Contractual Compliance Audit Program
ICANN's Contractual Compliance Audit objective is to ensure that contracted parties, registrars and registries comply with their agreements and the consensus policies. ICANN strives to achieve this goal first, via the prevention and informal resolution approach and second, through enforcement or formal resolution. Contractual compliance audits are an integral part of the prevention approach.
Goal of the Audit Program:
- To allow ICANN to first identify and inform the contracted parties of any contractual compliance deficiencies found.
- Properly manage and help remediate any deficiencies found
This process will ensure all contracted parties align and comply with their contractual obligations, including all consensus policies that are incorporated by reference into each of the contracts.
List of the Audit Programs
Three-Year Audit Program
The Three-Year Audit Program [PDF, 1.03 MB] which was initiated in 2012, will run for a three-year period. The goal is to audit all ICANN-accredited registrars and the Top-Level Domains (TLDs) that were launched before 2013 (except for ccTLDs, .arpa, .edu, .gov, and .mil), identify deficiencies and ensure that as many as possible are remediated and report back to the community. Each registry and registrar agreement will be randomly selected for audit over a three-year period:
- Year one (2012) – one third (1/3) of the Registry and Registrar agreements from a complete list will be randomly selected and audited.
- Year two (2013) – another one third (1/3) from the remaining list will be randomly selected and audited.
- Year three (2014) – the remaining one third of all agreements (1/3) will be audited.
The Three-Year Audit Program Scope:
- All ICANN-accredited registrars on the 2001 and 2009 RAAs
- gTLD registries with which ICANN has contracts that launched before the year 2013: .aero, .asia, .biz, .cat, .com, .coop, .jobs, .info, .mobi, .museum, .name, .net,.org, .post, .pro, .tel, .travel, and .xxx.
- Note that all agreements within scope incorporate by reference the ICANN consensus policies.
The Three-Year Audit Program Plan Guide
In an effort to promote awareness and knowledge of the provisions and test steps that are being considered in the audit plan, please refer to the following documents:
- ICANN Three Year Audit Plan Guide – Registrar [PDF, 95 KB]
- ICANN Three Year Audit Plan Guide – Registry [PDF, 83 KB]
- ICANN Three Year Audit Plan Guide – Policies [PDF, 67 KB].
This update is provided for information purposes only. Please exercise judgment in using the information contained within this update to make conclusions or business decisions.
The Three-Year Audit Pre-Audit Notifications
Please click on the Risk Mitigation Plan link for an outline of controls to address potential conflicts of interest with the Contractual Compliance Audit Partner, KPMG.
Registrar Audit Notification Template [PDF, 335 KB]
The New Registry Agreement Audit Program
The scope of the New Registry Agreement audit program includes gTLDs that signed the July 2013 base registry agreement (the "Agreement") as amended from time to time, including all its Specifications and Public Interest Commitments. Please click on the 2014 New Registry Agreement Audit Program [PDF, 714 KB] to learn more about the overall audit objectives, the audit phases and timeline, and the Registry Agreement's provision under consideration.
New Registry Agreement Audit Pre-Audit Notifications
New Registry Agreement Pre Audit Notification [PDF, 236 KB] – 2014
Registry Audit Notification Template [PDF, 332 KB]
Please refer to the Audit Program Frequently Asked Questions for additional information.
View Past Audit Reports published by Contractual Compliance by clicking here