63 lines
3 KiB
HTML
63 lines
3 KiB
HTML
|
<h1> <font color="blue">Organisation Assurance - sub-policy for German organisations</font></h1>
|
||
|
<br><br>
|
||
|
Author: Jens Paul
|
||
|
<br>
|
||
|
Creation date: WIP 2007-10-19 V0.1
|
||
|
<br>
|
||
|
Status: <font="red">DRAFT</font> 2007-10-22 based on WIP version 0.2
|
||
|
<br>
|
||
|
Date next status: changes expected in December 2007.
|
||
|
<br>
|
||
|
<!-- $Id$ -->
|
||
|
|
||
|
<h2>0. Preliminaries</h2>
|
||
|
This sub-policy describes how Organisation Assurers ("OAs") conduct assurances on German organisations.
|
||
|
It fits within the overall web-of-trust or assurance process and the Organisation Assurance Policy (OAP) of CAcert.
|
||
|
<br><br><br>
|
||
|
|
||
|
<h2>1. Purpose</h2>
|
||
|
This is a subsidiary policy to the OAP.
|
||
|
<br><br>
|
||
|
a. This sub-policy is applicable for the assurance of German organisations only.<br>
|
||
|
b. This sub-policy is an implementation of the OAP.<br>
|
||
|
c. In the below, where the Assurance Officer (AO) is referred to, this includes his local delegate.
|
||
|
<br><br><br>
|
||
|
|
||
|
<h2>2. Organisation Assurers</h2>
|
||
|
|
||
|
<h2>2.1 Requirements for the Organisation Assurer</h2>
|
||
|
In addition to the requirements defined in the OAP, an OA must meet the following requirements for assuring German organisations:<br>
|
||
|
a. Knowledge on common legal forms of organisations in Germany.<br>
|
||
|
b. Must pass an additional test on local knowledge even if he is already an OA.<br>
|
||
|
c. Should help the AO to define local requirements.
|
||
|
<br><br><br>
|
||
|
|
||
|
<h2>3. Process</h2>
|
||
|
|
||
|
<h2>3.1 Organisations</h2>
|
||
|
Acceptable organisations under this sub-policy must be:
|
||
|
<br><br>
|
||
|
a. Organisations created under the rules of the German jurisdiction.<br>
|
||
|
b. Organisations must not be revoked by a competent authority with direct oversight over the organisation.
|
||
|
<br><br>
|
||
|
|
||
|
<h2>3.2 Documents</h2>
|
||
|
The organisation has to provide documents to prove the essential standard of Organisation Assurance as defined in the policy:<br>
|
||
|
a. The primary mechanism to prove existence is to get an official extract from the official register, either via an online interface
|
||
|
or via physical means (organisation is asked to carry the costs)<br>
|
||
|
b. Where not available, an official document will be required from the company, subject to such checks as defined by the AO.<br>
|
||
|
c. If copies of official extracts from the official register are provided, they must be officially certified<br>
|
||
|
d. Extracts from the official register should not be older than 4 weeks.<br>
|
||
|
e. The AO maintains a list of which specific documents and tests can be acceptable for the certain types
|
||
|
of organisations.<br>
|
||
|
f. The OA can ask for additional documents if needed to validate required information for the assurance action.
|
||
|
<br><br>
|
||
|
|
||
|
<h2>3.3 COAP</h2>
|
||
|
In addition to the checks defined in the policy, the COAP form for German organisations requires:<br>
|
||
|
a. The OA must keep all documentation for 10 years.<br>
|
||
|
b. Signatures from organisation officials must meet the following requirements<br>
|
||
|
    i.   as legally specified for the type of organisation<br>
|
||
|
    ii.  as specified in the official documents (f.e. the excerpt from the register)<br>
|
||
|
    iii. as delegated within the organisation (proof of delegation needed)
|