Hi Alain, all, On 01.11.18 09:36, ALAIN AINA wrote:
Most of the impact of the implementation in my opinion are to be investigated in strategic objectives and their implementation through activities portfolio throughout the years. We shall measure the impact from the KPI and deliverable in the OP, Annual report and also how SSR inputs and influences the strategic/ operation plannings and the prioritisation of the activities and projects. Engage with Staff, board and any other affected parties or constituencies by the recommendations.
That sounds really good and reasonable, but I doubt that we can do it on a voluntary basis in this form. I also see that the evaluation of the implementation status of individual recommendations has only included a handful of evidences. Let's take the example of strategic planning and the risks assessment we discussed in this context. Until this workshop in Barcelona, we obviously had not previously reviewed the strategic planning document https://www.icann.org/en/system/files/files/strategic-plan-2016-2020-10oct14... - otherwise we would know that strategic risks were being considered in this context. I don't expect - and in my opinion nobody can - that we know everything and have to know where something is written. But IMHO there has to be an in-depth review, either through evidence (in form of available documents) or through interviews with SME's. Based on the above-mentioned facts, I also find it difficult to conclude at end, that most of the 28 recommendations are still not implemented. Which brings me back to the question, should we not use external resources more within the review? I would like to hear from all RT-members their own point of view on this. So, how do you see it? Are you satisfied with the result of the review of SSR1 recommendations and can you stand for the conclusion?
On the specifics.
For example we claimed that definition of security in the registry agreement differs from the one published in the SSR framework, added to the ICANN glossary and supposed to be used in all materials.
But, section 7.3 of the registry agreement does not define “security”, or “stability” but define what “effect on them mean or refer to"
======
(a) For the purposes of this Agreement, an effect on “Security” shall mean
(1) the unauthorized disclosure, alteration, insertion or destruction of registry data, or (2) the unauthorized access to or disclosure of information or resources on the Internet by systems operating in accordance with all applicable standards.
(b) For purposes of this Agreement, an effect on “Stability” shall refer to
(1) lack of compliance with applicable relevant standards that are authoritative and published by a well-established and recognized Internet standards body, such as the
======= So using this example to justify a breach in the implementation of the recommendation is not appropriate in my opinion.
I had already mentioned this in Barcelona and I will still agree with you. We should give everyone - and especially ICANN's legal department when it comes to drafting contracts - the option of interpreting and refining a definition for or in a particular context. Maybe we can include this in the analysis as an observation. Best regards - Boban.