1. BACKGROUND
1.1 This document sets out the accreditation criteria that auDA accredited registrars must meet in order to gain and maintain their accreditation from auDA, so that they can provide registrar services in the open .au second level domains (2LDs). At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.
2. RELEVANT CLAUSES OF THE REGISTRAR AGREEMENT
2.1 For clarity, the clauses of the Registrar Agreement that relate to accreditation criteria are set out below:
Clause 1
Accreditation Criteria means the requirements specified by auDA from time to time in relation to the minimum criteria which must be satisfied by a person in order for that person to be auDA Accredited.
Clause 3.4
The Registrar represents and warrants to auDA:
3.4.1 on the Commencement Date, that it meets the Accreditation Criteria; and
3.4.2 as a continuing warranty during the term, that it continues to meet the Accreditation Criteria.
Clause 3.5
The Registrar must promptly notify auDA if the Registrar becomes aware:
3.5.1 that it does not meet any of the Accreditation Criteria; or
3.5.2 of any circumstance, fact or thing that affects its ability to continue to meet the Accreditation Criteria.
Clause 14.1
The Registrar must:
…
14.1.2 do all things necessary to ensure that during the Term, it continues to meet the Accreditation Criteria;
…
14.1.9 provide to auDA from time to time, upon auDA’s request, all information in relation to the Registrar and the operation of the registrar’s business as auDA may reasonably request;
3. REGISTRAR ACCREDITATION CRITERIA
3.1 auDA accredited registrars must meet the all the criteria listed in this section, at all times during the term of the Registrar Agreement. The criteria are intended to ensure that registrars operate in a way which is consistent with auDA’s responsibility to promote and protect:
a) the stability and integrity of the Australian DNS;
b) the efficient and effective operation of the domain name registration system; and
c) the rights and interests of consumers (registrants).
3.2 The corporate requirements listed in paragraphs 3.4-3.8 are matters of fact and objectively verifiable.
3.3 The exact manner in which a registrar meets the operational requirements listed in paragraphs 3.9-3.15 will depend on the type and size of the registrar’s business. auDA will evaluate the registrar’s ability to meet the operational requirements based on accepted industry practice and benchmarks.
3.4 The registrar’s compliance with the security requirement in paragraph 3.17 will be assessed in accordance with auDA’s Information Security Standard (ISS) for Accredited Registrars (2013-03).
Corporate requirements
3.5 The registrar must be registered to trade in Australia:
a) Australian companies must hold an Australian Company Number (ACN) and Australian Business Number (ABN); and
b) foreign companies must hold an Australian Registered Body Number (ARBN) and ABN.
3.6 The registrar must be registered with the Australian Taxation Office (ATO) for Goods and Services Tax (GST).
3.7 The registrar must have “opted in” under the Privacy Act 1988.
3.8 The registrar must hold the insurance coverage specified in clause 14.3 of the Registrar Agreement.
3.9 The registrar must have a valid and subsisting Registry-Registrar Agreement with the registry operator.
Operational requirements
3.10 The registrar must demonstrate knowledge of the Australian DNS and auDA’s Published Policies.
3.11 The registrar must have the capability to interact with the registry using EPP and/or a web interface, in accordance with the technical specification of the registry operator.
3.12 The registrar must have the capability to provide services to registrants in accordance with the Registrar Agreement and the .au Domain Name Suppliers’ Code of Practice, and in compliance with applicable Published Policies.
3.13 The registrar must have a sufficient number of staff, and adequate systems and procedures, to handle:
a) policy compliance checks for domain name registrations;
b) customer billing;
c) all customer inquiries and support services, including requests for changes in registration data; and
d) customer complaints.
3.14 The registrar must have adequate capability for maintaining electronic copies of all transactions, correspondence and communications with auDA, the registry operator and customers for at least the length of the Registrar Agreement.
3.15 The registrar must have adequate capability for providing information systems security procedures to prevent systems hacks, break-ins, data tampering and other disruptions to its business.
3.16 The registrar must have at least one nominated management contact person for auDA liaison.
Security requirements
3.17 The registrar must hold a current ISS Compliance Certificate, in accordance with auDA’s Information Security Standard (ISS) for Accredited Registrars (2013-03).