Unity Registry Logo               Time to re-organise
The Proposal

C19. Please describe in detail mechanisms that you propose to implement to ensure compliance with ICANN-developed policies and the requirements of the registry agreement.

The Unity Registry proposal sets out the mechanisms we will apply to ensure responsiveness to the noncommercial user community (see Section C35). The mechanisms needed to ensure compliance with ICANN policies and the registry agreement are directly linked to the procedures, policy groups and independent review processes set out in Section C35: this section and C35 should be read together.

Unity Registry takes the position that compliance with ICANN policies and agreements must form part of the overall mechanisms established for broader policy review, monitoring, reporting and independent assessment.

All stakeholders in Unity Registry, whether noncommercial users, registrars, ICANN, or board members, share an interest in ensuring that Unity Registry puts in place mechanisms for policy and legal compliance. Compliance can only be ensured if it is achieved by integrating it at all levels of the registry. A framework of processes and procedures for all requirements identified in C35 and C19 is therefore essential.

The Unity Registry framework will be organized according to the following principles:

  • Comprehensiveness—the framework must cover not just board reporting or reporting to ICANN, but day-by-day management procedures ensuring compliance;
  • Integration—the procedures for compliance with ICANN policies and agreements must be integrated into an overall plan for policy responsiveness and participation by stakeholders;
  • Stakeholder Oversight—policy and agreement compliance are a task that involves users as well as board and management;
  • Monitoring and Measuring—the bedrock of compliance is a management system designed to monitor compliance and to measure the nature and extent of compliance;
  • Transparency—standardized reporting should be provided to relevant bodies to ensure openness and transparency;
  • Independent Assessment—compliance with any policy or agreement should not be left open to management interpretation. An independent assessment structure determined in advance is the final step in compliance control.

The framework for Unity Registry’s compliance mechanisms will be guided by the standards set out in the AA1000 international standards for stakeholder accountability. AA1000 is a standard developed and approved by the ISEA (Institute of Social and Ethical Accountability) Council. (The AA1000 standards system is also described in C35 and this section repeats some description found in that section.)

Since its inception AA1000 it has been used by non-profit organizations, businesses and public bodies in framing corporate responsibility policies, stakeholder dialogue, auditing and verification of public reports, and professional training and research. Unity Registry will work with the independent UK organization, AccountAbility,the originators of AA1000, http://www.accountability.org.uk/) to establish compliance mechanisms for .org.

AccountAbility is an international, democratic, not-for-profit, professional institute dedicated to the promotion of social, ethical and overall organizational accountability governed by an international multi-stakeholder Poptel works in partnership with Accountability developing ‘Ethical Explorer’ (www.ethicalexplorer.org), a new on-line tool to support social reporting. Unity Registry will work with AccountAbility to apply the Assurance Framework of AA1000 to meet the principles set out above and to deliver a full set of processes and procedures that achieve “best practice” by January 1, 2003. The AA1000 is specifically designed to meet the challenge of designing the mechanisms required.

The AccountAbility Assurance Framework contains the principles, process standards and practice guidelines for providing assurance regarding the reliability of reports and management systems.

Frequently, organizations make the mistake of relying uncritically on independent third-party assurance that any information provided in compliance reports is reliable and complete. That reliance ignores the underlying foundation for most independent reporting. In many compliance reports the scope of the review, assessment and reporting process is determined by the organization and its management rather than by the stakeholders or an independent advisor acting on their behalf. Truly independent assessment rests on a reporting process that is jointly directed by management and stakeholders.

By working with AccountAbility and following the AA1000 standards, Unity Registry will be able to deliver a concise practical management system leading to effective reporting, and integrating oversight, feedback, and participation by all stakeholders. The foundation elements for the compliance management system will include:

  • Designation of members of the .org Policy Group and the Operations Advisory Group (described fully in C35) with particular responsibility for compliance monitoring;
  • Compliance reporting systems at the management and board level;
  • Designation of a joint team of management and representatives of the .org Policy Group to define and coordinate participation in ICANN bodies;
  • Development of the compliance management system with the assistance and approval of AccountAbility;
  • A public mechanism of monitoring and measurement;
  • Integration with the policy management system set out in C35;
  • Independent assessment and reporting to all stakeholder groups.

We believe that with this structure in place then we will be able to track policies as they are developed by ICANN and ensure our continuing compliance. The mechanisms we put in place will also ensure that we meet all requirements of the registry function.