Separately, auDA established in February 2012 an industry advisory panel to: "review the structure and regulation of the Australian domain name industry; and provide recommendations to the auDA board about what changes (if any) should be made to the competition model."
The panel is required to undertake two rounds of public consultation on any proposals for change, and has released its first issues paper http://www.auda.org.au/pdf/2012iap-issues-paper.pdf canvassing views on a number of proposed changes. auDA has handed over the first draft of its proposed mandatory security standard to the advisory panel and it has now been incorporated into the issues paper.
Other issues on which the paper seeks stakeholder views are:
- The best method for selecting and appointing a registry operator prior to the expiry of the current contract with AusRegistry on 30 June 2014;
- The accreditation of registrars, particularly with respect to overseas-based registrars; and
- The status of resellers in .au and the possibility of permitting bulk reseller transfers and the listing of resellers in WHOIS.
At present the only security requirement imposed on registrars is that the must immediately give auDA notice of any security breaches affecting any part of their systems.
Under the draft proposals certification assessments would be conducted by auDA's nominated assessor and all registrars would be required to undertake full certification assessment every three years, with interim assessments to be conducted annually or as otherwise recommended by the assessor.
Registrars that failed an assessment would have their accreditation suspended and then terminated if they failed to pass their assessment within three months of being suspended.
The issues paper says: "The Panel is aware that the introduction of a mandatory security standard for registrars would be a 'world-first', and would represent a significant change to the industry – not just for existing accredited registrars but also for prospective applicants for accreditation.
"The Panel notes that, while the auDA ISS will be mandatory for accredited registrars, it is flexible enough to apply to other industry participants such as resellers, who may wish to gain certification to improve their own systems and create a point of market differentiation. Similarly, registrars may also choose to apply it to other aspects of their businesses, such as hosting."
The issues paper also says: "the panel also notes need to ensure that the auDA ISS does not become a simple compliance exercise, and emphasises the importance of robust enforcement mechanisms and regular reviews to ensure the auDA ISS remains relevant and effective." However no specific enforcement measures are suggested in the paper.
You can read more stories on telecommunications in our newsletter ExchangeDaily, click here to sign up for a free trial...