C19. Please describe in detail mechanisms that you propose to implement to ensure compliance with ICANN-developed policies and the requirements of the registry agreement.

Diversitas will employ comprehensive systems to ensure policy and contract compliance, similar to those used in the current operation of the .com, .net, .org Registry. Within the com/net/org registry these systems span various working groups thereby providing cross-functional responsibility for compliance matters. A Policy and Compliance group consisting of the Compliance Officer, Assistant Compliance Officer and the OCI (Organizational Conflicts of Interest) Administrator manages compliance responsibilities. That group will continue fulfilling its responsibilities on behalf of Diversitas to ensure that all backend support services are provided in full compliance with ICANN-developed policies and registry agreement requirements. To ensure fulfillment of .org compliance responsibilities by Diversitas, by VGRS and by any future service providers contracted by Diversitas, Diversitas will have a Policy and Compliance Officer.

The Diversitas Policy and Compliance Officer will implement the following mechanisms to ensure compliance: a compliance matrix to track, monitor and manage requirements; procedures for equivalent registrar access validation and reporting; OCI training for all Diversitas employees; contract administration support to enforce Registry Registrar Agreement compliance; an information control matrix to control dissemination of registry sensitive information.

The compliance matrix ("matrix") would identify each contractual requirement of the registry contained in the ICANN Registry Agreement, cross-referenced by the relevant contract section. These requirements include technical, financial, operational and other matters. For each item identified, the matrix would assign the responsible party, along with a due date, or "ongoing" designation as applicable, and a status summary. The Policy and Compliance Officer would communicate regularly with each responsible party, noting any new information on the matrix. This matrix would then be distributed to the senior management staff on a monthly basis so that full adherence to all requirements is properly and continually monitored.

Equivalent access validation and reporting would ensure compliance with Appendix H of the.org registry agreement. Under that appendix, the registry is obligated to certify to ICANN every six months the fulfillment of requirements specifically delineated in the appendix. These items are designed to demonstrate that the Registry Operator is providing equivalent access to the Shared Registration System to all ICANN-accredited registrars. The Policy and Compliance Officer would survey the department heads responsible for each item prior to recommending execution of the certification. Such surveys will include inquiries concerning evidence of compliance with the item, any process changes since the last certification, and any other pertinent information. The written results of each confirmation exercise would be documented and kept on file.

OCI training would be provided to all Diversitas employees including contractor employees to ensure that they fully understand all compliance and equivalent access requirements and to thereby assist them in avoiding any potential conflicts of interest that could arise as a result of the relationship between Diversitas as Registry Operator for .com, .net and .org TLDs and any one of several competing registrars. In addition to serving that purpose, the OCI Training course would provide valuable guidance to all Diversitas employees and contractors concerning day-to-day actions and their impact upon contractual obligations. The OCI Training course will identify conflict of interest issues, implications of conflicts, as well as the plan to avoid conflicts. Participants in the course will be exposed to ICANN's role in the registry business and the agreements governing same, and will include training in such areas as separation of registry and registrar businesses, proper dissemination of information, and the various ways in which equivalent access is ensured for all ICANN accredited registrars. In addition to an initial OCI training course at the beginning of each person's employment, they will also be required to take an annual refresher course. The UIA Team recognizes that all employees share responsibility in conducting business in a manner conducive to strict adherence to ICANN policies and requirements.

The UIA Team contract administration staff will be dedicated to preparing all ICANN accredited registrars for production as well as handling all contract matters. As detailed in Section C21 of this proposal, a ramp-up process is already in place as part of the customer service that will be provided to .org registrars that will ensure that all newly accredited registrars have access to all of the necessary tools and information required to become a fully operational registrar. After a registrar has entered production, the contract administration staff, in cooperation with the Policy and Compliance Officer, will assist in managing the contract compliance program. The purpose of the program is to ensure consistent registrar compliance with key operational provisions of the Registry-Registrar Agreement ("RRA"), thus, creating a fair and equal Shared Registration System within which registrars may compete. The program consists, in part, of evaluations applied equally to all operational ICANN accredited registrars and conducted from time to time throughout the year. Each registrar will be evaluated on the same criteria, which typically includes utilization of an agreement with registrants, provision of domain lookup system, customer service, inclusion of the UDRP, indemnification requirements and transfer policies. An evaluation of the registrar's web site will be conducted, followed by communication with the registrar to obtain any missing information. Registrars who do not comply with the specific contractual requirements will be obligated to do so. This program is intended to be a successful means of maintaining good communication with registrars while at the same time ensuring consistent compliance.

The information control matrix is a tool used to define and manage dissemination of registry sensitive information to ensure that Diversitas employees understand what personnel have access to various types of sensitive information. In particular, the matrix will be designed to ensure that no registrars receive any .org registry information that gives them an advantage over any other registrars.

VGRS will assist Diversitas in the development and implementation of its compliance program including providing initial OCI training to relevant UIA personnel shortly after contract award. VGRS has had over two and one half years to develop its compliance plan and is therefore well prepared to assist Diversitas in this regard. With regard to OCI training, as of June 4, 2002, 1277 VeriSign employees and contractors had completed the VGRS initial OCI Training Course and 658 had completed the OCI Refresher Course.


Back to Table of Contents