Diversitas will employ comprehensive systems to ensure policy and contract
compliance, similar to those used in the current operation of the .com, .net,
.org Registry. Within the com/net/org registry these systems span various
working groups thereby providing cross-functional responsibility for
compliance matters. A Policy and Compliance group consisting of the Compliance
Officer, Assistant Compliance Officer and the OCI (Organizational Conflicts of
Interest) Administrator manages compliance responsibilities. That group will
continue fulfilling its responsibilities on behalf of Diversitas to ensure
that all backend support services are provided in full compliance with
ICANN-developed policies and registry agreement requirements. To ensure
fulfillment of .org compliance responsibilities by Diversitas, by VGRS and by
any future service providers contracted by Diversitas, Diversitas will have a
Policy and Compliance Officer.
The Diversitas Policy and Compliance Officer will implement the following
mechanisms to ensure compliance: a compliance matrix to track, monitor and
manage requirements; procedures for equivalent registrar access validation and
reporting; OCI training for all Diversitas employees; contract administration
support to enforce Registry Registrar Agreement compliance; an information
control matrix to control dissemination of registry sensitive information.
The compliance matrix ("matrix") would identify each contractual
requirement of the registry contained in the ICANN Registry Agreement,
cross-referenced by the relevant contract section. These requirements include
technical, financial, operational and other matters. For each item identified,
the matrix would assign the responsible party, along with a due date, or
"ongoing" designation as applicable, and a status summary. The
Policy and Compliance Officer would communicate regularly with each
responsible party, noting any new information on the matrix. This matrix would
then be distributed to the senior management staff on a monthly basis so that
full adherence to all requirements is properly and continually monitored.
Equivalent access validation and reporting would ensure compliance with
Appendix H of the.org registry agreement. Under that appendix, the registry is
obligated to certify to ICANN every six months the fulfillment of requirements
specifically delineated in the appendix. These items are designed to
demonstrate that the Registry Operator is providing equivalent access to the
Shared Registration System to all ICANN-accredited registrars. The Policy and
Compliance Officer would survey the department heads responsible for each item
prior to recommending execution of the certification. Such surveys will
include inquiries concerning evidence of compliance with the item, any process
changes since the last certification, and any other pertinent information. The
written results of each confirmation exercise would be documented and kept on
file.
OCI training would be provided to all Diversitas employees including
contractor employees to ensure that they fully understand all compliance and
equivalent access requirements and to thereby assist them in avoiding any
potential conflicts of interest that could arise as a result of the
relationship between Diversitas as Registry Operator for .com, .net and .org
TLDs and any one of several competing registrars. In addition to serving that
purpose, the OCI Training course would provide valuable guidance to all
Diversitas employees and contractors concerning day-to-day actions and their
impact upon contractual obligations. The OCI Training course will identify
conflict of interest issues, implications of conflicts, as well as the plan to
avoid conflicts. Participants in the course will be exposed to ICANN's role in
the registry business and the agreements governing same, and will include
training in such areas as separation of registry and registrar businesses,
proper dissemination of information, and the various ways in which equivalent
access is ensured for all ICANN accredited registrars. In addition to an
initial OCI training course at the beginning of each person's employment, they
will also be required to take an annual refresher course. The UIA Team
recognizes that all employees share responsibility in conducting business in a
manner conducive to strict adherence to ICANN policies and requirements.
The UIA Team contract administration staff will be dedicated to preparing
all ICANN accredited registrars for production as well as handling all
contract matters. As detailed in Section C21 of this proposal, a ramp-up
process is already in place as part of the customer service that will be
provided to .org registrars that will ensure that all newly accredited
registrars have access to all of the necessary tools and information required
to become a fully operational registrar. After a registrar has entered
production, the contract administration staff, in cooperation with the Policy
and Compliance Officer, will assist in managing the contract compliance
program. The purpose of the program is to ensure consistent registrar
compliance with key operational provisions of the Registry-Registrar Agreement
("RRA"), thus, creating a fair and equal Shared Registration System
within which registrars may compete. The program consists, in part, of
evaluations applied equally to all operational ICANN accredited registrars and
conducted from time to time throughout the year. Each registrar will be
evaluated on the same criteria, which typically includes utilization of an
agreement with registrants, provision of domain lookup system, customer
service, inclusion of the UDRP, indemnification requirements and transfer
policies. An evaluation of the registrar's web site will be conducted,
followed by communication with the registrar to obtain any missing
information. Registrars who do not comply with the specific contractual
requirements will be obligated to do so. This program is intended to be a
successful means of maintaining good communication with registrars while at
the same time ensuring consistent compliance.
The information control matrix is a tool used to define and manage
dissemination of registry sensitive information to ensure that Diversitas
employees understand what personnel have access to various types of sensitive
information. In particular, the matrix will be designed to ensure that no
registrars receive any .org registry information that gives them an advantage
over any other registrars.
VGRS will assist Diversitas in the development and implementation of its
compliance program including providing initial OCI training to relevant UIA
personnel shortly after contract award. VGRS has had over two and one half
years to develop its compliance plan and is therefore well prepared to assist
Diversitas in this regard. With regard to OCI training, as of June 4, 2002,
1277 VeriSign employees and contractors had completed the VGRS initial OCI
Training Course and 658 had completed the OCI Refresher Course.