Contingency and Continuity of Operations Plan Test Report
10 May 2023
ICANN and PTI maintain a Contingency and Continuity of Operations Plan (“CCOP”) for the IANA Naming Function. This Plan is compiled and tested in accordance with section 5.2(b) of the IANA Naming Functions Agreement effective 1 October 2016, which reads:
“[PTI] shall collaborate with ICANN to develop and implement a [CCOP] for the IANA Naming Function. [PTI] in collaboration with ICANN shall from time to time update and annually test the CCOP as necessary to maintain the security and stability of the IANA Naming Function. The CCOP shall include details on plans for continuation of the IANA Naming Function in the event of cyber or physical attacks, emergencies, or natural disasters. [PTI] shall submit the CCOP to ICANN after each update and publish on the IANA Website a report documenting the outcomes of the CCOP tests within 90 calendar days of the annual test.”
This current version of the CCOP was adopted by the President of PTI in September 2022.
CCOP Annual Test
The CCOP is tested annually to enable robust collaboration amongst the incident response team in a safe environment. The exercise tests awareness of activities conducted by each party in case of operational failures, and seeks to identify opportunities to refine the approach described within.
This year IANA engaged a third-party to review the CCOP and to update the plan to match industry best practices and to ensure alignment with ICANN's Crisis Management Plan.
A tabletop exercise was held on December 14, 2022. Present for the test were the third-party vendor and the PTI Continuity Team, composed of key staff members that perform the IANA functions that would take lead in restoration efforts. Also present were representatives from ICANN’s Engineering & Information Technology department.
This year the plan was tested through a rapid series of short scenarios considering loss of people, facilities, applications, and vendors across all mission essential functions.
Findings
A report identifying strengths and opportunities for improvement was delivered to the PTI President on 10 May 2023. The report has been reviewed and has found the following:
- The exercise was successful in demonstrating that the plan adequately covered the mission essential functions;
- The PTI Continuity Team were effective in coorindating a response to disruptions;
- IANA should document the thresholds and individuals for leveraging geographically diverse ICANN personnel during a disruption;
- IANA should document the thresholds for bypassing standard regulatory reviews during a disruption;
- IANA should document the gaps in emergency and escalation contacts for vendors, including internal ICANN teams;
- IANA should ensure activation thresholds are in alignment with existing documentation, including the threat index and succession plans.
Approval
Name: Kim Davies
Position: President, PTI
Date: 10 May 2023