proposed naming function agreement - icann · iana naming function agreement this iana naming...

IANANAMINGFUNCTIONAGREEMENT

ThisIANANamingFunctionAgreement(this“Agreement”)isdatedasof[l]2016andisentered into by and between Internet Corporation for Assigned Names and Numbers, aCalifornianonprofitpublicbenefitcorporation(“ICANN”)and[PTI],aCalifornianonprofitpublicbenefitcorporation(the“Contractor”),and iseffectiveasof the lastdateonwhichallof theconditionssetoutinArticleIIhavebeensatisfied(the“EffectiveDate”).ICANNandContractormayeachbereferredtohereinindividuallyasa“Party”andcollectivelyasthe“Parties.”

WHEREAS,on14March2014, theU.S.National Telecommunicationsand InformationAdministration (“NTIA”) announced the transition of NTIA’s stewardship role of key Internetdomainnamefunctionstotheglobalmulti-stakeholdercommunity(the“Transition”);

WHEREAS, following the Transition, ICANN will continue to serve as the InternetAssignedNumbersAuthority(“IANA”)functionsoperator;and

WHEREAS,ICANNandContractordesiretoenterintothisAgreementpursuanttowhichContractorwillserveastheoperatorfortheIANAnamingfunctionaftertheTransition.

NOW, THEREFORE, for good and valuable consideration, the sufficiency of which isherebyacknowledged,thePartiesagreeasfollows:

ARTICLEI:DEFINITIONSANDCONSTRUCTION

Section1.1 Definitions.

(a) “Agreement”hasthemeaningsetforthinthePreamble.

(b) “ApprovedIANABudget”hasthemeaningsetforthinSection10.2.

(c) “ccNSO”hasthemeaningsetforthinSection4.7.

(d) “ccTLD”hasthemeaningsetforthinSection4.4(c).

(e) “CCOP”hasthemeaningsetforthinSection5.2(b).

(f) “Complainant”hasthemeaningsetforthinSection8.1(a).

(g) “Complaint”hasthemeaningsetforthinSection8.1(a).

(h) “Contractor”hasthemeaningsetforthinthePreamble.

(i) “CSC”hasthemeaningsetforthinSection4.9(c).

(j) “CSSReport”hasthemeaningsetforthinSection3.eofAnnexA.

2

(k) “customer”meansagTLDregistryoperator,accTLDmanagerorregistryoperatororotherdirectcustomerofContractor(e.g.,arootserveroperatororothernon-rootzonefunction).

(l) “Delegation”referstotheprocessbywhichtheoperatoroftheIANANamingFunctioninitiallyassignsmanagementresponsibilityorassignspreviouslyassignedresponsibility(afterarevocation)forthemanagementofaccTLD,asfurtherdefinedintheFOI.

(m) “DNS”meansdomainnamesystem.

(n) “DOC”hasthemeaningsetforthinSection2.1.

(o) “DS”hasthemeaningsetforthinSection1.d.iofAnnexA.

(p) “EffectiveDate”hasthemeaningsetforthinthePreamble.

(q) “FOI”hasthemeaningsetforthinSection4.7.

(r) “GAC2005ccTLDPrinciples”hasthemeaningsetforthinSection4.7.

(s) “GNSO”hasthemeaningsetforthinSection4.7.

(t) “gTLD”hasthemeaningsetforthinSection4.4(c).

(u) “IANA”hasthemeaningsetforthintheRecitals.

(v) “IANAFunctionReview”or“IFR”hasthemeaningsetforthinSection7.3(a).

(w) “IANANamingFunction”hasthemeaningsetforthinSection4.3.

(x) “IANAWebsite”hasthemeaningsetforthinSection4.6.

(y) “ICANN”hasthemeaningsetforthinthePreamble.

(z) “ICANNBoard”hasthemeaningsetforthinSection7.3(a).

(aa) “ICANN’sBylaws”meansthosecertainBylawsforInternetCorporationforAssignedNamesandNumbers,aCaliforniaNonprofitPublic-BenefitCorporation,adoptedbytheICANNBoardon27May2016,asamended.

(bb) “IFRT”hasthemeaningsetforthinSection4.9(c).

(cc) “InitialTerm”hasthemeaningsetforthinSection9.1.

3

(dd) “InterestedandAffectedParties”meansallgTLDregistryoperators,ccTLDmanagersandregistryoperators,theRootZoneEvolutionReviewCommittee,theCSC,and(ifformedandwhileinexistence)eachIFRT.

(ee) “KeyPersonnel”hasthemeaningsetforthinSection4.9(a).

(ff) “NS”hasthemeaningsetforthinSection1.d.iofAnnexA.

(gg) “NTIA”hasthemeaningsetforthintheRecitals.

(hh) “Party”or“Parties”hasthemeaningsetforthinthePreamble.

(ii) “PerformanceIssue”hasthemeaningsetforthinSection8.1(b).

(jj) “PTIBoard”hasthemeaningsetforthinSection4.9(c)(ii).

(kk) “RenewalTerm”hasthemeaningsetforthinSection9.2(a).

(ll) “Revocation”referstotheprocessbywhichtheoperatoroftheIANANamingFunctionrescindsresponsibilityformanagementofaccTLDfromanincumbentmanager,asfurtherdefinedintheFOI.

(mm) “RootZoneManagement”hasthemeaningsetforthinSection4.3(a).

(nn) “RR”hasthemeaningsetforthinSection1.d.iofAnnexA.

(oo) “SignificantlyInterestedParties”hasthemeaningsetforthintheFOI.Foravoidanceofdoubt,undertheFOIthesepartiesinclude,withoutlimitation:(i)thegovernmentorterritorialauthorityforthecountryorterritoryassociatedwiththeccTLDand(ii)anyotherindividuals,organizations,companies,associations,educationalinstitutions,orothersthathaveadirect,material,substantial,legitimateanddemonstrableinterestintheoperationoftheccTLD(s)includingtheincumbentmanager.TobeconsideredaSignificantlyInterestedParty,anypartyotherthanthemanagerorthegovernmentorterritorialauthorityforthecountryorterritoryassociatedwiththeccTLDmustdemonstrate(andshallhavetheburdentodemonstrate)thatitishasadirect,materialandlegitimateinterestintheoperationoftheccTLD(s).

(pp) “SOW”hasthemeaningsetforthinSection4.3(a).

(qq) “SP”hasthemeaningsetforthinSection4.b.iiiofAnnexA.

(rr) “Transfer”referstotheprocessbywhichtheoperatoroftheIANANamingFunctiontransfersresponsibilityformanagementofaccTLDwiththeconsentoftheincumbentmanagerandthenewmanager,asfurtherdefinedintheFOI.

4

(ss) “TLD”hasthemeaningsetforthinthedefinitionof“InterestedandAffectedParties.”

(tt) “Transition”hasthemeaningsetforthintheRecitals.

Section1.2 Construction.UnlessthecontextofthisAgreementotherwiserequires:(a)wordsofanygenderincludeeachothergender;(b)wordsusingthesingularorpluralnumberalsoincludethepluralorsingularnumber,respectively;(c)theterms“hereof,”“herein,”“hereby”andderivativeorsimilarwordsrefertothisentireAgreement;(d)theterms“Article,”“Section,”or“Annex”refertothespecifiedArticle,Section,orExhibitofthisAgreement;(e)theterm“or”has,exceptwhereotherwiseindicated,theinclusivemeaningrepresentedbythephrase“and/or”;and(f)theterm“including”or“includes”means“includingwithoutlimitation”or“includeswithoutlimitation”soastonotlimitthegeneralityoftheprecedingterm.Unlessotherwisestated,referencestodaysshallmeancalendardays.

ARTICLEII:CONDITIONSPRECEDENT

Section2.1 ConditionPrecedent.ThisAgreementshallbeeffectiveasofthelastdateonwhichthefollowingconditionshavebeensatisfied:(a)theagreementbetweenICANNandtheUnitedStatesDepartmentofCommerce(“DOC”),effectiveasof01October2012(includinganyextensionthereof)hasterminatedorexpiredand(b)ICANNhasacceptedtheresponsibilitytocoordinateandadministertheservicesthatwerepreviouslyprovidedthereunder.

ARTICLEIII:REPRESENTATIONSANDWARRANTIES

Section3.1 ICANN’sWarranties.ICANNrepresentsandwarrantsthat(a)ithasallnecessaryrightsandpowerstoenterintoandperformitsobligationsunderthisAgreement;(b)theexecution,deliveryandperformanceofthisAgreementbyICANNhasbeendulyauthorizedbyallnecessarycorporateactionanddoesnotviolateinanymaterialrespectanyapplicablelawtowhichICANNissubject;and(c)theexecution,deliveryandperformanceofthisAgreementbyICANNdonot(i)requireaconsentorapprovalunder,or(ii)conflictwith,resultinanyviolationorbreachof,constituteadefaultunder,oraccelerateanyrightsinfavorofathirdpartyunder,anyagreementbetweenICANNandathirdparty.

Section3.2 ContractorWarranties.Contractorrepresentsandwarrantsthat(a)ithasallnecessaryrightsandpowerstoenterintoandperformitsobligationsunderthisAgreement;(b)theexecution,deliveryandperformanceofthisAgreementbyContractorhasbeendulyauthorizedbyallnecessarycorporateactionanddoesnotviolateinanymaterialrespectanyapplicablelawtowhichContractorissubject;and(c)theexecution,deliveryandperformanceofthisAgreementbyContractordonot(i)requireaconsentorapprovalunder,or(ii)conflictwith,resultinanyviolationorbreachof,constituteadefaultunder,oraccelerateofanyrightsinfavorofathirdpartyunder,anyagreementbetweenContractorandathirdparty.

5

ARTICLEIV:SERVICESANDREQUIREMENTS

Section4.1 Designation.ICANNherebydesignatesContractorastheoperatoroftheIANANamingFunction,andauthorizesContractortoperformtheIANANamingFunctioninaccordancewiththetermsofthisAgreement(includingtheSOW).ICANNherebyauthorizesContractortoutilizeanyrightsandsublicensablelicensesheldbyICANNtotheextentnecessaryorusefultoperformtheIANANamingFunctioninaccordancewiththetermsofthisAgreement(includingtheSOW).Contractorherebyacceptssuchdesignation,rightsandlicensesandagreestoperformtheIANANamingFunctioninaccordancewiththetermsofthisAgreement(includingtheSOW).

Section4.2 U.S.Presence.

(a) ContractorshallbeawhollyU.S.ownedandoperatedcorporationoperatinginoneofthe50statesoftheUnitedStatesorDistrictofColumbia;(ii)incorporatedwithinthestateofCalifornia,UnitedStatesofAmerica;and(iii)organizedunderthenonprofitpublicbenefitcorporationlawsofthestateofCalifornia.

(b) ContractorshallperformtheIANANamingFunctionintheUnitedStatesandpossessandmaintain,throughouttheperformanceofthisAgreement,aphysicaladdresswithintheUnitedStates.ContractormustbeabletodemonstratethatallprimaryoperationsandsystemswillremainwithintheUnitedStates(includingtheDistrictofColumbia).ICANNreservestherighttoinspectthepremises,systems,andprocessesofallsecurityandoperationalcomponentsusedfortheperformanceoftheIANANamingFunction.

Section4.3 ScopeoftheIANANamingFunction.The“IANANamingFunction”iscomprisedof:

(a) ManagementoftheDNSRootZone(“RootZoneManagement”)inaccordancewiththeStatementofWorkattachedasAnnexAtothisAgreement(“SOW”);

(b) Managementofthe.INTtop-leveldomain;

(c) Maintenanceofarepositoryofinternationalizeddomainnametablesandlabelgenerationrulesets;and

(d) ProvisionofotherservicesandimplementationofmodificationsinperformanceoftheIANANamingFunction,ineachcaseuponICANN’srequestandinconformancewithapplicablepoliciesandprocedures.

Section4.4 PerformanceofIANANamingFunction.

(a) ContractorshallperformtheIANANamingFunctioninastableandsecuremannerandinaccordancewiththeSOW.TheIANANamingFunctionisadministrativeandtechnicalinnaturebasedonestablishedpoliciesthataredevelopedthrough

6

applicableICANNpolicydevelopmentbodiesandapprovedbyICANN,ineachcaseinaccordancewithICANN’sBylaws.

(b) ContractorshalltreattheIANANamingFunctionwithequalpriorityastheotherIANAfunctionsperformedbyContractor,andprocessallrequestspromptlyandefficiently.

(c) Contractorshallmakedecisionsbyapplyingdocumentedpoliciesconsistently,neutrally,objectively,andfairly,withoutsinglingoutanyparticularcustomerfordiscriminatorytreatment(i.e.,makinganunjustifiedprejudicialdistinctionbetweenoramongdifferentcustomers)andinamannerthatdoesnotdiscriminatebetweentypesofcustomers(whethersuchcustomersare(i)countrycodetopleveldomain(“ccTLD”)orgenerictopleveldomain(“gTLD”)registryoperators,(ii)payingornon-paying,(iii)contractedornon-contracted,or(iv)associatedwithsupportingorganizations,advisorycommitteesorothergoverningbodiesofICANNorotherwise).

(d) ContractorshallrespectthediversityofcustomersoftheIANANamingFunctionandshallprovideservicetoitscustomersinconformancewithprevailingtechnicalnorms,andinsupportoftheglobalsecurity,stabilityandresilienceoftheDNS.Ifacustomer’sreceiptofservicesisbasedonacontractbetweensuchcustomerandICANN,whilesuchcontractremainsinforceandeffect,Contractorshallcontinuetoprovideservicestosuchcustomernotwithstandinganyon-goingoranticipatedcontractualdisputesbetweenICANNandsuchcustomer.

Section4.5 SeparationofPolicyDevelopmentandOperationalRoles.ContractorshallensurethatitsstaffperformingtheIANANamingFunctiondonotpubliclyinitiate,advanceoradvocateanypolicydevelopmentrelatedtotheIANANamingFunction.Notwithstandingtheforegoing,Contractor’sstaffmay(i)respondtorequestsforinformationrequestedbyInterestedandAffectedParties,subjecttoSection12.3,and,atContractor’svolition,provideobjectiveinformationtosuchcustomers,ineachcase,toinformongoingpolicydiscussions,(ii)requestguidanceorclarificationasnecessaryfortheperformanceoftheIANANamingFunction,and(iii)publish,contributetoorcommentonanydocumentrelatedtoongoingpolicydiscussions,providedthat,inthecaseofclause(iii),theprimarypurposeofsuchpublication,contributionorcommentaryistosupplyrelevantIANANamingFunctionexperienceandinsight.

Section4.6 UserInstructions.Contractorshall,incollaborationwithitscustomers,maintainuserinstructions,includingtechnicalrequirementsfortheIANANamingFunction.Contractorshallpostsuchinstructionsatiana.org(“IANAWebsite”).

Section4.7 ResponsibilityandRespectforStakeholders.ContractorshallapplythepoliciesfortheRootZoneManagementcomponentoftheIANANamingFunctionthathavebeendefined,orafterthedateofthisAgreementarefurtherdefined,by(a)theGenericNamesSupportingOrganization(“GNSO”)andtheCountryCodeNamesSupportingOrganization(“ccNSO”),(b)theFrameworkofInterpretationofCurrentPoliciesandGuidelinesPertainingto

7

theDelegationandRedelegationofCountry-CodeTopLevelDomainNames,datedOctober2014(“FOI”),and(c)whereapplicable,the2005GovernmentalAdvisoryCommitteePrinciplesAndGuidelinesForTheDelegationAndAdministrationOfCountryCodeTopLevelDomains(“GAC2005ccTLDPrinciples”).ContractorshallpublishdocumentationpertainingtotheimplementationofthesepoliciesandprinciplesontheIANAWebsite.

Section4.8 Managementofthe.INTTLD.

(a) Contractorshalloperatethe.INTTLDwithinthecurrentregistrationpoliciesforthe.INTTLD.

(b) UpondesignationofasuccessorregistrybyICANN,ifany,ContractorshallcooperatewithICANNtofacilitatethesmoothtransitionofoperationofthe.INTTLD.Suchcooperationshall,ataminimum,includetimelytransfertothesuccessorregistryofthethen-currenttop-leveldomainregistrationdata.

Section4.9 GeneralManager;KeyPersonnel.

(a) Contractorshallprovidetrained,knowledgeabletechnicalpersonnelaccordingtotherequirementsofthisAgreement,includingthefollowingkeypersonnel:aGeneralManager,aDirectorofSecurityandaConflictofInterestOfficer(“KeyPersonnel”).AllContractorpersonnelwhointerfacewithICANNmusthaveexcellentoralandwrittencommunicationskills."Excellentoralandwrittencommunicationskills"isdefinedasthecapabilitytoconversefluently,communicateeffectively,andwriteintelligiblyintheEnglishlanguage.

(b) TheConflictofInterestOfficershallberesponsibleforensuringtheContractorisincompliancewithContractor’sinternalandexternalconflictofinterestrulesandprocedures.

(c) TheGeneralManagerofContractorshallorganize,plan,direct,staff,andcoordinatetheoverallperformanceoftheIANANamingFunction;managecontractandsubcontractactivitiesastheauthorizedinterfacewithICANNandensurecompliancewithapplicablerulesandregulations.TheGeneralManagerofContractorshallberesponsiblefortheoverallperformanceofContractorunderthisAgreementandshallmeetandconferwithICANN(includingtheCustomerStandingCommittee(“CSC”)andIANAFunctionReviewteams(“IFRT”),assuchtermsareusedinICANN’sBylaws)regardingthestatusofspecificContractoractivitiesandproblems,issues,orconflictsrequiringresolution.TheGeneralManagerofContractormustpossessthefollowingskills:

(i) demonstratedcommunicationskillswithalllevelsofmanagement;

8

(ii) capabilitytonegotiateandmakebindingdecisionsforContractor(subjecttoanyrequirementsofContractor’sBylawsandtheauthoritydelegatedtosuchpersonbytheContractor’sBoardofDirectors(“PTIBoard”));

(iii) extensiveexperienceandprovenexpertiseinmanagingsimilarmulti-taskagreementsofthistypeandcomplexity;

(iv) extensiveexperiencesupervisingpersonnel;and

(v) athoroughunderstandingandknowledgeoftheprinciplesandmethodologiesassociatedwithoperationsmanagementandcontractmanagement.

(d) ContractorshallobtaintheapprovalofICANN,afterconsultationwiththePTIBoard,priortomakingKeyPersonnelsubstitutions.ReplacementsforKeyPersonnelmustpossessqualificationsreasonablyequaltoorexceedingthequalificationsofthepersonnelbeingreplaced,unlessanexceptionisapprovedbyICANN.

Section4.10 InspectionOfAllDeliverablesAndReportsBeforePublication.

(a) PriortopublicationorpostingofreportsandotherdeliverablesanticipatedunderthisAgreement,ContractorshallobtainapprovalfromICANN,whichwillnotbeunreasonablywithheld.AnydeficienciesidentifiedbyICANNshallbecorrectedbyContractorandresubmittedtoICANNwithin10businessdaysafterContractor’sreceiptofnoticeofsuchdeficiency.

(b) ICANNreservestherighttoinspectthepremises,systemsandprocessesofallsecurityandoperationalcomponentsusedfortheperformanceofalltherequirementsandobligationssetforthinthisAgreement.

ARTICLEV:PERFORMANCE

Section5.1 ConstructiveWorkingRelationship.ContractorshallusecommerciallyreasonableeffortstomaintainaconstructiveworkingrelationshipwithICANN,therootzonemaintainerandallInterestedandAffectedPartiestoensurequalityandsatisfactoryperformanceoftheIANANamingFunction.

Section5.2 ContinuityofOperations.

(a) EitherICANNortheContractorshallprovide,ataminimum,redundantsitesinatleasttwogeographicallydispersedsiteswithintheUnitedStatesaswellasmultipleresilientcommunicationpathstocustomerstoensurecontinuationoftheIANANamingFunctionintheeventofcyberorphysicalattacks,emergencies,ornaturaldisasters.

(b) ContractorshallcollaboratewithICANNtodevelopandimplementaContingencyandContinuityofOperationsPlan(“CCOP”)fortheIANANamingFunction.

9

ContractorincollaborationwithICANNshallfromtimetotimeupdateandannuallytesttheCCOPasnecessarytomaintainthesecurityandstabilityoftheIANANamingFunction.TheCCOPshallincludedetailsonplansforcontinuationoftheIANANamingFunctionintheeventofcyberorphysicalattacks,emergencies,ornaturaldisasters.ContractorshallsubmittheCCOPtoICANNaftereachupdateandpublishontheIANAWebsiteareportdocumentingtheoutcomesoftheCCOPtestswithin90calendardaysoftheannualtest.

Section5.3 PerformanceExclusions

(a) UnlessspecificallyauthorizedbyICANNinwriting,Contractorshallnotmakemodifications,additionsor deletionstotherootzonefileorassociatedinformation.

(b) ContractorshallnotmakechangesinthepoliciesandproceduresdevelopedbytherelevantentitiesassociatedwiththeperformanceoftheIANANamingFunction.

(c) TheperformanceoftheIANANamingFunctionshallnotbe,inanymanner,predicateduponorconditionedbyContractorontheexistenceorentryintoanycontract,agreementornegotiationbetweenContractorandanyTLDregistryoperatororanyotherthirdparty.

ARTICLEVI:TRANSPARENCYOFDECISION-MAKING

Section6.1 Transparency.Toenhanceconsistency,predictabilityandintegrityinContractor’sdecision-makingrelatedtotheIANANamingFunction,Contractorshall:

(a) PublishreportspursuanttoArticleVIIandSection3oftheSOW.

(b) MakepublicalldecisionsofthePTIBoardrelatingtotheIANANamingFunction,unless,uponthedeterminationofthePTIBoard,suchdecision(i)relatestoconfidentialpersonnelmatters,(ii)iscoveredbyattorney-clientprivilege,workproductdoctrineorotherrecognizedlegalprivilege,(iii)issubjecttoalegalobligationthatContractormaintainitsconfidentialityorotherwisewouldresultinthedisclosureofconfidentialinformationofContractor’scustomers,(iv)woulddisclosetradesecrets,or(v)wouldpresentamaterialriskofnegativeimpacttothesecurity,stabilityorresiliencyoftheIANANamingFunctionortheInternet.

(c) AgreenottoredactanyPTIBoardminutesrelatedtodecisionsconcerningtheIANANamingFunction,providedthatthePTIBoardmayredactsuchminutesonthedeterminationthatsuchredactedinformation(i)relatestoconfidentialpersonnelmatters,(ii)iscoveredbyattorney-clientprivilege,workproductdoctrineorotherrecognizedlegalprivilege,(iii)issubjecttoalegalobligationthatContractormaintainitsconfidentialityorotherwisewouldresultinthedisclosureofconfidentialinformationofContractor’scustomers,(iv)woulddisclosetradesecrets,or(v)wouldpresenta

10

materialriskofnegativeimpacttothesecurity,stabilityorresiliencyoftheIANANamingFunctionortheInternet.

(d) HavetheGeneralManagerofContractorandchairpersonofthePTIBoardsignanannualattestationthatContractorhascompliedwiththerequirementsofthisSection6.1.

ARTICLEVII:AUDITS,MONITORINGANDREVIEWS

Section7.1 Audits.

(a) ContractorshallgenerateandpublishviatheIANAWebsiteamonthlyauditreportidentifying(i)eachrootzonefileandrootzone“WHOIS”databasechangerequest,and(ii)eachdelegation,redelegationandtransferofaTLDandthestatusthereof.SuchauditreportshallbeduetoICANNnolaterthan15calendardaysfollowingtheendofeachmonth.

(b) ContractorshallannuallyperformaspecializedcomplianceauditofContractor’ssecurityprovisionsrelatingtotheIANANamingFunctionagainstexistingbestpracticesandArticleXI.Thisspecializedcomplianceauditshallbeperformedbyanexternal,independentauditor.

Section7.2 PerformanceMonitoring.

(a) SolongastheCSCexistspursuanttoICANN’sBylaws,ContractoracknowledgesandagreesthattheCSCisentitledtomonitorContractor’sperformanceunderthisAgreement(includingtheSOW)inaccordancewithICANN’sBylaws.

(b) ContractorshallprovidereportstotheCSCascontemplatedbytheSOW.

(c) ContractorshallactingoodfaithtoresolveissuesidentifiedbytheCSC.

(d) ContractoracknowledgesthattheCSCshallbeempoweredtoescalateidentifiedareasofconcernassetforthinArticleVIII.

Section7.3 IANANamingFunctionReviews.

(a) ContractoracknowledgesthatICANN’sBoardofDirectors(the“ICANNBoard”)maycauseareviewbyanIFRT,relatingtotheIANANamingFunction,thisAgreementandContractor’sperformanceunderthisAgreement(includingtheSOW),inaccordancewithICANN’sBylaws(an“IANAFunctionReview”or“IFR”).

(b) ContractorshallusecommerciallyreasonableeffortstofacilitateanyIFR.ContractorshallcooperatewithanysitevisitconductedbyanIFRTthathasbeenpreviouslyapprovedbyICANNinaccordancewithICANN’sBylaws.

11

(c) ContractoragreesthatICANNmayunilaterallyamendorterminatethisAgreement(includingtheSOW)inaccordancewithanapprovedIFRRecommendation,anapprovedSpecialIFRRecommendationoranapprovedSCWGRecommendation(assuchtermsaredefinedinICANN’sBylaws),subjecttothelimitationssetforthinICANN’sBylaws.Contractoragreestoabidebyandimplementanysuchamendments.

ARTICLEVIII:ESCALATIONMECHANISMS

Section8.1 IANACustomerServiceComplaintResolutionProcess

(a) IfContractorreceivesacustomerservicecomplaint(a“Complaint”),ContractorwillreviewtheComplaintandattempttoresolveittothereasonablesatisfactionofthepersonorentitywhobroughttheComplaint(the“Complainant”)assoonasreasonablypracticable.IftheComplaintisnotsoresolved,theComplainantmayescalatethematterinwritingtoContractor’smanagementteam,inwhichcaseContractorshallnotifytheCSC.IftheComplaintisstillnotresolved,theComplainantorthePresidentofContractormayescalatethematterinwritingtoICANN’sOmbudsman.

(b) If(i)aComplainantisacustomerand(ii)aftercompletingtheescalationprocessprovidedforinSection8.1(a),theComplaintisstillnotresolved,then(A)theCSCmayconductareviewtodeterminewhethertheComplaintissubjectofapersistentperformanceissueofContractororanindicationofasystemicproblemwithContractor’sperformanceoftheIANANamingFunctionpursuanttothetermsofthisAgreement(a“PerformanceIssue”)and(B)theComplainantmay(x)requestmediation,whichshallbeconductedinamannerconsistentwiththetermsandprocesssetforthbelowinSection8.1(c)and(y)iftheissueisnotresolvedfollowingsuchmediationandtheComplaintmeetstherequirementsoftheIndependentReviewProcess,initiateanIndependentReviewProcess(asdefinedintheICANN’sBylaws).IftheCSCdeterminesthataPerformanceIssueexists,theCSCmayseekremediationofthePerformanceIssuethroughtheIANAProblemResolutionProcessdescribedinSection8.2.

(c) CustomerMediationProcess.

(i) IfaComplainantisacustomerofContractor,aftercompletingtheescalationprocessprovidedforinSection8.2(a),thecustomermayinitiatemediationbydeliveringawrittennoticetothePresidentofContractorandtheSecretaryofICANN.

(ii) ThereshallbeasinglemediatorwhoshallbeselectedbytheagreementofthecustomerandICANN.ICANNshallproposeaslateofatleastfivepotentialmediators,andthecustomershallselectamediatorfromtheslateorrequestanewslateuntilamutuallyagreedmediatorisselected.ThecustomermayrecommendpotentialmediatorsforinclusionontheslatesselectedbyICANN.ICANNshallnotunreasonablydeclinetoincludemediatorsrecommendedbythe

12

customeronproposedslatesandthecustomershallnotunreasonablywithholdconsenttotheselectionofamediatoronslatesproposedbyICANN.

(iii) ThemediatorshallbealicensedattorneywithgeneralknowledgeofcontractlawandgeneralknowledgeoftheDNSandICANN.ThemediatormaynothaveanyongoingbusinessrelationshipwithICANN,Contractororthecustomer.Themediatormustconfirminwritingthatheorsheisnot,directlyorindirectly,andwillnotbecomeduringthetermofthemediation,anemployee,partner,executiveofficer,director,consultantoradvisorofICANN,Contractororthecustomer.

(iv) ThemediatorshallconductthemediationinaccordancewiththisSection8.1(c),thelawsofCaliforniaandtherulesandproceduresofawell-respectedinternationaldisputeresolutionprovider.

(v) ThemediationwillbeconductedintheEnglishlanguageandwilloccurinLosAngelesCounty,California,unlessanotherlocationismutuallyagreedbetweenICANN,Contractorandthecustomer.

(vi) ICANN,Contractorandthecustomershalldiscussthedisputeingoodfaithandattempt,withthemediator’sassistance,toreachanamicableresolutionofthedispute.

(vii) ICANNshallbearallcostsofthemediator.

(viii) IfICANN,Contractorandthecustomerhaveengagedingoodfaithparticipationinthemediationbuthavenotresolvedthedisputeforanyreason,ICANN,Contractorandthecustomermayterminatethemediationatanytimebydeclaringanimpasse.

(ix) IfaresolutiontothedisputeisreachedbyICANN,Contractorandthecustomer,ICANN,Contractorandthecustomershalldocumentsuchresolution.

Section8.2 IANAProblemResolutionProcess.FollowingtheEffectiveDate,ContractorshallworkcooperativelywiththeCSCtodevelop“RemedialActionProcedures”forthepurposeofaddressingPerformanceIssues.IftheCSCdeterminesthataPerformanceIssueexists,theCSCmayseekresolutionofthePerformanceIssuewithContractor,inwhichcaseContractorshallcomplywithsuchRemedialActionProceduresifandtotheextenttheCSCalsocomplieswithsuchprocedures.

Section8.3 NoticeandMitigationPlan.

(a) ContractorshallpromptlyinformICANNofanyissueordisputearisingfromitsperformanceoftherequirementsandservicescontemplatedbythisAgreementpriortotheComplaintbeingescalatedpursuanttoSection8.1(a),andshallagreewithICANNonaplantoresolvetheComplaint.

13

(b) If,foranyreason,ContractorfailstomeetanyoftherequirementsofthisAgreement,Contractorshall(i)conductananalysisofitsoperationstodeterminetherootcauseofsuchfailure,(ii)developamitigationplantoavoidtherootcauseofsuchfailurefromoccurringinthefuture,and(iii)deliverthereporttoICANNuponitscompletion.ContractorshallmodifyandupdateanymitigationplanasdirectedbyICANN.

ARTICLEIX:TERM;RENEWAL;TRANSITIONANDTERMINATION

Section9.1 InitialTerm.TheinitialtermofthisAgreementwillbe[five]yearsfromtheEffectiveDate(the“InitialTerm”).

Section9.2 Renewal;Termination.

(a) ThisAgreementwillbeautomaticallyrenewedforsuccessiveperiodsof[fiveyears](each,a“RenewalTerm”)upontheexpirationoftheInitialTermandeachsuccessiveRenewalTerm,unless(i)ICANNterminatesthisAgreementpursuanttoanSCWGRecommendationarisingfromanIANANamingFunctionSeparationProcess(asdefinedinICANN’sBylaws)approvedinaccordancewithICANN’sBylawsor(ii)ICANNelectsnottorenewtheInitialTermoranyRenewalTermthereafterpursuanttoanIFRRecommendation,SpecialIFRRecommendation,orSCWGRecommendation(assuchtermsaredefinedinICANN’sBylaws)approvedinaccordancewithICANN’sBylawsbyprovidingContractorwithnotlessthantwelvemonthspriorwrittennotice.AnyterminationorelectionbyICANNtonotrenewthisAgreementunderthisSection9.2mustbeapprovedbytheICANNBoardtobeeffectivehereunder.

(b) SubjecttoSection9.2(a),thefirstRenewalTermshallcommenceimmediatelyfollowingtheendoftheInitialTermandeachRenewalTermthereaftershallcommenceimmediatelyfollowingtheendoftheprecedingRenewalTerm.EachRenewalTermshallendonthe[fifth]anniversaryofthecommencementoftheRenewalTerm.

Section9.3 Transition.

(a) Contractorshalldevelopandmaintain,withICANNinput,aplaninplacefortransitioningtheIANANamingFunctiontoasuccessorprovidertoensureanorderlytransitionwhilemaintainingcontinuityandsecurityofoperations,includinginconnectionwiththenonrenewalofthisAgreementand/ordivestitureorotherreorganizationofPTIbyICANNascontemplatedbyICANN’sBylaws.ThetransitionplanshallbesubmittedtoICANNandpostedtotheIANAWebsitewithin18monthsaftertheEffectiveDate.Theplanshallthereafterbereviewedannuallyandupdatedasappropriate.

(b) ContractorshallprovidesupportandcooperationtoICANN,andtoanysuccessorprovideroftheIANANamingFunction,inordertoeffectanorderly,stable,secureandefficienttransitionoftheperformanceoftheIANANamingFunction.

14

(c) ContractoragreestobeengagedinthetransitionplanandtoprovideappropriatetransitionstaffandexpertisetofacilitateastableandsecuretransitionoftheIANANamingFunctiontoasuccessorprovider.

(d) ICANN,inconjunctionwiththeCSCasnecessary,shallreviewthetransitionplanatleasteveryfiveyears.

Section9.4 SurvivalofTerms.UpontheexpirationorterminationofthisAgreementunderthisArticleIX,thisAgreementshallbecomewhollyvoidandofnofurtherforceandeffect,andfollowingsuchexpirationorterminationnoPartyshallhaveanyliabilityunderthisAgreementtotheotherParty,exceptthateachPartyheretoshallremainliableforanybreachesofthisAgreementthatoccurredpriortoitsexpirationortermination;provided,however,thatthefollowingprovisionsshallsurvivetheexpirationorterminationofthisAgreement:Section9.3,ArticleXII,ArticleXIII,Section14.2throughSection14.16andthisSection9.4.

ARTICLEX:RESOURCES,FEESANDBUDGET

Section10.1 ResourcesandFees.

(a) ICANNshallprovideormakeavailabletoContractorthenecessarypersonnel(includingsecondedemployees),material,equipment,servicesandotherresourcesandfacilitiestoperformContractor’sobligationsunderthisAgreement,includingfundinginaccordancewiththeApprovedIANABudget.

(b) ContractormaynotchargeorcollectfeesfromthirdpartiesrelatedtotheperformanceoftheIANANamingFunctionwithoutthepriorwrittenconsentofICANN.

(c) AnyfeesapprovedbyICANNandchargedbyContractorrelatingtotheIANANamingFunctionwillbebasedontheactualcostsincurred,andvalueoftheresourcesutilized,byContractortoperformtheIANANamingFunction.

(d) ICANNacknowledgesandagreesthattheperformancebyContractoroftheIANANamingFunctionisconditioneduponthefullandcompleteperformanceofalloftheservicesandobligationsrequiredofICANNundertheServicesAgreementbetweenICANNandContractor.

Section10.2 Budget.ContractorshallcomplywiththerequirementssetforthinitsBylawsrelatingtopreparing,submittingandmonitoringanannualbudget.ICANNwillmeetannuallywiththeGeneralManagerofContractortoreviewtheannualbudgetfortheIANANamingFunction,whichshallbeapprovedinaccordancewithContractor’sBylawsandICANN’sBylaws(“ApprovedIANABudget”).

ARTICLEXI:SECURITYREQUIREMENTS

Section11.1 ComputingSystems.WithrespecttotheperformanceoftheIANANamingFunction,Contractorshallinstallandoperateallcomputingandcommunicationssystemsin

15

accordancewithbestbusinessandsecuritypractices.ICANNandContractorshallimplementasecuresystemforauthenticatedcommunicationstoContractor’scustomerswhencarryingouttheIANANamingFunctionpursuanttothetermsofthisAgreement.ICANNandContractorshalldocumentpracticesandconfigurationofallsystems.

Section11.2 NotificationSystems.Contractorshallimplementandthereafteroperateandmaintainasecurenotificationsystemataminimum,capableofnotifyingTLDregistryoperators,ofsucheventsasoutages,plannedmaintenance,andnewdevelopments.Inallcases,ContractorshallnotifyICANNofanyoutages.

Section11.3 Data.Contractorshallensuretheauthentication,integrity,andreliabilityoftheservicedatainperformingtheIANANamingFunction.

Section11.4 SecurityPlan.ICANNshallcoordinatewithContractortodevelopandexecuteasecurityplanthatmeetstherequirementsofthisAgreementandthisArticleXI.ICANNandContractorshalldocumentinthesecurityplantheprocessusedtoensureinformationsystemsincludinghardware,software,applications,andgeneralsupportsystemshaveeffectivesecuritysafeguards,whichhavebeenimplemented,plannedfor,anddocumented.Contractorshall,incoordinationwithICANN,performperiodicreviewsofthesecurityplanandupdatetheplanasnecessary.

Section11.5 DirectorofSecurity.Contractor’sDirectorofSecurityshallberesponsibleforensuringContractor’scompliancewiththetechnicalandphysicalsecuritymeasuresandrequirementsofthisAgreement.

ARTICLEXII:CONFIDENTIALITY

Section12.1 Confidentiality.Contractoragrees,intheperformanceofthisAgreement,tokeeptheinformationfurnishedbyICANNoracquiredordevelopedbyContractorinperformanceofthisAgreementanddesignatedbyICANN,inthestrictestconfidence.Contractoralsoagreesnottopublishorotherwisedivulgesuchinformation,inwholeorinpart,inanymannerorform,nortoauthorizeorpermitotherstodoso,andshalltakereasonablemeasurestorestrictaccesstosuchinformationwhileinContractor'spossession,tothoseemployeesneedingsuchinformationtoperformtheworkdescribedherein,i.e.,ona“needtoknow”basis.ContractoragreestoimmediatelynotifyICANNinwritingintheeventthatContractordeterminesorhasreasontosuspectabreachofthisrequirementhasoccurred.

Section12.2 Consent.ContractoragreesthatitwillnotdiscloseanyinformationdescribedinSection12.1toanypersonunlesspriorwrittenapprovalisobtainedfromICANN.Contractoragreestoinsertthesubstanceofthisclauseinanyconsultantagreementorsimilaragreement.

16

ARTICLEXIII:INTELLECTUALPROPERTY

Section13.1 Ownership.AsbetweenICANNandContractor,ICANNshallownallintellectualpropertyconceived,reducedtopractice,createdorotherwisedevelopedbyContractorunderthisAgreement(includingtheSOW).

Section13.2 Assignment.Contractorshallassign,andshallcauseallofitsemployeesandcontractorstoassign,allrightsinanypatentablesubjectmatter,patentapplications,copyrights,tradesecretsandallotherintellectualpropertycreatedbytheContractor,itsemployeesorcontractorspursuanttothisAgreementtoICANN.

Section13.3 WorkforHire.Withrespecttocopyright,allworkperformedbyContractorpursuanttothisAgreement(includingtheSOW)isa“workforhire”andICANNshallbedeemedtheauthorandshallownallcopyrightableworkscreatedbyContractorhereunder,andallcopyrightrightsthereto.Intheeventthisisnotdeemedaworkforhireagreement,ContractorherebyassignsandagreestoassignownershipoftheforegoingcopyrightableworksandcopyrightstoICANN.

Section13.4 License.ICANNshalllicensebackanypatents,patentapplications,copyrightsandtradesecretstoContractorforthedurationoftheTermsolelytotheextentnecessaryforContractortoperformitsobligationsunderthisAgreement.Thislicenseshallbenon-exclusive,non-assignable,non-sublicensable,non-transferableandroyalty-free.

ARTICLEXIV:MISCELLANEOUS

Section14.1 Indemnification.SolongasContractorisanaffiliateofICANN(i.e.ICANNisthesolememberofContractor,withtheabilitytoelectatleastamajorityofthedirectorsofthePTIBoard),ICANNshallindemnifyandholdharmlessContractor,itsofficers,agents,andemployeesfromliabilityofanynatureorkind,includingcostsandexpensestowhichtheymaybesubject,fororonaccountofanyorallthird-partyclaims,suitsordamagesofanycharacterwhatsoever,(i)resultingfrominjuriesordamagessustainedbyanypersonorpersonsorpropertybyvirtueofContractor’sperformanceofthisAgreementorfailuretoperformunderthisAgreement,or(ii)arisingorresultinginwholeorinpartfromthefault,negligence,wrongfulactorwrongfulomissionofICANNoranyofitssubcontractors(otherthanContractor),ortheirrespectiveemployeesoragents.

Section14.2 Notices.AllnoticestobegivenunderorinrelationtothisAgreementwillbegiveneither(i)inwritingattheaddressoftheappropriatePartyassetforthbelowor(ii)viaelectronicmailasprovidedbelow,unlessthatPartyhasgivenanoticeofchangeofpostaloremailaddress,asprovidedinthisAgreement.

IftoICANN:

InternetCorporationforAssignedNamesandNumbers12025WaterfrontDrive,Suite300

17

LosAngeles,CA90094-2536Attn:PresidentandChiefExecutiveOfficerPhone: +1-310-301-5800Email:[●]

Withacopyto(whichshallnotconstitutenotice):

InternetCorporationforAssignedNamesandNumbers12025WaterfrontDrive,Suite300LosAngeles,CA90094-2536Attn:GeneralCounselPhone: +1-310-301-5800Email:[●]


InternetCorporationforAssignedNamesandNumbers12025WaterfrontDrive,Suite300LosAngeles,CA90094-2536Attn:President,GlobalDomainsDivisionPhone: +1-310-301-5800Email:[●]

IftoContractor:

[Contractor]12025WaterfrontDrive,Suite300LosAngeles,CA90094-2536Attn:[●]Phone: [●]Email:[●]


InternetCorporationforAssignedNamesandNumbers12025WaterfrontDrive,Suite300LosAngeles,CA90094-2536Attn:GeneralCounselPhone: +1-310-301-5800Email:[●]

AnynoticerequiredbythisAgreementwillbedeemedtohavebeenproperlygiven(i)ifinpaperform,whendeliveredinpersonorviacourierservicewithconfirmationofreceiptor(ii)ifbyelectronicmail,uponconfirmationofreceiptbytherecipient’semailserver,providedthatsuchnoticeviaelectronicmailshallbefollowedbyacopysentbyregularpostalmailservice

18

withinthreecalendardays.Intheeventothermeansofnoticebecomepracticallyachievable,suchasnoticeviaasecurewebsite,thepartieswillworktogethertoimplementsuchnoticemeansunderthisAgreement.

Section14.3 Amendments.ExceptasprovidedinSection7.3(c),anytermorprovisionofthisAgreementmaybeamended,andtheobservanceofanytermofthisAgreementmaybewaivedonlybyaphysicalwritingreferencingthisAgreement,andeither(a)manuallysignedbythePartiestobeboundor(b)digitallysignedbythePartiestobebound.NothinghereinshalllimitSection7.3(c)aboveorICANN’sobligationsunderICANN’sBylawstotheextentrelatedtoICANN’scommitmentsrelatedtotheamendmentormodificationofthisAgreement,includingtheabilitytoamendthisAgreementpursuanttoanapprovedIFRRecommendation,anapprovedSpecialIFRRecommendationoranapprovedSCWGRecommendation,eachassetforthinICANN’sBylaws.

Section14.4 Waiver.AnytermorprovisionofthisAgreementmaybewaived,orthetimeforitsperformancemaybeextended,bythePartyorPartiesentitledtothebenefitthereof.AnysuchextensionorwaivershallbevalidlyandsufficientlyauthorizedforthepurposesofthisAgreementif,astoanyParty,itisauthorizedinwritingbyanauthorizedrepresentativeofthePartyentitledtothebenefitsofanysuchwaivedtermorprovision.ThefailureordelayofanyPartytoassertorenforceatanytimeanyprovisionof,oranyofitsrightsunder,thisAgreementshallnotbeconstruedtobeawaiverofsuchprovision,norinanywaytoaffectthevalidityofthisAgreementoranyparthereofortherightofanyPartythereaftertoenforceeachandeverysuchprovision.NowaiverofanybreachofthisAgreementshallbeheldtoconstituteawaiverofanyotherorsubsequentbreach.

Section14.5 Severability.IfanyprovisionofthisAgreementshouldbefoundbyacourtofcompetentjurisdictiontobeinvalid,illegalorunenforceable,thevalidity,legalityandenforceabilityoftheremainingprovisionsshallnotbeaffectedorimpairedthereby.

Section14.6 AssignmentandSubcontracting.

(a) NeitherPartymayassignortransferthisAgreement,oranyobligationunderthisAgreement(inwholeorinpart,andwhethervoluntarily,involuntarily,orbyoperationofLaw)withouttheotherParty’spriorwrittenconsent.

(b) PTIshallnotsubcontractalloranyportionofitsrightsorobligationsunderthisAgreement.

Section14.7 GoverningLaw.ThePartiesagreethatthisAgreement,andanyandalldisputesarisingoutoforrelatedtothisAgreement,shallbegovernedby,construed,andenforcedinallrespectsinaccordancewiththeLawsoftheStateofCalifornia,UnitedStatesofAmerica,excludingitsconflictoflawsrules.EachPartyexpresslywaivesanyclaimthatthejurisdictionofsuchcourtwithrespecttopersonaljurisdictionisimproperorthatthevenueisinconvenientorimproper.

19

Section14.8 Third-PartyBeneficiaries.NoprovisionofthisAgreementisintendedto,norshallbeinterpretedto,provideorcreateanyrights,benefitsoranyotherinterestofanykindinanythirdpartyorcreateanyobligationsofICANNorContractortoanythirdparty.

Section14.9 EnglishVersion.IfthisAgreementistranslatedintoanylanguageotherthanEnglish,andifthereisaconflictbetweentheEnglishversionandthetranslatedversion,thentheEnglishversionshallprevailinallrespects.

Section14.10 SavingsClause.Anydelay,nonperformanceorotherbreachbyaPartyofitsobligationsunderthisAgreementandanyliabilitytherefor,shallbeexcusedtotheextentsuchfailureiscausedbytheotherParty’sactsoromissionsortheactsoromissionsofsuchParty’semployeesorcontractors,includingsuchParty’sfailuretoperformitsobligationsunderthisAgreement.

Section14.11 CumulativeRemedies.Exceptasotherwiseexpresslyprovided,allremediesprovidedforinthisAgreementshallbecumulativeandinadditionto,andnotinlieuof,anyotherremediesavailabletoeitherParty.

Section14.12 Counterparts.ThisAgreementmaybeexecutedincounterparts,allofwhichtakentogethershallconstituteonesingleagreementbetweentheParties.

Section14.13 Headings.ThePartiesagreethattheheadingsusedinthisAgreementareforeaseofreferenceonlyandshallnotbetakenintoaccountininterpretingtheAgreement.

Section14.14 FurtherAssurances.SubjecttothetermsandconditionsofthisAgreement,eachofICANNandContractoragreestousecommerciallyreasonablebesteffortstotake,orcausetobetaken,allappropriateaction,andtodo,orcausetobedone,allthingsreasonablynecessary,properoradvisableunderapplicablelawstomakeeffectivethetransactionscontemplatedbythisAgreement.

Section14.15 EntireAgreement.ThisAgreement,includingallstatementsofwork,schedules,exhibitsorotherattachmentshereto,constitutestheentireunderstandingandagreementbetweenICANNandContractorwithrespecttothesubjectmatterofthisAgreement,andsupersedesanyandallpriororcontemporaneousoralorwrittenrepresentation,understanding,agreementorcommunicationrelatingthereto.

[SignaturePageFollows]

INWITNESSWHEREOF,thePartieshavecausedthisAgreementtobedulyexecutedasofthedatesetforthbelow.

INTERNETCORPORATIONFORASSIGNEDNAMESANDNUMBERS

By:_________________________________ (Signature)

____________________________________Name(print)

____________________________________Title

[CONTRACTOR]

By: ________________________________ (Signature)

____________________________________ Name(print)

____________________________________Title

21

ANNEXA:STATEMENTOFWORKFORMANAGEMENTOFTHEDNSROOTZONE

1. ROOTZONEMANAGEMENT

a. TheRootZoneManagementcomponentoftheIANANamingFunctionistheadministrationofcertainresponsibilitiesassociatedwiththeInternetDNSrootzonemanagement.

b. ContractorshallcollaboratewiththeCSCtodevelop,maintain,enhanceandpostperformancestandardsforRootZoneManagement.Specifically,ContractorshallperformRootZoneManagementinaccordancewiththeservicelevelssetforthinSection2.

c. ContractorshallalsoimplementDNSSECinallzonesforwhichICANNhastechnicaladministrationauthority.

d. Contractorshallfacilitateandcoordinatetherootzoneofthedomainnamesystem,andmaintain24hour-a-day/7days-a-weekoperationalcoverage.ContractorshallworkcollaborativelywiththeRootZoneMaintainer,intheperformanceofthisfunction.

i. ContractorshallreceiveandprocessrootzonefilechangerequestsforTLDs.ThesechangerequestsincludeadditionofneworupdatestoexistingTLDnameservers(“NS”)anddelegationsigner(“DS”)resourcerecord(“RR”)informationalongwithassociated“glue”(AandAAAARRs).AchangerequestmayalsoincludenewTLDentriestotherootzonefile.ContractorshallprocessrootzonefilechangesasspecifiedinSection2ofthisAnnexA.

ii. Contractorshallmaintain,update,andmakepubliclyaccessibleaRootZoneregistrationdatabasewithcurrentandverifiedcontactinformationforallTLDregistryoperators.TheRootZoneregistrationdatabase,ataminimum,shallconsistofthefollowingdatafields:domainstatusandcontactpointsforresolvingissuesrelatingtotheoperationofthedomain(comprisedofatleastorganizationalname,postaladdress,emailaddressandtelephonenumber).ContractorshallreceiveandprocessrootzoneregistrationdatachangerequestsforTLDs.

iii. ContractorshallapplyexistingpoliciesinprocessingrequestsrelatedtotheDelegation,RevocationandTransferofccTLDs,includingRFC1591,theFOIandanyfurtherclarificationofthesepoliciesdevelopedbytheccNSOandapprovedbytheICANNBoard.ContractorshallrespecttheGAC2005ccTLDPrincipleswhereapplicable.Ifanexistingpolicyframeworkdoesnotcoveraspecificsituation,ContractorwillusecommerciallyreasonableeffortstoconsultwithSignificantlyInterested

22

Partiesand,wherenecessary,mayrequesttheccNSOtoundertakepolicydevelopmentworktoaddresssuchissues.

iv. ContractorshallapplyexistingpolicyframeworksinprocessingrequestsrelatedtoretirementofaccTLD,suchasRFC1591,theFOIandanyfurtherclarificationofthesepoliciesdevelopedbytheccNSOandapprovedbytheICANNBoard.Ifanexistingpolicydoesnotcoveraspecificsituation,ContractorwillusecommerciallyreasonableeffortstoconsultwithSignificantlyInterestedPartiesand,wherenecessary,mayrequesttheccNSOtoundertakepolicydevelopmentworktoaddresssuchissues.

v. ContractorshallverifythatallrequestsrelatedtothedelegationandredelegationofgenericTLDsareconsistentwiththeproceduresdevelopedbyICANN.

vi. Contractorshallmaintainanautomatedrootzonemanagementsystemthat,ataminimum,includes(A)asecure(encrypted)systemforcustomercommunications;(B)anautomatedprovisioningprotocolallowingcustomerstomanagetheirinteractionswiththerootzonemanagementsystem;(C)anonlinedatabaseofchangerequestsandsubsequentactionswherebyeachcustomercanseearecordoftheirhistoricrequestsandmaintainvisibilityintotheprogressoftheircurrentrequests;(D)atestsystem,whichcustomerscanusetomeetthetechnicalrequirementsforachangerequest;and(E)aninternalinterfaceforsecurecommunicationsbetweentheContractorandtheRootZoneMaintainer.

2. SERVICELEVELS

a. ContractorshallperformtheServices inaccordancewiththefollowing“ServiceLevels”. The expectation is that Contractor will normally perform within thethreshold.Thethresholdswillbemodifiedovertimeaspartofperiodicreviewsof the service level expectation. A subset of the followingmeasures relate tomeasurementofnon-routinechangeswhereitisnotapplicabletosetaspecificthreshold for performance. It is expected for measurements of non-routineprocess steps these will only be reported with no applicable service levelexpectation.

b. ServicesDefinitions

i. CategoryI(RoutineupdatesimpactingRootZoneFile).RoutinechangerequeststhatalterthetechnicaldatapublishedintheDNSrootzone(e.g.changestoNSrecords,DSrecordsandgluerecords).Athirdpartymaybeengagedtocompile,publishanddistributetherootzone.

23

ii. CategoryII(RoutineupdatesnotimpactingRootZoneFile).RoutinechangerequeststhatdonotaltertheDNSrootzone(e.g.,contactdataandmetadata).Thesechangesdonotrequirechangestotherootzone.

iii. CategoryIII(CreatingorTransferringagTLD).Requeststocreate(“delegate”)ortransfer(“redelegate”or“assign”)agenericTLD.ThesechangesrequireadditionalprocessingbyContractortoensurepolicyandcontractualrequirementsassociatedwithachangeofcontrolfortheTLDaremet.

iv. CategoryIV(CreatingorTransferringaccTLD).Requeststocreateortransferacountry-codeTLD.ThesechangesrequireadditionalprocessingbyContractortoensurepolicyrequirementsaremet.Thisprocessingincludesadditionalanalysisonthechangerequest,productionofareport,andreviewofthereport(includingverificationthatallexistingregistrationdatahasbeensuccessfullytransferredfromtheoldtonewregistryoperator).

v. CategoryV(Otherchangerequests).Othernon-routinechangerequests.Contractorisrequiredtoprocesschangerequeststhatmayhavespecialhandlingrequirements,orrequireadditionaldocumentaryevidenceorclarificationsfromthecustomerorthirdparties,thatpreventautomatingthehandlingoftherequest.Theserequestsinclude,butarenotlimitedto:

1. Customersthatrequirerequeststobehandledoutsidetheonlineself-serviceplatform,suchasthoselodgingchangerequeststhroughtheexchangeofpostalmail;

2. CustomersthathaveplacedspecialhandlinginstructionsonfilewithContractor,orhaveotherwiseaskedforspecialhandlingforarequestthatdeviatesfromthenormalprocess,resultingintherequestbeingexecutedmanually;

3. Uniquelegalorregulatoryencumbrancesthatmustbesatisfiedthatrequireadditionalprocessing;

4. RemovingaTLDfromservice(i.e.retirementorrevocation);and

5. Changesthatrelatetotheoperationoftherootzoneitself,includingchangingtheRootKeySigningKey,alteringthesetofauthoritativenameserversfortherootzone(i.e.the“rootservers”),andchangestothe“roothints”.

c. ServiceLevels

24

i. Thefieldsinthefollowingtablesareasfollows:

1. Process. The business process that Contractor is requested toperform.

2. Metric.Theindividualmetricthatwillbemeasuredaspartofthecompletionofthebusinessprocess.

3. Threshold. The specified target for each individual changerequest.

4. Type. Whether the threshold specified is a minimum target(compliance must not be less than the target) or a maximumtarget(compliancemustnotbemorethanthetarget).

5. Compliance. The percentage that the target goal in aggregatemustbemetorexceededwithinthespecifiedtimeperiodforallrequestsinthespecifiedcategory.

6. Period.Thetimeoverwhichcomplianceismeasured.(TheperiodofcollectingmeasurementstomeettheServiceLevelAgreement(SLA)).

ii. ProcessPerformance. Total Contractor transaction time for emergencychangesshouldbecompletedwithinatargetof12hoursuntilreviewedbytheCSCwithContractor.

ProcessCategory Metric Threshold Type Compliance PeriodCategoryI—RoutineupdatesimpactingRootZoneFile(NS,DSandgluerecords)

SubmissionTimeforticketconfirmationtobesenttorequesterfollowingreceiptofchangerequestviaautomatedsubmissioninterface

TimeforlodgmentofchangerequestintoRZMSbyContractoronbehalfofrequestsentbyemail

TechnicalChecksTimetoreturnresultsfortechnicalchecksfollowingsubmissionofrequestviaautomated

25

ProcessCategory Metric Threshold Type Compliance PeriodsubmissioninterfaceTimetoreturnresultsforsubsequentperformanceoftechnicalchecksduringretestingduetoearlierfailedtests

ContactConfirmationTimeforauthorizationcontactstobeaskedtoapprovechangerequestaftercompletingpreviousprocessphase

TimeforresponsetobeaffirmedbyContractor

ContractorReviewandProcessingTimetocompleteallothervalidationsandreviewsbyContractorandreleaserequestforimplementation

SupplementalTechnicalChecksTimetoreturnresultsforperformanceoftechnicalchecksduringSupplementalTechnicalCheckphase

ImplementationofChangesTimeforrootzonechangestobepublishedfollowingcompletionofvalidationsandreviewsbyContractor

Timetonotifyrequesterofchangecompletionfollowingpublicationofrequestedchanges

CategoryII—RoutineupdatesnotimpactingRootZoneFile(Contactdetailsandmetadata)

SubmissionTimeforticketconfirmationtobesenttorequesterfollowingreceiptofchangerequestviaautomated

26

ProcessCategory Metric Threshold Type Compliance PeriodsubmissioninterfaceTimeforlodgmentofchangerequestintoRZMSbyContractoronbehalfofrequestsentbyemail

TechnicalChecksTimetoreturnresultsfortechnicalchecksfollowingsubmissionofrequestviaautomatedsubmissioninterface

Timetoreturnresultsforsubsequentperformanceoftechnicalchecksduringretestingduetoearlierfailedtests





ImplementationofChangesTimeforrootzonechangestobepublishedfollowingcompletionofvalidationsandreviews

27

ProcessCategory Metric Threshold Type Compliance PeriodbyContractorTimetonotifyrequesterofchangecompletionfollowingpublicationofrequestedchanges

CategoryIII—CreatingorTransferringagTLD

SubmissionTimeforticketconfirmationtobesenttorequesterfollowingreceiptofchangerequestviaautomatedsubmissioninterface







28

ProcessCategory Metric Threshold Type Compliance PeriodSupplementalTechnicalChecks

TimetoreturnresultsforperformanceoftechnicalchecksduringSupplementalTechnicalCheckphase

ImplementationofChangesTimeforrootzonechangestobepublishedfollowingcompletionofvalidationsandreviewsbyContractor


CategoryIV—CreatingorTransferringaccTLD

Submission

Timeforticketconfirmationtobesenttorequesterfollowingreceiptofchangerequestviaautomatedsubmissioninterface


TechnicalChecks Timetoreturnresultsfor

technicalchecksfollowingsubmissionofrequestviaautomatedsubmissioninterface


29

ProcessCategory Metric Threshold Type Compliance Period ContactConfirmation Timeforauthorization

contactstobeaskedtoapprovechangerequestaftercompletingpreviousprocessphase


ContractorReviewandProcessing Timetocompleteall

othervalidationsandreviewsbyContractorandreleaserequestforimplementation

Timeforthird-partyreviewofrequest(e.g.byICANNBoardofDirectors,PTIBoardorotherrelevantverificationparties)

SupplementalTechnicalChecks Timetoreturnresultsfor

performanceoftechnicalchecksduringSupplementalTechnicalCheckphase

ImplementationofChanges Timeforrootzone

changestobepublishedfollowingcompletionofvalidationsandreviewsbyContractor


CategoryV—Otherchangerequests(i.e.non-routinechangerequests)

SubmissionTimeforticketconfirmationtobesenttorequesterfollowingreceiptofchangerequestviaautomated

30

ProcessCategory Metric Threshold Type Compliance PeriodsubmissioninterfaceTimeforlodgmentofchangerequestintoRZMSbyContractoronbehalfofrequestsentbyemail







ImplementationofChangesTimeforrootzonechangestobepublishedfollowingcompletionofvalidationsandreviews

31

ProcessCategory Metric Threshold Type Compliance PeriodbyContractorTimetonotifyrequesterofchangecompletionfollowingpublicationofrequestedchanges

d. Accuracy

Metric Measurement Threshold Type Compliance PeriodRootzonefiledatapublishedintherootzonematchesthatprovidedinthechangerequest

Accuracy 100% Min <100%

Rootzonedatabaseiscorrectlyupdatedinaccordancewithchangerequests(doesnotincludeimpactofnormalizationandotherprocessingstandardization-whichinanyeventshallneverdetrimentallyimpacttheupdate)

Accuracy 100% Min <100%

e. OnlineServicesAvailabilityandEnquiryProcessing

Metric Threshold Type Compliance Period

RZMSavailability

—availabilityof

anonline

interactiveweb

servicefor

credentialed

customersto

submitchange

32

requeststotheir

rootzone

databaseentries.

Websiteavailability—availabilityofrootzonemanagementrelateddocumentation(i.e.onhttp://www.iana.org)

Directoryserviceavailability—availabilityoftheauthoritativedatabaseofTLDs

Credentialrecovery—timetodispatchconfirmationemailofforgottenusernameorpassword

5min Max 95% Month

Credentialchange—timetoimplementnewpasswordwithinthesystem

5min Max 95% Month

Dashboardupdatefrequency—averagetimetoupdatethedashboardtoensureup-to-datereporting

30min Max 100% Month

Dashboardaccuracy—thedatapresentedonthedashboardisaccurate

100% Min <100% Month

Dashboardavailability—availabilityofthedashboardonline

99% Min <99% Month

SLEreportproduction—timetoproducereportsfollowingtheconclusionofthereportingperiod

Monthly

SLEreportavailability—availabilityoftheSLEreportsandassociated

<10 Max >10days Month

33

dataonline days

after

month

end

SLEreport

publication—

scheduleof

reportingperiods

Monthly

Timetosendacknowledgeofenquiry—timetakentosendinitialacknowledgementofreceiptofageneralenquirypertainingtorootzonemanagement(butnotpertainingtointeractionsinachangerequestcontext)

Timetosendinitialresponsetoenquiry—timetakenforstafftorespondtoenquiry,eitherinpartorinwhole

f. TheseelementsreflectactivityareasthatshouldbeinstrumentedbyContractor,andreportedpursuanttoArticleVIIoftheAgreementandSection3ofthisSOW.

3. PERFORMANCEMETRICREQUIREMENTS

a. ProgramReviewsandSiteVisits

i. ReviewsmaybeconductedbytheCSCinaccordancewithICANN’sBylawsandtheCSCCharter.

34

ii. SitevisitsmaybeconductedbyanIFRTinaccordancewithICANN’sBylaws.

b. MonthlyPerformanceProgressReport.ContractorshallprepareandsubmitreportsasmutuallyagreedbetweenContractorandtheCSC.

c. RootZoneManagementDashboard.ContractorshallworkcollaborativelywithICANNanditscustomerstoproducethedashboardtoreportServiceLevelExpectationsforRootZoneManagement,whichwillbeusedforreal-timereportingofContractor’sperformance.

d. PerformanceStandardsReports.ContractorshalldevelopandpublishperformancestandardmetricreportsfortheIANANamingFunctioninconsultationwiththeCSC.Theperformancestandardsmetricreportswillbepublishedviaawebsiteeverymonth(nolaterthan15calendardaysfollowingtheendofeachmonth).

e. CustomerServiceSurvey.InaccordancewithICANN’sBylaws,ContractorshallcollaboratewiththeCSCandICANNtomaintainandenhancetheannualcustomerservicesurveyconsistentwiththeperformancestandardsforRootZoneManagement.Thesurveyshall,ataminimum,includeafeedbacksectionfortheIANANamingFunction.Nolaterthan60calendardaysaftercompletingacustomerservicesurvey,Contractorshallprepareareport(the“CSSReport”),submittheCSSReporttoICANNandpubliclyposttheCSSReporttotheIANAWebsite.

f. FinalReport.ContractorshallprepareandsubmitafinalreportontheperformanceoftheIANANamingFunctionthatdocumentsstandardoperatingprocedures,includingadescriptionofthetechniques,methods,software,andtoolsemployedintheperformanceoftheIANANamingFunction.ContractorshallsubmitthereporttotheCSCandICANNnolaterthan30daysaftertheexpirationorterminationoftheAgreement.

g. Inspectionandacceptance.ICANNwillperformfinalinspectionandacceptanceofalldeliverablesandreportsarticulatedinthisSection3,assetforthinSection4.10(a)oftheAgreement.AnydeficienciesidentifiedbyICANNshallbecorrectedbyContractorandresubmittedtoICANNwithin10businessdaysafterContractor’sreceiptofnoticeofsuchdeficiency.

4. BASELINEREQUIREMENTSFORDNSSECINTHEAUTHORITATIVEROOTZONE

a. DNSSECattheauthoritativeRootZonerequirescooperationandcollaborationbetweentheContractorandtheRootZoneMaintainer.ThebaselinerequirementsencompasstheresponsibilitiesandrequirementsforContractorandtheseresponsibilitiesandrequirementsmustbeimplementedin

35

cooperationwithsimilarresponsibilitiesandrequirementsdefinedwithinICANN’srelationshipwiththeRootZoneMaintainer.

b. GeneralRequirements

i. TheRootZonesystemneedsanoverallsecuritylifecycle,suchasthatdescribedinISO27001,NISTSP800-53,etc.,andanysecuritypolicyforDNSSECimplementationmustbevalidatedagainstexistingstandardsforsecuritycontrols.

ii. Theremainderofthissectionhighlightssecurityrequirementsthatmustbeconsideredindevelopinganysolution.ISO27002:2005(formerlyISO17799:2005)andNISTSP800-53arerecognizedsourcesforspecificcontrols.NotethatreferencetoSP800-53isusedasaconvenientmeansofspecifyingasetoftechnicalsecurityrequirements.ThesystemsreferencedinthisdocumentareassumedtomeetalltheSP800-53technicalsecuritycontrolsorequivalentrequiredbyaHIGHIMPACTsystem.

iii. Wheneverpossible,referencestoNISTpublicationsaregivenasasourceforfurtherinformation.TheseSpecialPublications(“SP”)arenotintendedasauditingchecklists,butasnon-bindingguidelinesandrecommendationstoestablishaviableITsecuritypolicy.Comparablesecuritystandardscanbesubstitutedwhereavailableandappropriate.AlloftheNISTdocumentreferencescanbefoundontheNISTComputerSecurityResearchCenterwebpage(http://www.csrc.nist.gov/).

c. SecurityAuthorizationandManagementPolicy

i. Contractorshallhaveitsownsecuritypolicyinplace;eachsecuritypolicymustbeperiodicallyreviewedandupdated,asappropriate.

1. SupplementalguidanceongeneratingaSecurityAuthorizationPolicymaybefoundinNISTSP800-37.

ii. Thepolicyshallhaveacontingencyplancomponenttoaccountfordisasterrecovery(bothman-madeandnaturaldisasters).

1. SupplementalguidanceoncontingencyplanningmaybefoundinSP800-34

iii. ThepolicyshalladdressIncidentResponsedetection,handlingandreporting(see4below).

1. SupplementalguidanceonincidentresponsehandlingmaybefoundinNISTSP800-61.

36

d. ITAccessControl

i. ThereshallbeanITaccesscontrolpolicyinplaceandenforcedforthekeymanagementfunctions

1. Thisincludesbothaccesstohardware/softwarecomponentsandstoragemediaaswellasabilitytoperformprocessoperations.

2. SupplementalguidanceonaccesscontrolpoliciesmaybefoundinNISTSP800-12.

ii. Userswithoutauthenticationshallnotperformanyactioninkeymanagement.

iii. Intheabsenceofacompellingoperationalrequirement,remoteaccesstoanycryptographiccomponentinthesystem(suchashardwaresecuritymodules)isnotpermitted.

e. SecurityTraining

i. AllpersonnelparticipatingintheRootZoneSigningprocessshallhaveadequateITsecuritytraining.

ii. SupplementalguidanceonestablishingasecurityawarenesstrainingprogrammaybefoundinNISTSP800-50.

f. AuditandAccountabilityProcedures

i. Contractorshallperiodicallyreview/update:(1)itsformal,documented,auditandaccountabilitypolicythataddressespurpose,scope,roles,responsibilities,managementcommitment,coordinationamongorganizationalentities,andcompliance;and(2)theformal,documentedprocedurestofacilitatetheimplementationoftheauditandaccountabilitypolicyandassociatedauditandaccountabilitycontrols.

1. SupplementalguidanceonauditingandaccountabilitypoliciesmaybefoundinNISTSP800-12.

2. Specificauditingeventsincludethefollowing:

a. Generationofkeys.

b. Generationofsignatures

c. Exportingofpublickeymaterial

37

d. Receiptandvalidationofpublickeymaterial(i.e.,fromtheZSKholderorfromTLDs)

e. Systemconfigurationchanges

f. Maintenanceand/orsystemupdates

g. Incidentresponsehandling

h. Othereventsasappropriate

ii. Incidenthandlingforphysicalandexceptionalcyber-attacksshallincludereportingtoICANNinatimeframeandformatasmutuallyagreedbyICANNandContractor.

iii. Theauditingsystemshallbecapableofproducingreportsonanad-hocbasisforICANNortheCSC.

iv. AversionofthereportsprovidedtoICANNortheCSCmustbemadepublicallyavailable.

g. PhysicalProtectionRequirements

i. Thereshallbephysicalaccesscontrolsinplacetoonlyallowaccesstohardwarecomponentsandmediatoauthorizedpersonnel.

1. SupplementalguidanceontokenbasedaccessmaybefoundinNISTSP800-73.

2. SupplementalguidanceontokenbasedaccessbiometriccontrolsmaybefoundinNISTSP800-76.

ii. Physicalaccessshallbemonitored,logged,andregisteredforallusersandvisitors.

iii. Allhardwarecomponentsusedtostorekeyingmaterialorgeneratesignaturesshallhaveshort-termbackupemergencypowerconnectionsincaseofsitepoweroutage.(SeeNISTSP800-53r3).

iv. Appropriateprotectionmeasuresshallbeinplacetopreventphysicaldamagetofacilitiesasappropriate.

h. AllComponents

i. Allhardwareandsoftwarecomponentsmusthaveanestablishedmaintenanceandupdateprocedureinplace.

38

1. SupplementalguidanceonestablishinganupgradingpolicyforanorganizationmaybefoundinNISTSP800-40

ii. Allhardwareandsoftwarecomponentsprovideameanstodetectandprotectagainstunauthorizedmodifications/updates/patching.

i. InterfaceBasicFunctionality

i. Contractor’sinterfaceshallhavetheabilitytoacceptandprocessTLDDSrecords,including:

1. AcceptTLDDSRRs

a. BeingabletoretrieveTLDDNSKEYrecordfromtheTLD,andperformparametercheckingfortheTLDkeys,includingverifyingthattheDSRRhasbeencorrectlygeneratedusingthespecifiedhashalgorithm.

2. Havingproceduresfor:

a. ScheduledrolloverforTLDkeymaterial;

b. SupportingemergencykeyrolloverforTLDkeymaterial;and

c. MovingTLDfromsignedtounsignedintherootzone.

ii. AbilitytosubmitTLDDSrecordupdatestotheRootZoneMaintainerforinclusionintotherootzone.

iii. AbilitytosubmitRZkeysettotheRootZoneMaintainerforinclusionintotherootzone.

proposed naming function agreement - icann · iana naming function agreement this iana naming...

Documents