Add summary of support for ICANN reporting

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=136487545

docs/operational-procedures.md

@@ -64,3 +64,82 @@ cursorTime -> [2016-09-23T00:00:00.000Z, 2016-09-01T00:00:00.000Z]
 Perform this command? (y/N): Y
 Updated 1 entities.
 ```
+
+## gTLD reporting
+
+gTLD registry operators are required by ICANN to provide various reports (ccTLDs
+are not generally subject to these requirements). The Nomulus system provides
+some of these reports, but others will need to be implemented using custom
+scripts.
+
+### Registry Data Escrow (RDE)
+
+[RDE](https://newgtlds.icann.org/en/applicants/data-escrow) is a daily deposit
+of the contents of the registry, sent to a third-party escrow provider. The
+details are contained in Specification 2 of the [registry
+agreement][registry-agreement].
+
+Nomulus provides [code to generate and send these
+deposits](./operational-procedures/rde-deposits.md).
+
+### Monthly registry activity reporting
+
+ICANN requires monthly activity reporting. The details are contained in
+Specification 3 of the [registry agreement][registry-agreement].
+
+These reports are generated by querying tables of Datastore snapshots which have
+been exported to the BigQuery data warehouse. The Nomulus release includes the
+queries used by Google. The script is Google-specific at the moment, but should
+be easy to modify to support a different instance of Nomulus.
+
+The SQL queries which assemble the report are generated by the Python script
+[icann_report_query_builder.py](https://github.com/google/nomulus/blob/master/python/google/registry/reporting/icann_report_query_builder.py).
+The script generates a monolithic SQL query which is then executed against the
+BigQuery tables to generate a result table containing activity report data for
+all the TLDs in the system. With a little work, the data can be extracted into
+CSVs in the proper format.
+
+The test script
+[icann_report_query_builder_test.py](https://github.com/google/nomulus/blob/master/python/google/registry/reporting/icann_report_query_builder_test.py)
+shows how the script is run, and the test data file
+[golden_activity_query.sql](https://github.com/google/nomulus/blob/master/python/google/registry/reporting/testdata/golden_activity_query.sql)
+shows what the resulting SQL looks like.
+
+### Monthly transaction reporting
+
+ICANN requires monthly transaction reporting. The details are also contained in
+Specification 3 of the [registry agreement][registry-agreement].
+
+Transaction reporting is not currently part of the Nomulus release.
+
+### Zone File Access (ZFA)
+
+ICANN requires a mechanism for them to be able to retrieve DNS zone file
+information. The details are contained in part 2 of Specification 4 of the
+[registry agreement][registry-agreement].
+
+This information will come from the DNS server, rather than Nomulus itself, so
+ZFA is not part of the Nomulus release.
+
+### Bulk Registration Data Access (BRDA)
+
+BRDA is a weekly archive of the contents of the registry. The details are
+contained in part 3 of Specification 4 of the [registry
+agreement][registry-agreement].
+
+ICANN uses sFTP to retrieve BRDA data from a server provided by the registry.
+Nomulus provides [code to generate these
+deposits](./operational-procedures/brda-deposits.md), but a separate sFTP server
+must be configured, and the deposits must be moved onto the server for access by
+ICANN.
+
+### Spec 11 reporting
+
+[Spec 11][spec-11] reporting must be provided to ICANN as part of their
+anti-abuse efforts. This is covered in Specification 11 of the
+[registry agreement][registry-agreement], but the details are little spotty.
+
+The Nomulus release does not generate these reports.
+
+[registry-agreement]: https://newgtlds.icann.org/sites/default/files/agreements/agreement-approved-09jan14-en.pdf
+[spec-11]: https://newgtlds.icann.org/en/applicants/agb/base-agreement-specs-pic-faqs