Dear SSR2 RT, Some clarifications have been requested from ICANN org on the below questions. Could the volunteers for each topic please provide the requested clarifications? Review Team volunteers: Scott, Noorul Workstream: ICANN SSR Topic 4: Perform an assessment of how effectively ICANN has implemented its Security Incident Management and Response Processes to reduce (pro-active and reactive) the probability of DNS-related incidents. Clarification requested: Can you please clarify if these questions are specific to the ICANN Managed Root Server or more generally for ICANN? 1. Which certifications is ICANN pursuing for the organisation and staff? 2. Which certifications and compliance frameworks has ICANN completed? 3. Who are ICANN’s auditors, what audits are completed regularly? Review Team volunteers: Eric, Denise, Norm, Boban Workstream: Future Challenges Topic: Coalescence of registrars/registry/backend operators for multiple TLDs Clarification requested: Can you please provide further context behind the question or clarify the question? 1. Has ICANN identified the issue of coalescence of registrars/registry operators in their risk management and what are the measures be taken? 2. Are there any and if so, what are the control mechanisms for operational availability of the TLD’s? Thanks, Jennifer -- Jennifer Bryce Senior Reviews Coordinator Internet Corporation for Assigned Names and Numbers (ICANN) Email: jennifer.bryce@icann.org Skype: jennifer.bryce.icann www.icann.org