Australia's Department of Communications has completed its review of .au Domain Administration (auDA), the not-for-profit policy authority and industry self-regulatory body for the .au domain space, with Minister Mitch Fifield saying "urgent reforms are necessary".
"The department has finalised a report which includes a series of recommendations and new Terms of Endorsement (ToE)," Fifield said in his letter [PDF] to auDA chair Chris Leptos.
"The Commonwealth's endorsement of auDA as the appropriate entity to hold the delegation of authority for administration of the .au ccTLD will be subject at all times to auDA meeting the conditions as outlined in the ToE."
The ToE involve setting out the core functions of auDA as ensuring stable, reliable, and secure operations for the .au domain space; responding to DNS security issues quickly; promoting competition, fair trading, and consumer protection principles; operating as a self-funding non-profit organisation; taking part in domestic and international technical and policy spaces to represent Australia's interests and identify new developments; and coming up with "appropriate dispute resolution mechanisms".
The new ToE are effective immediately, with auDA to respond to the report and ToE within 10 business days.
"I request that auDA provides an assurance regarding the likelihood of successful implementation of the registry transformation project. Further, I understand that consultation is under way regarding direct registration and I request an update on this process," Fifield added in the letter.
The 29 recommendations made by the review, all of which have been accepted by the government, include that auDA's role in the security and stability of the .au space and its commercial strategy considerations should not alter its role and purpose as .au administrator; and that auDA formulate a four-year annual strategic plan as well as a KPI framework.
In terms of its governance arrangements, the department recommended that auDA's board positions all be appointed by a nomination committee made up of auDA members, industry, consumers, the department, and business; that nominations use a merit-based process, and ensure directors have technical, corporate, and industry skills and experience; that directors can only serve for three-year terms, and no more than two consecutive terms; that the board be independent of auDA membership; that the board be reconstituted within 12 months; and that a board charter be established to set out the roles, responsibilities, and appointment of the CEO, chair, and board.
On its membership rules, the government said auDA should create a single member class or "functional constituency model"; extend membership to underrepresented stakeholders; review its assessment process for new members; report annually on the effectiveness of its membership initiatives; and respond to the department on how it will deliver on the new ToE. Meanwhile, the department should review the ToE in two years, and then every three years; adopt a formal oversight role of auDA, including independent verification of auDA's annual reports; and have its oversight role "periodically" reviewed by the government.
For stakeholder engagement, the department suggested that auDA develop a public stakeholder engagement strategy and implementation plan, and report on this annually; publish conclusions on its review of community activities, and develop an implementation plan for these; engage with the Internet Corporation for Assigned Names and Numbers (ICANN) and other international bodies; include ICANN in its stakeholder engagement strategy; and report and forecast its international activity.
In order to foster "trust and confidence in .au", the department has recommended that auDA engage with ICANN's Security and Stability Advisory Committee; develop with stakeholders and implement an enterprise security strategy based on international and local best practice; publish a public version of this enterprise security strategy; map out its "relationship with Australian government security agencies and the internet industry and community on security of the .au namespace"; and provide quarterly reports to the government on its security activities.
Lastly, the Department of Communications should also "facilitate partnerships between auDA and relevant cybersecurity agencies", the recommendations say.
"The government's review is timely to ensure the right framework is in place so that Australia's .au domain administrator is modern, fit-for-purpose, and supports the interests of Australia's internet users," Fifield said.
"The government expects to see significant progress within the next three to six months from auDA in implementing these changes."
The Department of Communications opened its review into auDA in October last year, releasing a discussion paper a month later to seek feedback on the appropriate framework for the management of the .au domain before implementing its direct registration policy recommended in April 2016.
auDA stated in its submission to the department that it would be evaluating its company structure and board members to reduce the "potential for misalignment between the pursuit of member interests and good governance principles".
In a submission provided to a probe of its own operations, auDA has recommended that it restructure its business model in order to continue authority on the .au domain space.
The .au Domain Administration's Policy Review Panel has proposed a series of reforms to the country's domain name registration structure, including the option to register addresses like 'yourname.au'.
The government wants to ensure the management framework of auDA remains fit-for-purpose.
Draft recommendations from the names policy panel of the body responsible for the .au top-level domain has called for allowing Australian businesses and individuals to directly register domains such as domainname.au.
Software automation policy guidelines (Tech Pro Research)
Software automation is used for many business and IT processes, depending on industry vertical and individual company business and IT needs.