[rpd] Policy Compliance Dashboard - AFPUB-2020-GEN-001-DRAFT01

[JORDI PALET MARTINEZ]

Hi Chloe,

 

The difference is stating in a policy “Repeated and/or continued policy violations”, vs a fuzzy and generic RSA terms (which are needed to be sufficiently general in order to comply with laws and cover all the situations).

 

The dashboard can’t be used as an excuse. If you fail to follow the policies, you will get a warning once detected. You need to resolve it. If you don’t resolve it, the RSA allows AFRINIC to terminate the account and recover the resources. No possible excuse. If you resolve the issue, but after a few months keep repeating the violations, and this happens once and again, then you are a “bad member”, either because lack of knowledge, or laziness, or bad business practices, or you explicitly ignore the policies. AFRINIC will try to help you if it is a problem of lack of knowledge, or for example will tell the community “this policy is being violated by several folks, maybe there is something wrong, something to improve, change or clarify?”.

 

Even in case of breach, this provided AFRINIC and the member a way to coordinate *before* resources are recovered, contact the resource-holder, try to solve the situation, etc.

 

AFRINIC goal is not to recover resources or close members, on the other way around (increase members), and to make sure that they are being used efficiently and according to policies. Also, to oversight if the policies are going in a wrong direction so the community can reconsider those. All that needs as much automated process as possible, not manual and random checks of the staff.

 

Of course, there may be points that we may need to improve with the time. This happens with any policy. Technology change, business change, we all learn, everything evolves, and we may find more “perfect” ways to do things. We need to understand that the CPM is a live document, that’s why we have a PDP. However, we need a starting point!

 

Note that all the other RIRs have similar systems and in fact this proposal was done based on a previous one adopted in LACNIC, because we had the same issue, people not following policy changes, the RSA being too generic and forcing the RIR to recover resources even on a first mistake, etc.


Regards,

Jordi

@jordipalet

 

 

 

El 10/9/20 12:56, "Chloe Kung" <chloe.kung.public at gmail.com> escribió:

 

Hi Jordi,

 

Thank you very much for your comment. I have thought about it. I think what you said is true and can be helpful to the members, but in a very ideal case where all the members will check the dashboard and take actions on a regular basis, and/or all the staff who decide if a member is making a “mistake” are just. 

 

However as automated as possible of this system as it may seem, the dashboard is not a solution to that it can in fact be used as an excuse, a loophole as I have mentioned before. So the “less efficiency” is still the same and staff gets “alerted” anyway if there’s something wrong happened, even without the dashboard as it is their job to keep track. 

 

Best,

Chloe 

 

 

 

 

_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd 



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200911/e205cd32/attachment-0001.html>