Proposed Naming Function Agreement - ICANN · IANA NAMING FUNCTION AGREEMENT This IANA Naming...
-
Upload
duonghuong -
Category
Documents
-
view
232 -
download
0
Transcript of Proposed Naming Function Agreement - ICANN · IANA NAMING FUNCTION AGREEMENT This IANA Naming...
IANANAMINGFUNCTIONAGREEMENT
ThisIANANamingFunctionAgreement(this“Agreement”)isdatedasof[l]2016andisentered into by and between Internet Corporation for Assigned Names and Numbers, aCalifornianonprofitpublicbenefitcorporation(“ICANN”)and[PTI],aCalifornianonprofitpublicbenefitcorporation(the“Contractor”),and iseffectiveasof the lastdateonwhichallof theconditionssetoutinArticleIIhavebeensatisfied(the“EffectiveDate”).ICANNandContractormayeachbereferredtohereinindividuallyasa“Party”andcollectivelyasthe“Parties.”
WHEREAS,on14March2014, theU.S.National Telecommunicationsand InformationAdministration (“NTIA”) announced the transition of NTIA’s stewardship role of key Internetdomainnamefunctionstotheglobalmulti-stakeholdercommunity(the“Transition”);
WHEREAS, following the Transition, ICANN will continue to serve as the InternetAssignedNumbersAuthority(“IANA”)functionsoperator;and
WHEREAS,ICANNandContractordesiretoenterintothisAgreementpursuanttowhichContractorwillserveastheoperatorfortheIANAnamingfunctionaftertheTransition.
NOW, THEREFORE, for good and valuable consideration, the sufficiency of which isherebyacknowledged,thePartiesagreeasfollows:
ARTICLEI:DEFINITIONSANDCONSTRUCTION
Section1.1 Definitions.
(a) “Agreement”hasthemeaningsetforthinthePreamble.
(b) “ApprovedIANABudget”hasthemeaningsetforthinSection10.2.
(c) “ccNSO”hasthemeaningsetforthinSection4.7.
(d) “ccTLD”hasthemeaningsetforthinSection4.4(c).
(e) “CCOP”hasthemeaningsetforthinSection5.2(b).
(f) “Complainant”hasthemeaningsetforthinSection8.1(a).
(g) “Complaint”hasthemeaningsetforthinSection8.1(a).
(h) “Contractor”hasthemeaningsetforthinthePreamble.
(i) “CSC”hasthemeaningsetforthinSection4.9(c).
(j) “CSSReport”hasthemeaningsetforthinSection3.eofAnnexA.
2
(k) “customer”meansagTLDregistryoperator,accTLDmanagerorregistryoperatororotherdirectcustomerofContractor(e.g.,arootserveroperatororothernon-rootzonefunction).
(l) “Delegation”referstotheprocessbywhichtheoperatoroftheIANANamingFunctioninitiallyassignsmanagementresponsibilityorassignspreviouslyassignedresponsibility(afterarevocation)forthemanagementofaccTLD,asfurtherdefinedintheFOI.
(m) “DNS”meansdomainnamesystem.
(n) “DOC”hasthemeaningsetforthinSection2.1.
(o) “DS”hasthemeaningsetforthinSection1.d.iofAnnexA.
(p) “EffectiveDate”hasthemeaningsetforthinthePreamble.
(q) “FOI”hasthemeaningsetforthinSection4.7.
(r) “GAC2005ccTLDPrinciples”hasthemeaningsetforthinSection4.7.
(s) “GNSO”hasthemeaningsetforthinSection4.7.
(t) “gTLD”hasthemeaningsetforthinSection4.4(c).
(u) “IANA”hasthemeaningsetforthintheRecitals.
(v) “IANAFunctionReview”or“IFR”hasthemeaningsetforthinSection7.3(a).
(w) “IANANamingFunction”hasthemeaningsetforthinSection4.3.
(x) “IANAWebsite”hasthemeaningsetforthinSection4.6.
(y) “ICANN”hasthemeaningsetforthinthePreamble.
(z) “ICANNBoard”hasthemeaningsetforthinSection7.3(a).
(aa) “ICANN’sBylaws”meansthosecertainBylawsforInternetCorporationforAssignedNamesandNumbers,aCaliforniaNonprofitPublic-BenefitCorporation,adoptedbytheICANNBoardon27May2016,asamended.
(bb) “IFRT”hasthemeaningsetforthinSection4.9(c).
(cc) “InitialTerm”hasthemeaningsetforthinSection9.1.
3
(dd) “InterestedandAffectedParties”meansallgTLDregistryoperators,ccTLDmanagersandregistryoperators,theRootZoneEvolutionReviewCommittee,theCSC,and(ifformedandwhileinexistence)eachIFRT.
(ee) “KeyPersonnel”hasthemeaningsetforthinSection4.9(a).
(ff) “NS”hasthemeaningsetforthinSection1.d.iofAnnexA.
(gg) “NTIA”hasthemeaningsetforthintheRecitals.
(hh) “Party”or“Parties”hasthemeaningsetforthinthePreamble.
(ii) “PerformanceIssue”hasthemeaningsetforthinSection8.1(b).
(jj) “PTIBoard”hasthemeaningsetforthinSection4.9(c)(ii).
(kk) “RenewalTerm”hasthemeaningsetforthinSection9.2(a).
(ll) “Revocation”referstotheprocessbywhichtheoperatoroftheIANANamingFunctionrescindsresponsibilityformanagementofaccTLDfromanincumbentmanager,asfurtherdefinedintheFOI.
(mm) “RootZoneManagement”hasthemeaningsetforthinSection4.3(a).
(nn) “RR”hasthemeaningsetforthinSection1.d.iofAnnexA.
(oo) “SignificantlyInterestedParties”hasthemeaningsetforthintheFOI.Foravoidanceofdoubt,undertheFOIthesepartiesinclude,withoutlimitation:(i)thegovernmentorterritorialauthorityforthecountryorterritoryassociatedwiththeccTLDand(ii)anyotherindividuals,organizations,companies,associations,educationalinstitutions,orothersthathaveadirect,material,substantial,legitimateanddemonstrableinterestintheoperationoftheccTLD(s)includingtheincumbentmanager.TobeconsideredaSignificantlyInterestedParty,anypartyotherthanthemanagerorthegovernmentorterritorialauthorityforthecountryorterritoryassociatedwiththeccTLDmustdemonstrate(andshallhavetheburdentodemonstrate)thatitishasadirect,materialandlegitimateinterestintheoperationoftheccTLD(s).
(pp) “SOW”hasthemeaningsetforthinSection4.3(a).
(qq) “SP”hasthemeaningsetforthinSection4.b.iiiofAnnexA.
(rr) “Transfer”referstotheprocessbywhichtheoperatoroftheIANANamingFunctiontransfersresponsibilityformanagementofaccTLDwiththeconsentoftheincumbentmanagerandthenewmanager,asfurtherdefinedintheFOI.
4
(ss) “TLD”hasthemeaningsetforthinthedefinitionof“InterestedandAffectedParties.”
(tt) “Transition”hasthemeaningsetforthintheRecitals.
Section1.2 Construction.UnlessthecontextofthisAgreementotherwiserequires:(a)wordsofanygenderincludeeachothergender;(b)wordsusingthesingularorpluralnumberalsoincludethepluralorsingularnumber,respectively;(c)theterms“hereof,”“herein,”“hereby”andderivativeorsimilarwordsrefertothisentireAgreement;(d)theterms“Article,”“Section,”or“Annex”refertothespecifiedArticle,Section,orExhibitofthisAgreement;(e)theterm“or”has,exceptwhereotherwiseindicated,theinclusivemeaningrepresentedbythephrase“and/or”;and(f)theterm“including”or“includes”means“includingwithoutlimitation”or“includeswithoutlimitation”soastonotlimitthegeneralityoftheprecedingterm.Unlessotherwisestated,referencestodaysshallmeancalendardays.
ARTICLEII:CONDITIONSPRECEDENT
Section2.1 ConditionPrecedent.ThisAgreementshallbeeffectiveasofthelastdateonwhichthefollowingconditionshavebeensatisfied:(a)theagreementbetweenICANNandtheUnitedStatesDepartmentofCommerce(“DOC”),effectiveasof01October2012(includinganyextensionthereof)hasterminatedorexpiredand(b)ICANNhasacceptedtheresponsibilitytocoordinateandadministertheservicesthatwerepreviouslyprovidedthereunder.
ARTICLEIII:REPRESENTATIONSANDWARRANTIES
Section3.1 ICANN’sWarranties.ICANNrepresentsandwarrantsthat(a)ithasallnecessaryrightsandpowerstoenterintoandperformitsobligationsunderthisAgreement;(b)theexecution,deliveryandperformanceofthisAgreementbyICANNhasbeendulyauthorizedbyallnecessarycorporateactionanddoesnotviolateinanymaterialrespectanyapplicablelawtowhichICANNissubject;and(c)theexecution,deliveryandperformanceofthisAgreementbyICANNdonot(i)requireaconsentorapprovalunder,or(ii)conflictwith,resultinanyviolationorbreachof,constituteadefaultunder,oraccelerateanyrightsinfavorofathirdpartyunder,anyagreementbetweenICANNandathirdparty.
Section3.2 ContractorWarranties.Contractorrepresentsandwarrantsthat(a)ithasallnecessaryrightsandpowerstoenterintoandperformitsobligationsunderthisAgreement;(b)theexecution,deliveryandperformanceofthisAgreementbyContractorhasbeendulyauthorizedbyallnecessarycorporateactionanddoesnotviolateinanymaterialrespectanyapplicablelawtowhichContractorissubject;and(c)theexecution,deliveryandperformanceofthisAgreementbyContractordonot(i)requireaconsentorapprovalunder,or(ii)conflictwith,resultinanyviolationorbreachof,constituteadefaultunder,oraccelerateofanyrightsinfavorofathirdpartyunder,anyagreementbetweenContractorandathirdparty.
5
ARTICLEIV:SERVICESANDREQUIREMENTS
Section4.1 Designation.ICANNherebydesignatesContractorastheoperatoroftheIANANamingFunction,andauthorizesContractortoperformtheIANANamingFunctioninaccordancewiththetermsofthisAgreement(includingtheSOW).ICANNherebyauthorizesContractortoutilizeanyrightsandsublicensablelicensesheldbyICANNtotheextentnecessaryorusefultoperformtheIANANamingFunctioninaccordancewiththetermsofthisAgreement(includingtheSOW).Contractorherebyacceptssuchdesignation,rightsandlicensesandagreestoperformtheIANANamingFunctioninaccordancewiththetermsofthisAgreement(includingtheSOW).
Section4.2 U.S.Presence.
(a) ContractorshallbeawhollyU.S.ownedandoperatedcorporationoperatinginoneofthe50statesoftheUnitedStatesorDistrictofColumbia;(ii)incorporatedwithinthestateofCalifornia,UnitedStatesofAmerica;and(iii)organizedunderthenonprofitpublicbenefitcorporationlawsofthestateofCalifornia.
(b) ContractorshallperformtheIANANamingFunctionintheUnitedStatesandpossessandmaintain,throughouttheperformanceofthisAgreement,aphysicaladdresswithintheUnitedStates.ContractormustbeabletodemonstratethatallprimaryoperationsandsystemswillremainwithintheUnitedStates(includingtheDistrictofColumbia).ICANNreservestherighttoinspectthepremises,systems,andprocessesofallsecurityandoperationalcomponentsusedfortheperformanceoftheIANANamingFunction.
Section4.3 ScopeoftheIANANamingFunction.The“IANANamingFunction”iscomprisedof:
(a) ManagementoftheDNSRootZone(“RootZoneManagement”)inaccordancewiththeStatementofWorkattachedasAnnexAtothisAgreement(“SOW”);
(b) Managementofthe.INTtop-leveldomain;
(c) Maintenanceofarepositoryofinternationalizeddomainnametablesandlabelgenerationrulesets;and
(d) ProvisionofotherservicesandimplementationofmodificationsinperformanceoftheIANANamingFunction,ineachcaseuponICANN’srequestandinconformancewithapplicablepoliciesandprocedures.
Section4.4 PerformanceofIANANamingFunction.
(a) ContractorshallperformtheIANANamingFunctioninastableandsecuremannerandinaccordancewiththeSOW.TheIANANamingFunctionisadministrativeandtechnicalinnaturebasedonestablishedpoliciesthataredevelopedthrough
6
applicableICANNpolicydevelopmentbodiesandapprovedbyICANN,ineachcaseinaccordancewithICANN’sBylaws.
(b) ContractorshalltreattheIANANamingFunctionwithequalpriorityastheotherIANAfunctionsperformedbyContractor,andprocessallrequestspromptlyandefficiently.
(c) Contractorshallmakedecisionsbyapplyingdocumentedpoliciesconsistently,neutrally,objectively,andfairly,withoutsinglingoutanyparticularcustomerfordiscriminatorytreatment(i.e.,makinganunjustifiedprejudicialdistinctionbetweenoramongdifferentcustomers)andinamannerthatdoesnotdiscriminatebetweentypesofcustomers(whethersuchcustomersare(i)countrycodetopleveldomain(“ccTLD”)orgenerictopleveldomain(“gTLD”)registryoperators,(ii)payingornon-paying,(iii)contractedornon-contracted,or(iv)associatedwithsupportingorganizations,advisorycommitteesorothergoverningbodiesofICANNorotherwise).
(d) ContractorshallrespectthediversityofcustomersoftheIANANamingFunctionandshallprovideservicetoitscustomersinconformancewithprevailingtechnicalnorms,andinsupportoftheglobalsecurity,stabilityandresilienceoftheDNS.Ifacustomer’sreceiptofservicesisbasedonacontractbetweensuchcustomerandICANN,whilesuchcontractremainsinforceandeffect,Contractorshallcontinuetoprovideservicestosuchcustomernotwithstandinganyon-goingoranticipatedcontractualdisputesbetweenICANNandsuchcustomer.
Section4.5 SeparationofPolicyDevelopmentandOperationalRoles.ContractorshallensurethatitsstaffperformingtheIANANamingFunctiondonotpubliclyinitiate,advanceoradvocateanypolicydevelopmentrelatedtotheIANANamingFunction.Notwithstandingtheforegoing,Contractor’sstaffmay(i)respondtorequestsforinformationrequestedbyInterestedandAffectedParties,subjecttoSection12.3,and,atContractor’svolition,provideobjectiveinformationtosuchcustomers,ineachcase,toinformongoingpolicydiscussions,(ii)requestguidanceorclarificationasnecessaryfortheperformanceoftheIANANamingFunction,and(iii)publish,contributetoorcommentonanydocumentrelatedtoongoingpolicydiscussions,providedthat,inthecaseofclause(iii),theprimarypurposeofsuchpublication,contributionorcommentaryistosupplyrelevantIANANamingFunctionexperienceandinsight.
Section4.6 UserInstructions.Contractorshall,incollaborationwithitscustomers,maintainuserinstructions,includingtechnicalrequirementsfortheIANANamingFunction.Contractorshallpostsuchinstructionsatiana.org(“IANAWebsite”).
Section4.7 ResponsibilityandRespectforStakeholders.ContractorshallapplythepoliciesfortheRootZoneManagementcomponentoftheIANANamingFunctionthathavebeendefined,orafterthedateofthisAgreementarefurtherdefined,by(a)theGenericNamesSupportingOrganization(“GNSO”)andtheCountryCodeNamesSupportingOrganization(“ccNSO”),(b)theFrameworkofInterpretationofCurrentPoliciesandGuidelinesPertainingto
7
theDelegationandRedelegationofCountry-CodeTopLevelDomainNames,datedOctober2014(“FOI”),and(c)whereapplicable,the2005GovernmentalAdvisoryCommitteePrinciplesAndGuidelinesForTheDelegationAndAdministrationOfCountryCodeTopLevelDomains(“GAC2005ccTLDPrinciples”).ContractorshallpublishdocumentationpertainingtotheimplementationofthesepoliciesandprinciplesontheIANAWebsite.
Section4.8 Managementofthe.INTTLD.
(a) Contractorshalloperatethe.INTTLDwithinthecurrentregistrationpoliciesforthe.INTTLD.
(b) UpondesignationofasuccessorregistrybyICANN,ifany,ContractorshallcooperatewithICANNtofacilitatethesmoothtransitionofoperationofthe.INTTLD.Suchcooperationshall,ataminimum,includetimelytransfertothesuccessorregistryofthethen-currenttop-leveldomainregistrationdata.
Section4.9 GeneralManager;KeyPersonnel.
(a) Contractorshallprovidetrained,knowledgeabletechnicalpersonnelaccordingtotherequirementsofthisAgreement,includingthefollowingkeypersonnel:aGeneralManager,aDirectorofSecurityandaConflictofInterestOfficer(“KeyPersonnel”).AllContractorpersonnelwhointerfacewithICANNmusthaveexcellentoralandwrittencommunicationskills."Excellentoralandwrittencommunicationskills"isdefinedasthecapabilitytoconversefluently,communicateeffectively,andwriteintelligiblyintheEnglishlanguage.
(b) TheConflictofInterestOfficershallberesponsibleforensuringtheContractorisincompliancewithContractor’sinternalandexternalconflictofinterestrulesandprocedures.
(c) TheGeneralManagerofContractorshallorganize,plan,direct,staff,andcoordinatetheoverallperformanceoftheIANANamingFunction;managecontractandsubcontractactivitiesastheauthorizedinterfacewithICANNandensurecompliancewithapplicablerulesandregulations.TheGeneralManagerofContractorshallberesponsiblefortheoverallperformanceofContractorunderthisAgreementandshallmeetandconferwithICANN(includingtheCustomerStandingCommittee(“CSC”)andIANAFunctionReviewteams(“IFRT”),assuchtermsareusedinICANN’sBylaws)regardingthestatusofspecificContractoractivitiesandproblems,issues,orconflictsrequiringresolution.TheGeneralManagerofContractormustpossessthefollowingskills:
(i) demonstratedcommunicationskillswithalllevelsofmanagement;
8
(ii) capabilitytonegotiateandmakebindingdecisionsforContractor(subjecttoanyrequirementsofContractor’sBylawsandtheauthoritydelegatedtosuchpersonbytheContractor’sBoardofDirectors(“PTIBoard”));
(iii) extensiveexperienceandprovenexpertiseinmanagingsimilarmulti-taskagreementsofthistypeandcomplexity;
(iv) extensiveexperiencesupervisingpersonnel;and
(v) athoroughunderstandingandknowledgeoftheprinciplesandmethodologiesassociatedwithoperationsmanagementandcontractmanagement.
(d) ContractorshallobtaintheapprovalofICANN,afterconsultationwiththePTIBoard,priortomakingKeyPersonnelsubstitutions.ReplacementsforKeyPersonnelmustpossessqualificationsreasonablyequaltoorexceedingthequalificationsofthepersonnelbeingreplaced,unlessanexceptionisapprovedbyICANN.
Section4.10 InspectionOfAllDeliverablesAndReportsBeforePublication.
(a) PriortopublicationorpostingofreportsandotherdeliverablesanticipatedunderthisAgreement,ContractorshallobtainapprovalfromICANN,whichwillnotbeunreasonablywithheld.AnydeficienciesidentifiedbyICANNshallbecorrectedbyContractorandresubmittedtoICANNwithin10businessdaysafterContractor’sreceiptofnoticeofsuchdeficiency.
(b) ICANNreservestherighttoinspectthepremises,systemsandprocessesofallsecurityandoperationalcomponentsusedfortheperformanceofalltherequirementsandobligationssetforthinthisAgreement.
ARTICLEV:PERFORMANCE
Section5.1 ConstructiveWorkingRelationship.ContractorshallusecommerciallyreasonableeffortstomaintainaconstructiveworkingrelationshipwithICANN,therootzonemaintainerandallInterestedandAffectedPartiestoensurequalityandsatisfactoryperformanceoftheIANANamingFunction.
Section5.2 ContinuityofOperations.
(a) EitherICANNortheContractorshallprovide,ataminimum,redundantsitesinatleasttwogeographicallydispersedsiteswithintheUnitedStatesaswellasmultipleresilientcommunicationpathstocustomerstoensurecontinuationoftheIANANamingFunctionintheeventofcyberorphysicalattacks,emergencies,ornaturaldisasters.
(b) ContractorshallcollaboratewithICANNtodevelopandimplementaContingencyandContinuityofOperationsPlan(“CCOP”)fortheIANANamingFunction.
9
ContractorincollaborationwithICANNshallfromtimetotimeupdateandannuallytesttheCCOPasnecessarytomaintainthesecurityandstabilityoftheIANANamingFunction.TheCCOPshallincludedetailsonplansforcontinuationoftheIANANamingFunctionintheeventofcyberorphysicalattacks,emergencies,ornaturaldisasters.ContractorshallsubmittheCCOPtoICANNaftereachupdateandpublishontheIANAWebsiteareportdocumentingtheoutcomesoftheCCOPtestswithin90calendardaysoftheannualtest.
Section5.3 PerformanceExclusions
(a) UnlessspecificallyauthorizedbyICANNinwriting,Contractorshallnotmakemodifications,additionsor deletionstotherootzonefileorassociatedinformation.
(b) ContractorshallnotmakechangesinthepoliciesandproceduresdevelopedbytherelevantentitiesassociatedwiththeperformanceoftheIANANamingFunction.
(c) TheperformanceoftheIANANamingFunctionshallnotbe,inanymanner,predicateduponorconditionedbyContractorontheexistenceorentryintoanycontract,agreementornegotiationbetweenContractorandanyTLDregistryoperatororanyotherthirdparty.
ARTICLEVI:TRANSPARENCYOFDECISION-MAKING
Section6.1 Transparency.Toenhanceconsistency,predictabilityandintegrityinContractor’sdecision-makingrelatedtotheIANANamingFunction,Contractorshall:
(a) PublishreportspursuanttoArticleVIIandSection3oftheSOW.
(b) MakepublicalldecisionsofthePTIBoardrelatingtotheIANANamingFunction,unless,uponthedeterminationofthePTIBoard,suchdecision(i)relatestoconfidentialpersonnelmatters,(ii)iscoveredbyattorney-clientprivilege,workproductdoctrineorotherrecognizedlegalprivilege,(iii)issubjecttoalegalobligationthatContractormaintainitsconfidentialityorotherwisewouldresultinthedisclosureofconfidentialinformationofContractor’scustomers,(iv)woulddisclosetradesecrets,or(v)wouldpresentamaterialriskofnegativeimpacttothesecurity,stabilityorresiliencyoftheIANANamingFunctionortheInternet.
(c) AgreenottoredactanyPTIBoardminutesrelatedtodecisionsconcerningtheIANANamingFunction,providedthatthePTIBoardmayredactsuchminutesonthedeterminationthatsuchredactedinformation(i)relatestoconfidentialpersonnelmatters,(ii)iscoveredbyattorney-clientprivilege,workproductdoctrineorotherrecognizedlegalprivilege,(iii)issubjecttoalegalobligationthatContractormaintainitsconfidentialityorotherwisewouldresultinthedisclosureofconfidentialinformationofContractor’scustomers,(iv)woulddisclosetradesecrets,or(v)wouldpresenta
10
materialriskofnegativeimpacttothesecurity,stabilityorresiliencyoftheIANANamingFunctionortheInternet.
(d) HavetheGeneralManagerofContractorandchairpersonofthePTIBoardsignanannualattestationthatContractorhascompliedwiththerequirementsofthisSection6.1.
ARTICLEVII:AUDITS,MONITORINGANDREVIEWS
Section7.1 Audits.
(a) ContractorshallgenerateandpublishviatheIANAWebsiteamonthlyauditreportidentifying(i)eachrootzonefileandrootzone“WHOIS”databasechangerequest,and(ii)eachdelegation,redelegationandtransferofaTLDandthestatusthereof.SuchauditreportshallbeduetoICANNnolaterthan15calendardaysfollowingtheendofeachmonth.
(b) ContractorshallannuallyperformaspecializedcomplianceauditofContractor’ssecurityprovisionsrelatingtotheIANANamingFunctionagainstexistingbestpracticesandArticleXI.Thisspecializedcomplianceauditshallbeperformedbyanexternal,independentauditor.
Section7.2 PerformanceMonitoring.
(a) SolongastheCSCexistspursuanttoICANN’sBylaws,ContractoracknowledgesandagreesthattheCSCisentitledtomonitorContractor’sperformanceunderthisAgreement(includingtheSOW)inaccordancewithICANN’sBylaws.
(b) ContractorshallprovidereportstotheCSCascontemplatedbytheSOW.
(c) ContractorshallactingoodfaithtoresolveissuesidentifiedbytheCSC.
(d) ContractoracknowledgesthattheCSCshallbeempoweredtoescalateidentifiedareasofconcernassetforthinArticleVIII.
Section7.3 IANANamingFunctionReviews.
(a) ContractoracknowledgesthatICANN’sBoardofDirectors(the“ICANNBoard”)maycauseareviewbyanIFRT,relatingtotheIANANamingFunction,thisAgreementandContractor’sperformanceunderthisAgreement(includingtheSOW),inaccordancewithICANN’sBylaws(an“IANAFunctionReview”or“IFR”).
(b) ContractorshallusecommerciallyreasonableeffortstofacilitateanyIFR.ContractorshallcooperatewithanysitevisitconductedbyanIFRTthathasbeenpreviouslyapprovedbyICANNinaccordancewithICANN’sBylaws.
11
(c) ContractoragreesthatICANNmayunilaterallyamendorterminatethisAgreement(includingtheSOW)inaccordancewithanapprovedIFRRecommendation,anapprovedSpecialIFRRecommendationoranapprovedSCWGRecommendation(assuchtermsaredefinedinICANN’sBylaws),subjecttothelimitationssetforthinICANN’sBylaws.Contractoragreestoabidebyandimplementanysuchamendments.
ARTICLEVIII:ESCALATIONMECHANISMS
Section8.1 IANACustomerServiceComplaintResolutionProcess
(a) IfContractorreceivesacustomerservicecomplaint(a“Complaint”),ContractorwillreviewtheComplaintandattempttoresolveittothereasonablesatisfactionofthepersonorentitywhobroughttheComplaint(the“Complainant”)assoonasreasonablypracticable.IftheComplaintisnotsoresolved,theComplainantmayescalatethematterinwritingtoContractor’smanagementteam,inwhichcaseContractorshallnotifytheCSC.IftheComplaintisstillnotresolved,theComplainantorthePresidentofContractormayescalatethematterinwritingtoICANN’sOmbudsman.
(b) If(i)aComplainantisacustomerand(ii)aftercompletingtheescalationprocessprovidedforinSection8.1(a),theComplaintisstillnotresolved,then(A)theCSCmayconductareviewtodeterminewhethertheComplaintissubjectofapersistentperformanceissueofContractororanindicationofasystemicproblemwithContractor’sperformanceoftheIANANamingFunctionpursuanttothetermsofthisAgreement(a“PerformanceIssue”)and(B)theComplainantmay(x)requestmediation,whichshallbeconductedinamannerconsistentwiththetermsandprocesssetforthbelowinSection8.1(c)and(y)iftheissueisnotresolvedfollowingsuchmediationandtheComplaintmeetstherequirementsoftheIndependentReviewProcess,initiateanIndependentReviewProcess(asdefinedintheICANN’sBylaws).IftheCSCdeterminesthataPerformanceIssueexists,theCSCmayseekremediationofthePerformanceIssuethroughtheIANAProblemResolutionProcessdescribedinSection8.2.
(c) CustomerMediationProcess.
(i) IfaComplainantisacustomerofContractor,aftercompletingtheescalationprocessprovidedforinSection8.2(a),thecustomermayinitiatemediationbydeliveringawrittennoticetothePresidentofContractorandtheSecretaryofICANN.
(ii) ThereshallbeasinglemediatorwhoshallbeselectedbytheagreementofthecustomerandICANN.ICANNshallproposeaslateofatleastfivepotentialmediators,andthecustomershallselectamediatorfromtheslateorrequestanewslateuntilamutuallyagreedmediatorisselected.ThecustomermayrecommendpotentialmediatorsforinclusionontheslatesselectedbyICANN.ICANNshallnotunreasonablydeclinetoincludemediatorsrecommendedbythe
12
customeronproposedslatesandthecustomershallnotunreasonablywithholdconsenttotheselectionofamediatoronslatesproposedbyICANN.
(iii) ThemediatorshallbealicensedattorneywithgeneralknowledgeofcontractlawandgeneralknowledgeoftheDNSandICANN.ThemediatormaynothaveanyongoingbusinessrelationshipwithICANN,Contractororthecustomer.Themediatormustconfirminwritingthatheorsheisnot,directlyorindirectly,andwillnotbecomeduringthetermofthemediation,anemployee,partner,executiveofficer,director,consultantoradvisorofICANN,Contractororthecustomer.
(iv) ThemediatorshallconductthemediationinaccordancewiththisSection8.1(c),thelawsofCaliforniaandtherulesandproceduresofawell-respectedinternationaldisputeresolutionprovider.
(v) ThemediationwillbeconductedintheEnglishlanguageandwilloccurinLosAngelesCounty,California,unlessanotherlocationismutuallyagreedbetweenICANN,Contractorandthecustomer.
(vi) ICANN,Contractorandthecustomershalldiscussthedisputeingoodfaithandattempt,withthemediator’sassistance,toreachanamicableresolutionofthedispute.
(vii) ICANNshallbearallcostsofthemediator.
(viii) IfICANN,Contractorandthecustomerhaveengagedingoodfaithparticipationinthemediationbuthavenotresolvedthedisputeforanyreason,ICANN,Contractorandthecustomermayterminatethemediationatanytimebydeclaringanimpasse.
(ix) IfaresolutiontothedisputeisreachedbyICANN,Contractorandthecustomer,ICANN,Contractorandthecustomershalldocumentsuchresolution.
Section8.2 IANAProblemResolutionProcess.FollowingtheEffectiveDate,ContractorshallworkcooperativelywiththeCSCtodevelop“RemedialActionProcedures”forthepurposeofaddressingPerformanceIssues.IftheCSCdeterminesthataPerformanceIssueexists,theCSCmayseekresolutionofthePerformanceIssuewithContractor,inwhichcaseContractorshallcomplywithsuchRemedialActionProceduresifandtotheextenttheCSCalsocomplieswithsuchprocedures.
Section8.3 NoticeandMitigationPlan.
(a) ContractorshallpromptlyinformICANNofanyissueordisputearisingfromitsperformanceoftherequirementsandservicescontemplatedbythisAgreementpriortotheComplaintbeingescalatedpursuanttoSection8.1(a),andshallagreewithICANNonaplantoresolvetheComplaint.
13
(b) If,foranyreason,ContractorfailstomeetanyoftherequirementsofthisAgreement,Contractorshall(i)conductananalysisofitsoperationstodeterminetherootcauseofsuchfailure,(ii)developamitigationplantoavoidtherootcauseofsuchfailurefromoccurringinthefuture,and(iii)deliverthereporttoICANNuponitscompletion.ContractorshallmodifyandupdateanymitigationplanasdirectedbyICANN.
ARTICLEIX:TERM;RENEWAL;TRANSITIONANDTERMINATION
Section9.1 InitialTerm.TheinitialtermofthisAgreementwillbe[five]yearsfromtheEffectiveDate(the“InitialTerm”).
Section9.2 Renewal;Termination.
(a) ThisAgreementwillbeautomaticallyrenewedforsuccessiveperiodsof[fiveyears](each,a“RenewalTerm”)upontheexpirationoftheInitialTermandeachsuccessiveRenewalTerm,unless(i)ICANNterminatesthisAgreementpursuanttoanSCWGRecommendationarisingfromanIANANamingFunctionSeparationProcess(asdefinedinICANN’sBylaws)approvedinaccordancewithICANN’sBylawsor(ii)ICANNelectsnottorenewtheInitialTermoranyRenewalTermthereafterpursuanttoanIFRRecommendation,SpecialIFRRecommendation,orSCWGRecommendation(assuchtermsaredefinedinICANN’sBylaws)approvedinaccordancewithICANN’sBylawsbyprovidingContractorwithnotlessthantwelvemonthspriorwrittennotice.AnyterminationorelectionbyICANNtonotrenewthisAgreementunderthisSection9.2mustbeapprovedbytheICANNBoardtobeeffectivehereunder.
(b) SubjecttoSection9.2(a),thefirstRenewalTermshallcommenceimmediatelyfollowingtheendoftheInitialTermandeachRenewalTermthereaftershallcommenceimmediatelyfollowingtheendoftheprecedingRenewalTerm.EachRenewalTermshallendonthe[fifth]anniversaryofthecommencementoftheRenewalTerm.
Section9.3 Transition.
(a) Contractorshalldevelopandmaintain,withICANNinput,aplaninplacefortransitioningtheIANANamingFunctiontoasuccessorprovidertoensureanorderlytransitionwhilemaintainingcontinuityandsecurityofoperations,includinginconnectionwiththenonrenewalofthisAgreementand/ordivestitureorotherreorganizationofPTIbyICANNascontemplatedbyICANN’sBylaws.ThetransitionplanshallbesubmittedtoICANNandpostedtotheIANAWebsitewithin18monthsaftertheEffectiveDate.Theplanshallthereafterbereviewedannuallyandupdatedasappropriate.
(b) ContractorshallprovidesupportandcooperationtoICANN,andtoanysuccessorprovideroftheIANANamingFunction,inordertoeffectanorderly,stable,secureandefficienttransitionoftheperformanceoftheIANANamingFunction.
14
(c) ContractoragreestobeengagedinthetransitionplanandtoprovideappropriatetransitionstaffandexpertisetofacilitateastableandsecuretransitionoftheIANANamingFunctiontoasuccessorprovider.
(d) ICANN,inconjunctionwiththeCSCasnecessary,shallreviewthetransitionplanatleasteveryfiveyears.
Section9.4 SurvivalofTerms.UpontheexpirationorterminationofthisAgreementunderthisArticleIX,thisAgreementshallbecomewhollyvoidandofnofurtherforceandeffect,andfollowingsuchexpirationorterminationnoPartyshallhaveanyliabilityunderthisAgreementtotheotherParty,exceptthateachPartyheretoshallremainliableforanybreachesofthisAgreementthatoccurredpriortoitsexpirationortermination;provided,however,thatthefollowingprovisionsshallsurvivetheexpirationorterminationofthisAgreement:Section9.3,ArticleXII,ArticleXIII,Section14.2throughSection14.16andthisSection9.4.
ARTICLEX:RESOURCES,FEESANDBUDGET
Section10.1 ResourcesandFees.
(a) ICANNshallprovideormakeavailabletoContractorthenecessarypersonnel(includingsecondedemployees),material,equipment,servicesandotherresourcesandfacilitiestoperformContractor’sobligationsunderthisAgreement,includingfundinginaccordancewiththeApprovedIANABudget.
(b) ContractormaynotchargeorcollectfeesfromthirdpartiesrelatedtotheperformanceoftheIANANamingFunctionwithoutthepriorwrittenconsentofICANN.
(c) AnyfeesapprovedbyICANNandchargedbyContractorrelatingtotheIANANamingFunctionwillbebasedontheactualcostsincurred,andvalueoftheresourcesutilized,byContractortoperformtheIANANamingFunction.
(d) ICANNacknowledgesandagreesthattheperformancebyContractoroftheIANANamingFunctionisconditioneduponthefullandcompleteperformanceofalloftheservicesandobligationsrequiredofICANNundertheServicesAgreementbetweenICANNandContractor.
Section10.2 Budget.ContractorshallcomplywiththerequirementssetforthinitsBylawsrelatingtopreparing,submittingandmonitoringanannualbudget.ICANNwillmeetannuallywiththeGeneralManagerofContractortoreviewtheannualbudgetfortheIANANamingFunction,whichshallbeapprovedinaccordancewithContractor’sBylawsandICANN’sBylaws(“ApprovedIANABudget”).
ARTICLEXI:SECURITYREQUIREMENTS
Section11.1 ComputingSystems.WithrespecttotheperformanceoftheIANANamingFunction,Contractorshallinstallandoperateallcomputingandcommunicationssystemsin
15
accordancewithbestbusinessandsecuritypractices.ICANNandContractorshallimplementasecuresystemforauthenticatedcommunicationstoContractor’scustomerswhencarryingouttheIANANamingFunctionpursuanttothetermsofthisAgreement.ICANNandContractorshalldocumentpracticesandconfigurationofallsystems.
Section11.2 NotificationSystems.Contractorshallimplementandthereafteroperateandmaintainasecurenotificationsystemataminimum,capableofnotifyingTLDregistryoperators,ofsucheventsasoutages,plannedmaintenance,andnewdevelopments.Inallcases,ContractorshallnotifyICANNofanyoutages.
Section11.3 Data.Contractorshallensuretheauthentication,integrity,andreliabilityoftheservicedatainperformingtheIANANamingFunction.
Section11.4 SecurityPlan.ICANNshallcoordinatewithContractortodevelopandexecuteasecurityplanthatmeetstherequirementsofthisAgreementandthisArticleXI.ICANNandContractorshalldocumentinthesecurityplantheprocessusedtoensureinformationsystemsincludinghardware,software,applications,andgeneralsupportsystemshaveeffectivesecuritysafeguards,whichhavebeenimplemented,plannedfor,anddocumented.Contractorshall,incoordinationwithICANN,performperiodicreviewsofthesecurityplanandupdatetheplanasnecessary.
Section11.5 DirectorofSecurity.Contractor’sDirectorofSecurityshallberesponsibleforensuringContractor’scompliancewiththetechnicalandphysicalsecuritymeasuresandrequirementsofthisAgreement.
ARTICLEXII:CONFIDENTIALITY
Section12.1 Confidentiality.Contractoragrees,intheperformanceofthisAgreement,tokeeptheinformationfurnishedbyICANNoracquiredordevelopedbyContractorinperformanceofthisAgreementanddesignatedbyICANN,inthestrictestconfidence.Contractoralsoagreesnottopublishorotherwisedivulgesuchinformation,inwholeorinpart,inanymannerorform,nortoauthorizeorpermitotherstodoso,andshalltakereasonablemeasurestorestrictaccesstosuchinformationwhileinContractor'spossession,tothoseemployeesneedingsuchinformationtoperformtheworkdescribedherein,i.e.,ona“needtoknow”basis.ContractoragreestoimmediatelynotifyICANNinwritingintheeventthatContractordeterminesorhasreasontosuspectabreachofthisrequirementhasoccurred.
Section12.2 Consent.ContractoragreesthatitwillnotdiscloseanyinformationdescribedinSection12.1toanypersonunlesspriorwrittenapprovalisobtainedfromICANN.Contractoragreestoinsertthesubstanceofthisclauseinanyconsultantagreementorsimilaragreement.
16
ARTICLEXIII:INTELLECTUALPROPERTY
Section13.1 Ownership.AsbetweenICANNandContractor,ICANNshallownallintellectualpropertyconceived,reducedtopractice,createdorotherwisedevelopedbyContractorunderthisAgreement(includingtheSOW).
Section13.2 Assignment.Contractorshallassign,andshallcauseallofitsemployeesandcontractorstoassign,allrightsinanypatentablesubjectmatter,patentapplications,copyrights,tradesecretsandallotherintellectualpropertycreatedbytheContractor,itsemployeesorcontractorspursuanttothisAgreementtoICANN.
Section13.3 WorkforHire.Withrespecttocopyright,allworkperformedbyContractorpursuanttothisAgreement(includingtheSOW)isa“workforhire”andICANNshallbedeemedtheauthorandshallownallcopyrightableworkscreatedbyContractorhereunder,andallcopyrightrightsthereto.Intheeventthisisnotdeemedaworkforhireagreement,ContractorherebyassignsandagreestoassignownershipoftheforegoingcopyrightableworksandcopyrightstoICANN.
Section13.4 License.ICANNshalllicensebackanypatents,patentapplications,copyrightsandtradesecretstoContractorforthedurationoftheTermsolelytotheextentnecessaryforContractortoperformitsobligationsunderthisAgreement.Thislicenseshallbenon-exclusive,non-assignable,non-sublicensable,non-transferableandroyalty-free.
ARTICLEXIV:MISCELLANEOUS
Section14.1 Indemnification.SolongasContractorisanaffiliateofICANN(i.e.ICANNisthesolememberofContractor,withtheabilitytoelectatleastamajorityofthedirectorsofthePTIBoard),ICANNshallindemnifyandholdharmlessContractor,itsofficers,agents,andemployeesfromliabilityofanynatureorkind,includingcostsandexpensestowhichtheymaybesubject,fororonaccountofanyorallthird-partyclaims,suitsordamagesofanycharacterwhatsoever,(i)resultingfrominjuriesordamagessustainedbyanypersonorpersonsorpropertybyvirtueofContractor’sperformanceofthisAgreementorfailuretoperformunderthisAgreement,or(ii)arisingorresultinginwholeorinpartfromthefault,negligence,wrongfulactorwrongfulomissionofICANNoranyofitssubcontractors(otherthanContractor),ortheirrespectiveemployeesoragents.
Section14.2 Notices.AllnoticestobegivenunderorinrelationtothisAgreementwillbegiveneither(i)inwritingattheaddressoftheappropriatePartyassetforthbelowor(ii)viaelectronicmailasprovidedbelow,unlessthatPartyhasgivenanoticeofchangeofpostaloremailaddress,asprovidedinthisAgreement.
IftoICANN:
InternetCorporationforAssignedNamesandNumbers12025WaterfrontDrive,Suite300
17
LosAngeles,CA90094-2536Attn:PresidentandChiefExecutiveOfficerPhone: +1-310-301-5800Email:[●]
Withacopyto(whichshallnotconstitutenotice):
InternetCorporationforAssignedNamesandNumbers12025WaterfrontDrive,Suite300LosAngeles,CA90094-2536Attn:GeneralCounselPhone: +1-310-301-5800Email:[●]
Withacopyto(whichshallnotconstitutenotice):
InternetCorporationforAssignedNamesandNumbers12025WaterfrontDrive,Suite300LosAngeles,CA90094-2536Attn:President,GlobalDomainsDivisionPhone: +1-310-301-5800Email:[●]
IftoContractor:
[Contractor]12025WaterfrontDrive,Suite300LosAngeles,CA90094-2536Attn:[●]Phone: [●]Email:[●]
Withacopyto(whichshallnotconstitutenotice):
InternetCorporationforAssignedNamesandNumbers12025WaterfrontDrive,Suite300LosAngeles,CA90094-2536Attn:GeneralCounselPhone: +1-310-301-5800Email:[●]
AnynoticerequiredbythisAgreementwillbedeemedtohavebeenproperlygiven(i)ifinpaperform,whendeliveredinpersonorviacourierservicewithconfirmationofreceiptor(ii)ifbyelectronicmail,uponconfirmationofreceiptbytherecipient’semailserver,providedthatsuchnoticeviaelectronicmailshallbefollowedbyacopysentbyregularpostalmailservice
18
withinthreecalendardays.Intheeventothermeansofnoticebecomepracticallyachievable,suchasnoticeviaasecurewebsite,thepartieswillworktogethertoimplementsuchnoticemeansunderthisAgreement.
Section14.3 Amendments.ExceptasprovidedinSection7.3(c),anytermorprovisionofthisAgreementmaybeamended,andtheobservanceofanytermofthisAgreementmaybewaivedonlybyaphysicalwritingreferencingthisAgreement,andeither(a)manuallysignedbythePartiestobeboundor(b)digitallysignedbythePartiestobebound.NothinghereinshalllimitSection7.3(c)aboveorICANN’sobligationsunderICANN’sBylawstotheextentrelatedtoICANN’scommitmentsrelatedtotheamendmentormodificationofthisAgreement,includingtheabilitytoamendthisAgreementpursuanttoanapprovedIFRRecommendation,anapprovedSpecialIFRRecommendationoranapprovedSCWGRecommendation,eachassetforthinICANN’sBylaws.
Section14.4 Waiver.AnytermorprovisionofthisAgreementmaybewaived,orthetimeforitsperformancemaybeextended,bythePartyorPartiesentitledtothebenefitthereof.AnysuchextensionorwaivershallbevalidlyandsufficientlyauthorizedforthepurposesofthisAgreementif,astoanyParty,itisauthorizedinwritingbyanauthorizedrepresentativeofthePartyentitledtothebenefitsofanysuchwaivedtermorprovision.ThefailureordelayofanyPartytoassertorenforceatanytimeanyprovisionof,oranyofitsrightsunder,thisAgreementshallnotbeconstruedtobeawaiverofsuchprovision,norinanywaytoaffectthevalidityofthisAgreementoranyparthereofortherightofanyPartythereaftertoenforceeachandeverysuchprovision.NowaiverofanybreachofthisAgreementshallbeheldtoconstituteawaiverofanyotherorsubsequentbreach.
Section14.5 Severability.IfanyprovisionofthisAgreementshouldbefoundbyacourtofcompetentjurisdictiontobeinvalid,illegalorunenforceable,thevalidity,legalityandenforceabilityoftheremainingprovisionsshallnotbeaffectedorimpairedthereby.
Section14.6 AssignmentandSubcontracting.
(a) NeitherPartymayassignortransferthisAgreement,oranyobligationunderthisAgreement(inwholeorinpart,andwhethervoluntarily,involuntarily,orbyoperationofLaw)withouttheotherParty’spriorwrittenconsent.
(b) PTIshallnotsubcontractalloranyportionofitsrightsorobligationsunderthisAgreement.
Section14.7 GoverningLaw.ThePartiesagreethatthisAgreement,andanyandalldisputesarisingoutoforrelatedtothisAgreement,shallbegovernedby,construed,andenforcedinallrespectsinaccordancewiththeLawsoftheStateofCalifornia,UnitedStatesofAmerica,excludingitsconflictoflawsrules.EachPartyexpresslywaivesanyclaimthatthejurisdictionofsuchcourtwithrespecttopersonaljurisdictionisimproperorthatthevenueisinconvenientorimproper.
19
Section14.8 Third-PartyBeneficiaries.NoprovisionofthisAgreementisintendedto,norshallbeinterpretedto,provideorcreateanyrights,benefitsoranyotherinterestofanykindinanythirdpartyorcreateanyobligationsofICANNorContractortoanythirdparty.
Section14.9 EnglishVersion.IfthisAgreementistranslatedintoanylanguageotherthanEnglish,andifthereisaconflictbetweentheEnglishversionandthetranslatedversion,thentheEnglishversionshallprevailinallrespects.
Section14.10 SavingsClause.Anydelay,nonperformanceorotherbreachbyaPartyofitsobligationsunderthisAgreementandanyliabilitytherefor,shallbeexcusedtotheextentsuchfailureiscausedbytheotherParty’sactsoromissionsortheactsoromissionsofsuchParty’semployeesorcontractors,includingsuchParty’sfailuretoperformitsobligationsunderthisAgreement.
Section14.11 CumulativeRemedies.Exceptasotherwiseexpresslyprovided,allremediesprovidedforinthisAgreementshallbecumulativeandinadditionto,andnotinlieuof,anyotherremediesavailabletoeitherParty.
Section14.12 Counterparts.ThisAgreementmaybeexecutedincounterparts,allofwhichtakentogethershallconstituteonesingleagreementbetweentheParties.
Section14.13 Headings.ThePartiesagreethattheheadingsusedinthisAgreementareforeaseofreferenceonlyandshallnotbetakenintoaccountininterpretingtheAgreement.
Section14.14 FurtherAssurances.SubjecttothetermsandconditionsofthisAgreement,eachofICANNandContractoragreestousecommerciallyreasonablebesteffortstotake,orcausetobetaken,allappropriateaction,andtodo,orcausetobedone,allthingsreasonablynecessary,properoradvisableunderapplicablelawstomakeeffectivethetransactionscontemplatedbythisAgreement.
Section14.15 EntireAgreement.ThisAgreement,includingallstatementsofwork,schedules,exhibitsorotherattachmentshereto,constitutestheentireunderstandingandagreementbetweenICANNandContractorwithrespecttothesubjectmatterofthisAgreement,andsupersedesanyandallpriororcontemporaneousoralorwrittenrepresentation,understanding,agreementorcommunicationrelatingthereto.
[SignaturePageFollows]
INWITNESSWHEREOF,thePartieshavecausedthisAgreementtobedulyexecutedasofthedatesetforthbelow.
INTERNETCORPORATIONFORASSIGNEDNAMESANDNUMBERS
By:_________________________________ (Signature)
____________________________________Name(print)
____________________________________Title
[CONTRACTOR]
By: ________________________________ (Signature)
____________________________________ Name(print)
____________________________________Title
21
ANNEXA:STATEMENTOFWORKFORMANAGEMENTOFTHEDNSROOTZONE
1. ROOTZONEMANAGEMENT
a. TheRootZoneManagementcomponentoftheIANANamingFunctionistheadministrationofcertainresponsibilitiesassociatedwiththeInternetDNSrootzonemanagement.
b. ContractorshallcollaboratewiththeCSCtodevelop,maintain,enhanceandpostperformancestandardsforRootZoneManagement.Specifically,ContractorshallperformRootZoneManagementinaccordancewiththeservicelevelssetforthinSection2.
c. ContractorshallalsoimplementDNSSECinallzonesforwhichICANNhastechnicaladministrationauthority.
d. Contractorshallfacilitateandcoordinatetherootzoneofthedomainnamesystem,andmaintain24hour-a-day/7days-a-weekoperationalcoverage.ContractorshallworkcollaborativelywiththeRootZoneMaintainer,intheperformanceofthisfunction.
i. ContractorshallreceiveandprocessrootzonefilechangerequestsforTLDs.ThesechangerequestsincludeadditionofneworupdatestoexistingTLDnameservers(“NS”)anddelegationsigner(“DS”)resourcerecord(“RR”)informationalongwithassociated“glue”(AandAAAARRs).AchangerequestmayalsoincludenewTLDentriestotherootzonefile.ContractorshallprocessrootzonefilechangesasspecifiedinSection2ofthisAnnexA.
ii. Contractorshallmaintain,update,andmakepubliclyaccessibleaRootZoneregistrationdatabasewithcurrentandverifiedcontactinformationforallTLDregistryoperators.TheRootZoneregistrationdatabase,ataminimum,shallconsistofthefollowingdatafields:domainstatusandcontactpointsforresolvingissuesrelatingtotheoperationofthedomain(comprisedofatleastorganizationalname,postaladdress,emailaddressandtelephonenumber).ContractorshallreceiveandprocessrootzoneregistrationdatachangerequestsforTLDs.
iii. ContractorshallapplyexistingpoliciesinprocessingrequestsrelatedtotheDelegation,RevocationandTransferofccTLDs,includingRFC1591,theFOIandanyfurtherclarificationofthesepoliciesdevelopedbytheccNSOandapprovedbytheICANNBoard.ContractorshallrespecttheGAC2005ccTLDPrincipleswhereapplicable.Ifanexistingpolicyframeworkdoesnotcoveraspecificsituation,ContractorwillusecommerciallyreasonableeffortstoconsultwithSignificantlyInterested
22
Partiesand,wherenecessary,mayrequesttheccNSOtoundertakepolicydevelopmentworktoaddresssuchissues.
iv. ContractorshallapplyexistingpolicyframeworksinprocessingrequestsrelatedtoretirementofaccTLD,suchasRFC1591,theFOIandanyfurtherclarificationofthesepoliciesdevelopedbytheccNSOandapprovedbytheICANNBoard.Ifanexistingpolicydoesnotcoveraspecificsituation,ContractorwillusecommerciallyreasonableeffortstoconsultwithSignificantlyInterestedPartiesand,wherenecessary,mayrequesttheccNSOtoundertakepolicydevelopmentworktoaddresssuchissues.
v. ContractorshallverifythatallrequestsrelatedtothedelegationandredelegationofgenericTLDsareconsistentwiththeproceduresdevelopedbyICANN.
vi. Contractorshallmaintainanautomatedrootzonemanagementsystemthat,ataminimum,includes(A)asecure(encrypted)systemforcustomercommunications;(B)anautomatedprovisioningprotocolallowingcustomerstomanagetheirinteractionswiththerootzonemanagementsystem;(C)anonlinedatabaseofchangerequestsandsubsequentactionswherebyeachcustomercanseearecordoftheirhistoricrequestsandmaintainvisibilityintotheprogressoftheircurrentrequests;(D)atestsystem,whichcustomerscanusetomeetthetechnicalrequirementsforachangerequest;and(E)aninternalinterfaceforsecurecommunicationsbetweentheContractorandtheRootZoneMaintainer.
2. SERVICELEVELS
a. ContractorshallperformtheServices inaccordancewiththefollowing“ServiceLevels”. The expectation is that Contractor will normally perform within thethreshold.Thethresholdswillbemodifiedovertimeaspartofperiodicreviewsof the service level expectation. A subset of the followingmeasures relate tomeasurementofnon-routinechangeswhereitisnotapplicabletosetaspecificthreshold for performance. It is expected for measurements of non-routineprocess steps these will only be reported with no applicable service levelexpectation.
b. ServicesDefinitions
i. CategoryI(RoutineupdatesimpactingRootZoneFile).RoutinechangerequeststhatalterthetechnicaldatapublishedintheDNSrootzone(e.g.changestoNSrecords,DSrecordsandgluerecords).Athirdpartymaybeengagedtocompile,publishanddistributetherootzone.
23
ii. CategoryII(RoutineupdatesnotimpactingRootZoneFile).RoutinechangerequeststhatdonotaltertheDNSrootzone(e.g.,contactdataandmetadata).Thesechangesdonotrequirechangestotherootzone.
iii. CategoryIII(CreatingorTransferringagTLD).Requeststocreate(“delegate”)ortransfer(“redelegate”or“assign”)agenericTLD.ThesechangesrequireadditionalprocessingbyContractortoensurepolicyandcontractualrequirementsassociatedwithachangeofcontrolfortheTLDaremet.
iv. CategoryIV(CreatingorTransferringaccTLD).Requeststocreateortransferacountry-codeTLD.ThesechangesrequireadditionalprocessingbyContractortoensurepolicyrequirementsaremet.Thisprocessingincludesadditionalanalysisonthechangerequest,productionofareport,andreviewofthereport(includingverificationthatallexistingregistrationdatahasbeensuccessfullytransferredfromtheoldtonewregistryoperator).
v. CategoryV(Otherchangerequests).Othernon-routinechangerequests.Contractorisrequiredtoprocesschangerequeststhatmayhavespecialhandlingrequirements,orrequireadditionaldocumentaryevidenceorclarificationsfromthecustomerorthirdparties,thatpreventautomatingthehandlingoftherequest.Theserequestsinclude,butarenotlimitedto:
1. Customersthatrequirerequeststobehandledoutsidetheonlineself-serviceplatform,suchasthoselodgingchangerequeststhroughtheexchangeofpostalmail;
2. CustomersthathaveplacedspecialhandlinginstructionsonfilewithContractor,orhaveotherwiseaskedforspecialhandlingforarequestthatdeviatesfromthenormalprocess,resultingintherequestbeingexecutedmanually;
3. Uniquelegalorregulatoryencumbrancesthatmustbesatisfiedthatrequireadditionalprocessing;
4. RemovingaTLDfromservice(i.e.retirementorrevocation);and
5. Changesthatrelatetotheoperationoftherootzoneitself,includingchangingtheRootKeySigningKey,alteringthesetofauthoritativenameserversfortherootzone(i.e.the“rootservers”),andchangestothe“roothints”.
c. ServiceLevels
24
i. Thefieldsinthefollowingtablesareasfollows:
1. Process. The business process that Contractor is requested toperform.
2. Metric.Theindividualmetricthatwillbemeasuredaspartofthecompletionofthebusinessprocess.
3. Threshold. The specified target for each individual changerequest.
4. Type. Whether the threshold specified is a minimum target(compliance must not be less than the target) or a maximumtarget(compliancemustnotbemorethanthetarget).
5. Compliance. The percentage that the target goal in aggregatemustbemetorexceededwithinthespecifiedtimeperiodforallrequestsinthespecifiedcategory.
6. Period.Thetimeoverwhichcomplianceismeasured.(TheperiodofcollectingmeasurementstomeettheServiceLevelAgreement(SLA)).
ii. ProcessPerformance. Total Contractor transaction time for emergencychangesshouldbecompletedwithinatargetof12hoursuntilreviewedbytheCSCwithContractor.
ProcessCategory Metric Threshold Type Compliance PeriodCategoryI—RoutineupdatesimpactingRootZoneFile(NS,DSandgluerecords)
SubmissionTimeforticketconfirmationtobesenttorequesterfollowingreceiptofchangerequestviaautomatedsubmissioninterface
TimeforlodgmentofchangerequestintoRZMSbyContractoronbehalfofrequestsentbyemail
TechnicalChecksTimetoreturnresultsfortechnicalchecksfollowingsubmissionofrequestviaautomated
25
ProcessCategory Metric Threshold Type Compliance PeriodsubmissioninterfaceTimetoreturnresultsforsubsequentperformanceoftechnicalchecksduringretestingduetoearlierfailedtests
ContactConfirmationTimeforauthorizationcontactstobeaskedtoapprovechangerequestaftercompletingpreviousprocessphase
TimeforresponsetobeaffirmedbyContractor
ContractorReviewandProcessingTimetocompleteallothervalidationsandreviewsbyContractorandreleaserequestforimplementation
SupplementalTechnicalChecksTimetoreturnresultsforperformanceoftechnicalchecksduringSupplementalTechnicalCheckphase
ImplementationofChangesTimeforrootzonechangestobepublishedfollowingcompletionofvalidationsandreviewsbyContractor
Timetonotifyrequesterofchangecompletionfollowingpublicationofrequestedchanges
CategoryII—RoutineupdatesnotimpactingRootZoneFile(Contactdetailsandmetadata)
SubmissionTimeforticketconfirmationtobesenttorequesterfollowingreceiptofchangerequestviaautomated
26
ProcessCategory Metric Threshold Type Compliance PeriodsubmissioninterfaceTimeforlodgmentofchangerequestintoRZMSbyContractoronbehalfofrequestsentbyemail
TechnicalChecksTimetoreturnresultsfortechnicalchecksfollowingsubmissionofrequestviaautomatedsubmissioninterface
Timetoreturnresultsforsubsequentperformanceoftechnicalchecksduringretestingduetoearlierfailedtests
ContactConfirmationTimeforauthorizationcontactstobeaskedtoapprovechangerequestaftercompletingpreviousprocessphase
TimeforresponsetobeaffirmedbyContractor
ContractorReviewandProcessingTimetocompleteallothervalidationsandreviewsbyContractorandreleaserequestforimplementation
SupplementalTechnicalChecksTimetoreturnresultsforperformanceoftechnicalchecksduringSupplementalTechnicalCheckphase
ImplementationofChangesTimeforrootzonechangestobepublishedfollowingcompletionofvalidationsandreviews
27
ProcessCategory Metric Threshold Type Compliance PeriodbyContractorTimetonotifyrequesterofchangecompletionfollowingpublicationofrequestedchanges
CategoryIII—CreatingorTransferringagTLD
SubmissionTimeforticketconfirmationtobesenttorequesterfollowingreceiptofchangerequestviaautomatedsubmissioninterface
TimeforlodgmentofchangerequestintoRZMSbyContractoronbehalfofrequestsentbyemail
TechnicalChecksTimetoreturnresultsfortechnicalchecksfollowingsubmissionofrequestviaautomatedsubmissioninterface
Timetoreturnresultsforsubsequentperformanceoftechnicalchecksduringretestingduetoearlierfailedtests
ContactConfirmationTimeforauthorizationcontactstobeaskedtoapprovechangerequestaftercompletingpreviousprocessphase
TimeforresponsetobeaffirmedbyContractor
ContractorReviewandProcessingTimetocompleteallothervalidationsandreviewsbyContractorandreleaserequestforimplementation
28
ProcessCategory Metric Threshold Type Compliance PeriodSupplementalTechnicalChecks
TimetoreturnresultsforperformanceoftechnicalchecksduringSupplementalTechnicalCheckphase
ImplementationofChangesTimeforrootzonechangestobepublishedfollowingcompletionofvalidationsandreviewsbyContractor
Timetonotifyrequesterofchangecompletionfollowingpublicationofrequestedchanges
CategoryIV—CreatingorTransferringaccTLD
Submission
Timeforticketconfirmationtobesenttorequesterfollowingreceiptofchangerequestviaautomatedsubmissioninterface
TimeforlodgmentofchangerequestintoRZMSbyContractoronbehalfofrequestsentbyemail
TechnicalChecks Timetoreturnresultsfor
technicalchecksfollowingsubmissionofrequestviaautomatedsubmissioninterface
Timetoreturnresultsforsubsequentperformanceoftechnicalchecksduringretestingduetoearlierfailedtests
29
ProcessCategory Metric Threshold Type Compliance Period ContactConfirmation Timeforauthorization
contactstobeaskedtoapprovechangerequestaftercompletingpreviousprocessphase
TimeforresponsetobeaffirmedbyContractor
ContractorReviewandProcessing Timetocompleteall
othervalidationsandreviewsbyContractorandreleaserequestforimplementation
Timeforthird-partyreviewofrequest(e.g.byICANNBoardofDirectors,PTIBoardorotherrelevantverificationparties)
SupplementalTechnicalChecks Timetoreturnresultsfor
performanceoftechnicalchecksduringSupplementalTechnicalCheckphase
ImplementationofChanges Timeforrootzone
changestobepublishedfollowingcompletionofvalidationsandreviewsbyContractor
Timetonotifyrequesterofchangecompletionfollowingpublicationofrequestedchanges
CategoryV—Otherchangerequests(i.e.non-routinechangerequests)
SubmissionTimeforticketconfirmationtobesenttorequesterfollowingreceiptofchangerequestviaautomated
30
ProcessCategory Metric Threshold Type Compliance PeriodsubmissioninterfaceTimeforlodgmentofchangerequestintoRZMSbyContractoronbehalfofrequestsentbyemail
TechnicalChecksTimetoreturnresultsfortechnicalchecksfollowingsubmissionofrequestviaautomatedsubmissioninterface
Timetoreturnresultsforsubsequentperformanceoftechnicalchecksduringretestingduetoearlierfailedtests
ContactConfirmationTimeforauthorizationcontactstobeaskedtoapprovechangerequestaftercompletingpreviousprocessphase
TimeforresponsetobeaffirmedbyContractor
ContractorReviewandProcessingTimetocompleteallothervalidationsandreviewsbyContractorandreleaserequestforimplementation
SupplementalTechnicalChecksTimetoreturnresultsforperformanceoftechnicalchecksduringSupplementalTechnicalCheckphase
ImplementationofChangesTimeforrootzonechangestobepublishedfollowingcompletionofvalidationsandreviews
31
ProcessCategory Metric Threshold Type Compliance PeriodbyContractorTimetonotifyrequesterofchangecompletionfollowingpublicationofrequestedchanges
d. Accuracy
Metric Measurement Threshold Type Compliance PeriodRootzonefiledatapublishedintherootzonematchesthatprovidedinthechangerequest
Accuracy 100% Min <100%
Rootzonedatabaseiscorrectlyupdatedinaccordancewithchangerequests(doesnotincludeimpactofnormalizationandotherprocessingstandardization-whichinanyeventshallneverdetrimentallyimpacttheupdate)
Accuracy 100% Min <100%
e. OnlineServicesAvailabilityandEnquiryProcessing
Metric Threshold Type Compliance Period
RZMSavailability
—availabilityof
anonline
interactiveweb
servicefor
credentialed
customersto
submitchange
32
requeststotheir
rootzone
databaseentries.
Websiteavailability—availabilityofrootzonemanagementrelateddocumentation(i.e.onhttp://www.iana.org)
Directoryserviceavailability—availabilityoftheauthoritativedatabaseofTLDs
Credentialrecovery—timetodispatchconfirmationemailofforgottenusernameorpassword
5min Max 95% Month
Credentialchange—timetoimplementnewpasswordwithinthesystem
5min Max 95% Month
Dashboardupdatefrequency—averagetimetoupdatethedashboardtoensureup-to-datereporting
30min Max 100% Month
Dashboardaccuracy—thedatapresentedonthedashboardisaccurate
100% Min <100% Month
Dashboardavailability—availabilityofthedashboardonline
99% Min <99% Month
SLEreportproduction—timetoproducereportsfollowingtheconclusionofthereportingperiod
Monthly
SLEreportavailability—availabilityoftheSLEreportsandassociated
<10 Max >10days Month
33
dataonline days
after
month
end
SLEreport
publication—
scheduleof
reportingperiods
Monthly
Timetosendacknowledgeofenquiry—timetakentosendinitialacknowledgementofreceiptofageneralenquirypertainingtorootzonemanagement(butnotpertainingtointeractionsinachangerequestcontext)
Timetosendinitialresponsetoenquiry—timetakenforstafftorespondtoenquiry,eitherinpartorinwhole
f. TheseelementsreflectactivityareasthatshouldbeinstrumentedbyContractor,andreportedpursuanttoArticleVIIoftheAgreementandSection3ofthisSOW.
3. PERFORMANCEMETRICREQUIREMENTS
a. ProgramReviewsandSiteVisits
i. ReviewsmaybeconductedbytheCSCinaccordancewithICANN’sBylawsandtheCSCCharter.
34
ii. SitevisitsmaybeconductedbyanIFRTinaccordancewithICANN’sBylaws.
b. MonthlyPerformanceProgressReport.ContractorshallprepareandsubmitreportsasmutuallyagreedbetweenContractorandtheCSC.
c. RootZoneManagementDashboard.ContractorshallworkcollaborativelywithICANNanditscustomerstoproducethedashboardtoreportServiceLevelExpectationsforRootZoneManagement,whichwillbeusedforreal-timereportingofContractor’sperformance.
d. PerformanceStandardsReports.ContractorshalldevelopandpublishperformancestandardmetricreportsfortheIANANamingFunctioninconsultationwiththeCSC.Theperformancestandardsmetricreportswillbepublishedviaawebsiteeverymonth(nolaterthan15calendardaysfollowingtheendofeachmonth).
e. CustomerServiceSurvey.InaccordancewithICANN’sBylaws,ContractorshallcollaboratewiththeCSCandICANNtomaintainandenhancetheannualcustomerservicesurveyconsistentwiththeperformancestandardsforRootZoneManagement.Thesurveyshall,ataminimum,includeafeedbacksectionfortheIANANamingFunction.Nolaterthan60calendardaysaftercompletingacustomerservicesurvey,Contractorshallprepareareport(the“CSSReport”),submittheCSSReporttoICANNandpubliclyposttheCSSReporttotheIANAWebsite.
f. FinalReport.ContractorshallprepareandsubmitafinalreportontheperformanceoftheIANANamingFunctionthatdocumentsstandardoperatingprocedures,includingadescriptionofthetechniques,methods,software,andtoolsemployedintheperformanceoftheIANANamingFunction.ContractorshallsubmitthereporttotheCSCandICANNnolaterthan30daysaftertheexpirationorterminationoftheAgreement.
g. Inspectionandacceptance.ICANNwillperformfinalinspectionandacceptanceofalldeliverablesandreportsarticulatedinthisSection3,assetforthinSection4.10(a)oftheAgreement.AnydeficienciesidentifiedbyICANNshallbecorrectedbyContractorandresubmittedtoICANNwithin10businessdaysafterContractor’sreceiptofnoticeofsuchdeficiency.
4. BASELINEREQUIREMENTSFORDNSSECINTHEAUTHORITATIVEROOTZONE
a. DNSSECattheauthoritativeRootZonerequirescooperationandcollaborationbetweentheContractorandtheRootZoneMaintainer.ThebaselinerequirementsencompasstheresponsibilitiesandrequirementsforContractorandtheseresponsibilitiesandrequirementsmustbeimplementedin
35
cooperationwithsimilarresponsibilitiesandrequirementsdefinedwithinICANN’srelationshipwiththeRootZoneMaintainer.
b. GeneralRequirements
i. TheRootZonesystemneedsanoverallsecuritylifecycle,suchasthatdescribedinISO27001,NISTSP800-53,etc.,andanysecuritypolicyforDNSSECimplementationmustbevalidatedagainstexistingstandardsforsecuritycontrols.
ii. Theremainderofthissectionhighlightssecurityrequirementsthatmustbeconsideredindevelopinganysolution.ISO27002:2005(formerlyISO17799:2005)andNISTSP800-53arerecognizedsourcesforspecificcontrols.NotethatreferencetoSP800-53isusedasaconvenientmeansofspecifyingasetoftechnicalsecurityrequirements.ThesystemsreferencedinthisdocumentareassumedtomeetalltheSP800-53technicalsecuritycontrolsorequivalentrequiredbyaHIGHIMPACTsystem.
iii. Wheneverpossible,referencestoNISTpublicationsaregivenasasourceforfurtherinformation.TheseSpecialPublications(“SP”)arenotintendedasauditingchecklists,butasnon-bindingguidelinesandrecommendationstoestablishaviableITsecuritypolicy.Comparablesecuritystandardscanbesubstitutedwhereavailableandappropriate.AlloftheNISTdocumentreferencescanbefoundontheNISTComputerSecurityResearchCenterwebpage(http://www.csrc.nist.gov/).
c. SecurityAuthorizationandManagementPolicy
i. Contractorshallhaveitsownsecuritypolicyinplace;eachsecuritypolicymustbeperiodicallyreviewedandupdated,asappropriate.
1. SupplementalguidanceongeneratingaSecurityAuthorizationPolicymaybefoundinNISTSP800-37.
ii. Thepolicyshallhaveacontingencyplancomponenttoaccountfordisasterrecovery(bothman-madeandnaturaldisasters).
1. SupplementalguidanceoncontingencyplanningmaybefoundinSP800-34
iii. ThepolicyshalladdressIncidentResponsedetection,handlingandreporting(see4below).
1. SupplementalguidanceonincidentresponsehandlingmaybefoundinNISTSP800-61.
36
d. ITAccessControl
i. ThereshallbeanITaccesscontrolpolicyinplaceandenforcedforthekeymanagementfunctions
1. Thisincludesbothaccesstohardware/softwarecomponentsandstoragemediaaswellasabilitytoperformprocessoperations.
2. SupplementalguidanceonaccesscontrolpoliciesmaybefoundinNISTSP800-12.
ii. Userswithoutauthenticationshallnotperformanyactioninkeymanagement.
iii. Intheabsenceofacompellingoperationalrequirement,remoteaccesstoanycryptographiccomponentinthesystem(suchashardwaresecuritymodules)isnotpermitted.
e. SecurityTraining
i. AllpersonnelparticipatingintheRootZoneSigningprocessshallhaveadequateITsecuritytraining.
ii. SupplementalguidanceonestablishingasecurityawarenesstrainingprogrammaybefoundinNISTSP800-50.
f. AuditandAccountabilityProcedures
i. Contractorshallperiodicallyreview/update:(1)itsformal,documented,auditandaccountabilitypolicythataddressespurpose,scope,roles,responsibilities,managementcommitment,coordinationamongorganizationalentities,andcompliance;and(2)theformal,documentedprocedurestofacilitatetheimplementationoftheauditandaccountabilitypolicyandassociatedauditandaccountabilitycontrols.
1. SupplementalguidanceonauditingandaccountabilitypoliciesmaybefoundinNISTSP800-12.
2. Specificauditingeventsincludethefollowing:
a. Generationofkeys.
b. Generationofsignatures
c. Exportingofpublickeymaterial
37
d. Receiptandvalidationofpublickeymaterial(i.e.,fromtheZSKholderorfromTLDs)
e. Systemconfigurationchanges
f. Maintenanceand/orsystemupdates
g. Incidentresponsehandling
h. Othereventsasappropriate
ii. Incidenthandlingforphysicalandexceptionalcyber-attacksshallincludereportingtoICANNinatimeframeandformatasmutuallyagreedbyICANNandContractor.
iii. Theauditingsystemshallbecapableofproducingreportsonanad-hocbasisforICANNortheCSC.
iv. AversionofthereportsprovidedtoICANNortheCSCmustbemadepublicallyavailable.
g. PhysicalProtectionRequirements
i. Thereshallbephysicalaccesscontrolsinplacetoonlyallowaccesstohardwarecomponentsandmediatoauthorizedpersonnel.
1. SupplementalguidanceontokenbasedaccessmaybefoundinNISTSP800-73.
2. SupplementalguidanceontokenbasedaccessbiometriccontrolsmaybefoundinNISTSP800-76.
ii. Physicalaccessshallbemonitored,logged,andregisteredforallusersandvisitors.
iii. Allhardwarecomponentsusedtostorekeyingmaterialorgeneratesignaturesshallhaveshort-termbackupemergencypowerconnectionsincaseofsitepoweroutage.(SeeNISTSP800-53r3).
iv. Appropriateprotectionmeasuresshallbeinplacetopreventphysicaldamagetofacilitiesasappropriate.
h. AllComponents
i. Allhardwareandsoftwarecomponentsmusthaveanestablishedmaintenanceandupdateprocedureinplace.
38
1. SupplementalguidanceonestablishinganupgradingpolicyforanorganizationmaybefoundinNISTSP800-40
ii. Allhardwareandsoftwarecomponentsprovideameanstodetectandprotectagainstunauthorizedmodifications/updates/patching.
i. InterfaceBasicFunctionality
i. Contractor’sinterfaceshallhavetheabilitytoacceptandprocessTLDDSrecords,including:
1. AcceptTLDDSRRs
a. BeingabletoretrieveTLDDNSKEYrecordfromtheTLD,andperformparametercheckingfortheTLDkeys,includingverifyingthattheDSRRhasbeencorrectlygeneratedusingthespecifiedhashalgorithm.
2. Havingproceduresfor:
a. ScheduledrolloverforTLDkeymaterial;
b. SupportingemergencykeyrolloverforTLDkeymaterial;and
c. MovingTLDfromsignedtounsignedintherootzone.
ii. AbilitytosubmitTLDDSrecordupdatestotheRootZoneMaintainerforinclusionintotherootzone.
iii. AbilitytosubmitRZkeysettotheRootZoneMaintainerforinclusionintotherootzone.