2008-04-04 15:56:20 +00:00
|
|
|
<?xml version="1.0" encoding="utf-8"?>
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
|
|
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
|
|
<head>
|
|
|
|
<title>
|
|
|
|
CACert Organisation Assurance Program sub-policy for Germany
|
|
|
|
</title>
|
|
|
|
</head>
|
|
|
|
<body>
|
2007-10-22 10:24:41 +00:00
|
|
|
<h1> <font color="blue">Organisation Assurance - sub-policy for German organisations</font></h1>
|
2008-04-04 15:56:20 +00:00
|
|
|
<p>
|
|
|
|
<a href="../PolicyOnPolicy.html"><img src="../cacert-draft.png" alt="CAcert Work In Progress" height="31" width="88" style="border-style: none;" /></a><br />
|
|
|
|
Author: Jens Paul<br />
|
|
|
|
Creation date: WIP 2007-10-19<br />
|
|
|
|
Status: <font="green">DRAFT</font> 2007-10-22 based on WIP version 0.2<br />
|
|
|
|
Next status: POLICY 2008<br />
|
2007-10-22 10:24:41 +00:00
|
|
|
<!-- $Id$ -->
|
2008-04-04 15:56:20 +00:00
|
|
|
</p>
|
2007-10-22 10:24:41 +00:00
|
|
|
|
|
|
|
<h2>0. Preliminaries</h2>
|
|
|
|
This sub-policy describes how Organisation Assurers ("OAs") conduct assurances on German organisations.
|
|
|
|
It fits within the overall web-of-trust or assurance process and the Organisation Assurance Policy (OAP) of CAcert.
|
|
|
|
<br><br><br>
|
|
|
|
|
|
|
|
<h2>1. Purpose</h2>
|
|
|
|
This is a subsidiary policy to the OAP.
|
|
|
|
<br><br>
|
|
|
|
a. This sub-policy is applicable for the assurance of German organisations only.<br>
|
|
|
|
b. This sub-policy is an implementation of the OAP.<br>
|
|
|
|
c. In the below, where the Assurance Officer (AO) is referred to, this includes his local delegate.
|
|
|
|
<br><br><br>
|
|
|
|
|
|
|
|
<h2>2. Organisation Assurers</h2>
|
|
|
|
|
|
|
|
<h2>2.1 Requirements for the Organisation Assurer</h2>
|
|
|
|
In addition to the requirements defined in the OAP, an OA must meet the following requirements for assuring German organisations:<br>
|
|
|
|
a. Knowledge on common legal forms of organisations in Germany.<br>
|
|
|
|
b. Must pass an additional test on local knowledge even if he is already an OA.<br>
|
|
|
|
c. Should help the AO to define local requirements.
|
|
|
|
<br><br><br>
|
|
|
|
|
|
|
|
<h2>3. Process</h2>
|
|
|
|
|
|
|
|
<h2>3.1 Organisations</h2>
|
|
|
|
Acceptable organisations under this sub-policy must be:
|
|
|
|
<br><br>
|
|
|
|
a. Organisations created under the rules of the German jurisdiction.<br>
|
|
|
|
b. Organisations must not be revoked by a competent authority with direct oversight over the organisation.
|
|
|
|
<br><br>
|
|
|
|
|
|
|
|
<h2>3.2 Documents</h2>
|
|
|
|
The organisation has to provide documents to prove the essential standard of Organisation Assurance as defined in the policy:<br>
|
|
|
|
a. The primary mechanism to prove existence is to get an official extract from the official register, either via an online interface
|
|
|
|
or via physical means (organisation is asked to carry the costs)<br>
|
|
|
|
b. Where not available, an official document will be required from the company, subject to such checks as defined by the AO.<br>
|
|
|
|
c. If copies of official extracts from the official register are provided, they must be officially certified<br>
|
|
|
|
d. Extracts from the official register should not be older than 4 weeks.<br>
|
|
|
|
e. The AO maintains a list of which specific documents and tests can be acceptable for the certain types
|
|
|
|
of organisations.<br>
|
|
|
|
f. The OA can ask for additional documents if needed to validate required information for the assurance action.
|
|
|
|
<br><br>
|
|
|
|
|
|
|
|
<h2>3.3 COAP</h2>
|
2008-04-04 15:56:20 +00:00
|
|
|
<p>
|
2007-10-22 10:24:41 +00:00
|
|
|
In addition to the checks defined in the policy, the COAP form for German organisations requires:<br>
|
|
|
|
a. The OA must keep all documentation for 10 years.<br>
|
|
|
|
b. Signatures from organisation officials must meet the following requirements<br>
|
|
|
|
    i.   as legally specified for the type of organisation<br>
|
|
|
|
    ii.  as specified in the official documents (f.e. the excerpt from the register)<br>
|
|
|
|
    iii. as delegated within the organisation (proof of delegation needed)
|
2008-04-04 15:56:20 +00:00
|
|
|
</p>
|
|
|
|
<p>
|
|
|
|
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.w3.org/Icons/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
|
|
|
|
</p>
|
|
|
|
</body>
|
|
|
|
</html>
|