[rpd] AFPUB-2021-GEN-003-DRAFT01

[Taiwo Oye]

Dear authors. 
Going through the policy compliance dashboard proposal. I see a lot of work has been done by the authors. 
I have a few observations 

- Afrinic is in constant battle with its resource members with claim of non compliance with the RSA or existing policy. This means there is already a form of compliance review going on.

 How is your intended compliance review model superior to the existing one??

What is the cost implication (time and money) in comparison to the existing review model. 


- I noticed some aspects of this policy compliance review model (the dashboard) that can be played on by smart but mischievous players in the field. 

In section 3 of the proposal, there is a clause that states that afrinic gets an alert after 3 months of non compliance and a persistent non compliant memeber is determined by 3 alerts to afrinic over a 12 month period. 

Based on the fact that this is a total automation of the policy compliance process. I see a gap where members can intentionally not comply for 11 weeks and then comply for a few days to nolify the first notification to Afrinic. This can also come to play to avoid being a “persistent non compliant member”. 

- This policy also states in section 4  that afrinic can only investigate or act after a member is deemed persistently non compliant. This statement means that laid down policies can be broken for one year without interference from afrinic.

Conclusion: 
This come to me as trying to reduce the work of afrinic staff but creating a loophole in the policy compliance process.