee reviewed a draft of the BRC Report to the Board, which is presented twice a year.
  4. AOB – ICANN org provided the BRC with an update on the proposed revisions to the Committee charter. Following the last BRC meeting, there were some additional revisions exchanged online, which were unanimously approved by the Committee members. The updated proposed changes to the BRC charter will be submitted to the Board Governance Committee for consideration and recommendation to the Board for approval.

The Chair then called the meeting to a close.

Published on 17 May 2021

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."