Policy Proposal 2007-14: Resource Review Process
| Policy Proposal Evaluation Status: | Author |
|---|---|
| To Be Revised | Owen DeLong, Stephen Sprunk |
| Discussion Tracking | |
| Mailing List: Formal introduction on PPML on 24 July 2007 Staff assessment - 14 October 2007 Revised staff assessment - 17 October 2007 AC to revise with author - 23 October 2007 Revised - 21 February 2008 Staff Assessment - 21 March 2008 Revised - 24 March 2008 To be revised - 14 April 2008 Discussed at ARIN Caribbean Sector Meeting - 2 June 2008 Revised - 14 August 2008 |
Public Policy Mailing List |
| ARIN Public Policy Meeting: | ARIN XX ARIN XXI |
| ARIN Advisory Council: |
AC Shepherds: 19 July 2007 |
| ARIN Board of Trustees: | |
| Revisions | Implementation |
| Previous versions | |
Proposal
Policy Proposal 2007-14
Resource Review Process
Author: Owen DeLong, Stephen Sprunk
Proposal Version: 3.0
Date: 14 August 2008
Proposal type: modify
Policy term: permanent
Policy statement:
Add the following to the NRPM:
Resource Review
1. ARIN may review the current usage of any resources covered by an ARIN RSA within the terms of that RSA. The organization shall cooperate with any request from ARIN for reasonable related documentation.
2. ARIN may conduct such reviews:
a. when any new resource is requested,
b. whenever ARIN has reason to believe that the resources were originally obtained fraudulently, or
c. at any other time without having to establish cause unless a prior review has been completed in the preceding 24 months.
3. ARIN shall communicate the results of the review to the organization.
4. Organizations found by ARIN to be substantially out of compliance with current ARIN policy shall be requested or required to return resources as needed to bring them into (or reasonably close to) compliance.
4a. The extent to which an organization may remain out of compliance shall be based on the reasonable judgment of the ARIN staff and shall balance all facts known, including the organizations utilization rate,
available address pool, and other factors as appropriate so as to avoid forcing returns which will result in near-term additional requests or unnecessary route de-aggregation.4b. To the extent possible, entire blocks should be returned. Partial address blocks shall be returned in such a way that the portion retained will comprise a single aggregate block.
5. If the organization does not voluntarily return resources as requested, ARIN may revoke any resources issued by ARIN as required to bring the organization into overall compliance. ARIN shall follow the same guidelines for revocation that are required for voluntary return in the previous paragraph.
6. Except in cases of fraud, or intentional violations of policy, an organization shall be given a minimum of six months to effect a return. ARIN shall negotiate a longer term with the organization if ARIN believes the organization is working in good faith to substantially restore compliance and has a valid need for additional time to renumber out of the affected blocks.
7. ARIN shall continue to maintain the resource(s) while their return or revocation is pending, except any maintenance fees assessed during that period shall be calculated as if the return or revocation was complete.
8. Legacy resources in active use, regardless of utilization, are not subject to revocation by ARIN. pursuant to this subsection. However, the utilization of legacy resources shall be considered during a review to assess overall compliance.
9. In considering compliance with policies which allow a timeframe (such as a requirement to assign some number of prefixes within 5 years) failure to comply cannot be measured until after the timeframe specified in the applicable policy has elapsed. Blocks subject to such a policy shall be assumed in compliance with that policy until such time as the specified time since issuance has elapsed.
Delete NRPM sections 4.1.2, 4.1.3, 4.1.4
Remove the sentence "In extreme cases, existing allocations may be affected." from NRPM section 4.2.3.1.
Rationale:
Under current policy and existing RSAs, ARIN has an unlimited authority to audit or review a resource holder's utilization for compliance at any time and no requirement to communicate the results of any such review to the resource holder.
This policy attempts to balance the needs of the community and the potential for abuse of process by ARIN in a way that better clarifies the purpose, scope, and capabilities of ARIN and codifies some appropriate protections for resource holders while still preserving the ability for ARIN to address cases of fraud and abuse on an expedited basis.
The intended nature of the review is to be no more invasive than what usually happens when an organization applies for additional resources. Additionally, paragraph 2c prevents ARIN from doing excessive without-cause reviews.
The authors believe that this update addresses the majority of the feedback received from the community to date and addresses most of the concerns expressed.