I agree with Andrew on this. The procedure for the audit is not clearly defined and could affect the organisations with long term positive goals. What are the full guidelines regarding the public exposure of confidentiality agreements and also service level agreements if end users are used as part of the audit? Does it mean that during the audit period a member can not go on with providing addresses to end users? <br><br>On Sunday, April 29, 2018, Andrew Alston <<a href="mailto:Andrew.Alston@liquidtelecom.com">Andrew.Alston@liquidtelecom.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" lang="EN-GB" link="#0563C1" vlink="#954F72">
<div>
<p class="MsoNormal"><span>With regards to this policy,<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>My objections to it again remain – and here are a few more to think about.<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<ol style="margin-top:0cm" start="1" type="a">
<li style="margin-left:0cm">If AFRINIC wishes to audit usage – they first have to have a process in place to sign water tight NDA’s with strict financial penalties should information about how an ISP is utilizing
its space go public – the confidentiality agreement in the current MSA is nowhere near tight enough for any corporate to expose the type of information that may be requested in a detailed review<u></u><u></u></li><li style="margin-left:0cm">The processes involved in the review are inadequately defined and open to interpretation and hence – open to abuse that could be used to victimise organisations – this must be closed
and addressed <u></u><u></u></li><li style="margin-left:0cm">Dependent on the processes defined for (b) – there could be significant costs for a full IP audit – and I propose that if an audit is conducted and the ISP is found to be compliant
– then AFRINIC should be responsible for those costs once a detailed accounting is given – if the ISP is NOT found to be compliant – they can then bear the costs involved
<u></u><u></u></li><li style="margin-left:0cm">Should AFRINIC choose to revoke space on the basis of an IP audit process that is not adequately defined – what is the appeal process to appeal any decision they come to as a result
of the review – because failing an external untained and unbiased appeal process by a neutral third party – such a revocation could lead to swift and extremely expensive litigation.<u></u><u></u></li><li style="margin-left:0cm">I question the NEED for this policy – the ability to do basic reviews is already codified in the MSA despite the issues raised above (which I believe would create similar problems
where AFRINIC to ever attempt a full audit) – and hence – I simply see no reason for this policy to even exist<u></u><u></u></li></ol>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">My objections to this policy hence remain on the basis of the above.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Andrew<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</blockquote>