SSAC Review Request for Proposal (RFP): Click here to view
Board Resolution to Initiate SSAC Review: Click here to view
Scope of the Review
As part of ICANN's ongoing commitment to its evolution and improvement, Article IV, Section 4.4 of ICANN's Bylaws contains provisions for “periodic review of the performance and operation of each Supporting Organization, each Supporting Organization Council, each Advisory Committee (other than the Governmental Advisory Committee), and the Nominating Committee […]by an entity or entities independent of the organization under review.”
These periodic reviews present ICANN structures with opportunities for continuous improvement through consistent application of compliance audit principles to objectively measure performance relative to specific and quantifiable criteria developed by ICANN based on the unique nature of its structures. The resulting implementation of improvements and the systematic means of measuring performance and validating effectiveness of implementation are of utmost importance to the ongoing legitimacy of ICANN.
According to Article 12.1 of the ICANN Bylaws: “The Board may create one or more "Advisory Committees" in addition to those set forth in this Article 12. Advisory Committee membership may consist of Directors only, Directors and non-directors, or non-directors only, and may also include non-voting or alternate members. Advisory Committees shall have no legal authority to act for ICANN, but shall report their findings and recommendations to the Board.”
Article 12.2(b) of ICANN Bylaws provides for the Security and Stability Advisory Committee, whose role “is to advise the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems.”
The SSAC is a committee whose members are appointed by the ICANN Board. SSAC appointments are for three-year terms, and there are no limits on the number of terms the chair or members may serve.(see also Article 12 Section 12.2(b) of the ICANN Bylaws and the SSAC Operational Procedures).
(i) The role of the Security and Stability Advisory Committee ("Security and Stability Advisory Committee" or "SSAC") is to advise the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. It shall have the following responsibilities:
(A) To communicate on security matters with the Internet technical community and the operators and managers of critical DNS infrastructure services, to include the root name server operator community, the top-level domain registries and registrars, the operators of the reverse delegation trees such as in-addr.arpa and ip6.arpa, and others as events and developments dictate. The SSAC shall gather and articulate requirements to offer to those engaged in technical revision of the protocols related to DNS and address allocation and those engaged in operations planning.
(B) To engage in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and to advise the ICANN community accordingly. The SSAC shall recommend any necessary audit activity to assess the current status of DNS and address allocation security in relation to identified risks and threats.
(C) To communicate with those who have direct responsibility for Internet naming and address allocation security matters (IETF, RSSAC (as defined in Section 12.2(c)(i)), RIRs, name registries, etc.), to ensure that its advice on security risks, issues, and priorities is properly synchronized with existing standardization, deployment, operational, and coordination activities. The SSAC shall monitor these activities and inform the ICANN community and Board on their progress, as appropriate.
(D) To report periodically to the Board on its activities.
(E) To make policy recommendations to the ICANN community and Board.
Section 4.4 of the Bylaws addresses the periodic review of ICANN’s structures and operations:
The Board shall cause a periodic review of the performance and operation of each Supporting Organization, each Supporting Organization Council, each Advisory Committee (other than the Governmental Advisory Committee), and the Nominating Committee (as defined in Section 8.1) by an entity or entities independent of the organization under review. The goal of the review, to be undertaken pursuant to such criteria and standards as the Board shall direct, shall be to determine (i) whether that organization, council or committee has a continuing purpose in the ICANN structure, (ii) if so, whether any change in structure or operations is desirable to improve its effectiveness and (iii) whether that organization, council or committee is accountable to its constituencies, stakeholder groups, organizations and other stakeholders.
These periodic reviews shall be conducted no less frequently than every five years, based on feasibility as determined by the Board. Each five-year cycle will be computed from the moment of the reception by the Board of the final report of the relevant review Working Group.
The results of such reviews shall be posted on the Website for public review and comment, and shall be considered by the Board no later than the second scheduled meeting of the Board after such results have been posted for 30 days. The consideration 6 by the Board includes the ability to revise the structure or operation of the parts of ICANN being reviewed by a two-thirds vote of all Directors, subject to any rights of the EC under the Articles of Incorporation and these Bylaws.
The outcome of the current review will be factored into ICANN’s strategic planning work and holistic considerations of the ICANN structure.
Scope of Work
1. An assessment of the implementation state of SSAC’s prior review; This includes a status report of the implementations approved by the ICANN Board from the first SSAC Review, and an assessment of the effectiveness of these implementations.
2. An assessment of whether SSAC has a continuing purpose within the ICANN structure; Examination of SSAC’s chartered purpose, to advise the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems, and how well it is fulfilled, will help assess the SSAC’s continuing purpose within the ICANN structure.
3. An assessment of how effectively SSAC fulfills its purpose and whether any change in structure or operations is needed to improve effectiveness, in accordance with the ICANN-provided objective and quantifiable criteria Subject to the scope of the SSAC’s chartered remit (ICANN Bylaws, 12.2(b)), examination of purpose, structure, and operations with respect to the SSAC’s effectiveness, in accordance with ICANN-provided objective and quantifiable criteria
4. An assessment of the extent to which SSAC as a whole is accountable to the wider ICANN community, its organizations, committees, constituencies, and stakeholder groups. Determine if the SSAC is sufficiently accountable regarding security matters according to its chartered mandate to provide advice to the ICANN community and Board, and to engage and communicate with the community on various security matters as detailed in its charter.
The scope of work for this review includes years from 2011 to the present. Any additional areas of exploration during the review are dependent on input from the ICANN Board’s Organizational Effectiveness Committee (OEC) and/or the SSAC Review Work Party. In addition, the SSAC may perform a self-assessment in preparation for, or in parallel with, the independent examiner’s work.