Skip to Content.
Sympa Menu

cacert-policy - Results of Audit session 2015.1

Subject: Policy-Discussion

List archive

Results of Audit session 2015.1


Chronological Thread 
  • From: Benedikt Heintel <benedikt AT cacert.org>
  • To: software AT cacert.org, cacert-policy AT lists.cacert.org
  • Cc: Ulrich Schroeter <Ulrich.Schroeter AT sopheon.de>, "Board CAcert Inc." <cacert-board AT lists.cacert.org>
  • Subject: Results of Audit session 2015.1
  • Date: Thu, 13 Aug 2015 00:04:10 +0200

Dear all,

Board recently agreed on the measures found in Audit session 2015.1 [1]

There is need to act on the non-conformities and a decision (and maybe
an action) needed on the recommendation.

@Software Team:
Please obey AP 2.1 and AP 2.2 in software, to follow the Policy (See [2]
for more information). Let me know about the estimated time to implement
this requirements and inform me as soon as the implementation status
changes.

@Policy Group:
As result of the audit session, I propose to change the Assurance Policy:

Remove the sentence "Optional: If the Assurance is reciprocal, then the
Assurer's email address and Secondary Distinguishing Feature are
required as well;" from § 4.5 of the Assurance Policy. (see [3]).

The new text will be then:

4.5. CAcert Assurance Programme (CAP) form

The CAcert Assurance Programme (CAP) form requests the following details
of each Member or Prospective Member:
* Name(s), as recorded in the on-line account;
* Primary email address, as recorded in the on-line account;
* Secondary Distinguishing Feature, as recorded in the on-line
account (normally, date of birth);
* Statement of agreement with the CAcert Community Agreement;
* Permission to the Assurer to conduct the Assurance (required for
privacy reasons);
* Date and signature of the Assuree.

The CAP form requests the following details of the Assurer:
* A least one Name as recorded in the on-line account of the Assurer;
* Assurance Points for each Name in the identity document(s);
* Statement of Assurance;
* Date, location of Assurance and signature of Assurer.

The CAP forms are to be kept at least for 7 years by the Assurer.


Best Regards
Benedikt

[1] https://wiki.cacert.org/Audit/Results/session2015.1
[2] https://wiki.cacert.org/Audit/Results/session2015.1#Non-Conformities
[3] https://wiki.cacert.org/Audit/Results/session2015.1#Recommendation
--
Benedikt Heintel -
benedikt AT cacert.org
CAcert Assurer for People & Organizations
CAcert internal Auditor

CAcert.org - Secure Together
http://www.cacert.org

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.18.

Top of Page