Audit Programs

We are committed to ensuring the security and stability of the Internet's unique identifier systems. As part of this commitment, we conduct audits each year on different aspects of the IANA functions we provide. These audits evaluate our system and organization controls (SOCs) against the “Trust Services Principles and Criteria”, and are conducted by an independent accounting firm.

Root Zone KSK System

As the DNSSEC Root Zone Key Signing Key (RZ KSK) manager, we engage a third party to ensure we have appropriate internal controls in place to meet the availability, processing integrity and security objectives for our RZ KSK System. These audits evaluate the IT operational practices and controls around the RZ KSK System and we have been awarded with SOC 3 certification with an unqualified opinion.

Registry Assignment and Maintenance Systems

As part of our commitment to the Trust Services Principles and Criteria, we engage a third party to ensure we have appropriate internal controls in place to meet the availability, processing integrity and security objectives for the key systems used to support the IANA function’s transaction processing. These systems are referred to as our Registry Assignment and Maintenance Systems (RAMS), and include the Root Zone Management System, and the systems used to manage IETF protocol parameter registries and number allocation requests. The RAMS are audited according to both the SOC 2 and SOC 3 framework.

The SOC 2 audit report is a confidential report provided to the relevant oversight bodies to fulfill a requirement of the contract between PTI and ICANN; the Memorandum of Understanding between ICANN and the IETF; and the SLA contract between ICANN and the five Regional Internet Registries. The SOC 3 report is published here.

About the Trust Services Principles and Criteria

The Trust Services Principles and Criteria is an international set of principles and criteria developed and managed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). The SOC 2 and SOC 3 examination is a rigorous process developed by the AICPA and CICA to provide independent assurance that an organization's systems are reliable. Our SOC certification and reports focus on the following Trust Services principles:

• Availability — the system was available for operation and use, as committed or agreed
• Processing Integrity — the system processing was complete, accurate, timely, and authorized
• Security — the system was protected against unauthorized access

Each principle is supported by well-defined and detailed criteria that encompass a company's infrastructure, software, data, people, and procedures.

Audit Reports

• Registry System Audit — October 1 2023 to 30 November 2024
• Root KSK Audit — 1 December 2023 to 30 November 2024
• Root KSK Audit — 1 December 2022 to 30 November 2023
• Root KSK Audit — 1 December 2021 to 30 November 2022
• Root KSK Audit — 1 December 2020 to 30 November 2021
• Root KSK Audit — 1 December 2019 to 30 November 2020
• Root KSK Audit — 1 December 2018 to 30 November 2019
• Root KSK Audit — 1 December 2017 to 30 November 2018
• Root KSK Audit — 1 October 2016 to 30 November 2017
• Root KSK Audit — 1 December 2015 to 30 September 2016
• Root KSK Audit — 1 December 2014 to 30 November 2015
• Root KSK Audit — 1 December 2013 to 30 November 2014
• Root KSK Audit — 1 December 2012 to 30 November 2013
• Root KSK Audit — 1 December 2011 to 30 November 2012
• Root KSK Audit — 1 December 2010 to 30 November 2011
• Root KSK Audit — 15 June 2010 to 30 November 2010