Comments in regards to Registry Data Escrow

["Simmons, Robert" <Robert.Simmons@xxxxxxxxxxxxxxxx>]

Iron Mountain has been a registry data escrow provider since the
inception of the data escrow initiative. Iron Mountain's experience also
includes software escrow.  We support the concept of accreditation of
escrow providers.  Based on our experience, we recommend the following
framework for use in accreditation of data escrow providers.

 

Best Practices:

1.      Data stored encrypted

2.      Data transmitted encrypted

3.      Data tunneled over encrypted links 

4.      Digitally signed deposits

*        Keys with expiration dates

*        controlled access to the keys

*        Change control for keys

5.      Daily/Monthly Feedback to ICANN & Registry Operations via email

6.      48 hour SLA with regards to data processing and digital
signature checks.

7.      Data center environment - ISP carrier grade data center

*        Redundant HVAC

*        Redundant Power

*        Redundant Networks 

*        Redundant Systems

*        Change control on Hardware/Software

*        Utilizing Open source technology 

8.      Personnel

*        Pre-employment background and drug testing

*        Experience in handling large data sets (1TB plus)

 

In addition, Iron Mountain is in support of several enhancements to the
current process:

1.     ICANN specifying the XML format for all Registries & Escrow
Agents

2.     Verification of incoming data including both digital signature
checks AND verification of XML data deposits against ICANN's XML schema.

3.     Escrow agent certification to confirm that escrow agent can
perform all contractually required duties

4.     Support of an ICANN specified format for release of Registry data

5.     Annual certification test to demonstrate capabilities and
compliance with SLA's

6.     Escrow agent prevented from outsourcing  on work related to
Registry Data Escrow

 

 

Robert Simmons

Acting Director, Business Development

Iron Mountain Digital

 




-----------------------------------------
The information contained in this email message and its attachments
is intended only for the private and confidential use of the
recipient(s) named above, unless the sender expressly agrees
otherwise.
Transmission of email over the Internet is not a secure
communications medium. If you are requesting or have requested the
transmittal of personal data, as defined in applicable privacy laws
by means of email or in an attachment to email, you must select a
more secure alternate means of transmittal that supports your
obligations to protect such personal data.
If the reader of this message is not the intended recipient and/or
you have received this email in error, you must take no action
based on the information in this email and you are hereby notified
that any dissemination, misuse or copying or disclosure of this
communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by email and
delete the original message.