re-org of 9.4
git-svn-id: http://svn.cacert.org/CAcert/Policies@1886 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
parent
9b193892b4
commit
0d587d969a
1 changed files with 8 additions and 6 deletions
|
@ -48,6 +48,7 @@ a:hover {
|
|||
<body lang="en-GB">
|
||||
|
||||
<ul class="change">
|
||||
<li> 20100424: tidied up 9.4 </li>
|
||||
<li> 20100422: added 9.3.2 notification requirement. </li>
|
||||
<li> 20100421: reviewed and dropped the BLUE changes that introduced AE, etc. </li>
|
||||
<li> 20100411: rewrote the critical roles to align with ABC requirement, dropped Board. </li>
|
||||
|
@ -213,7 +214,7 @@ This policy document says what is done, rather than how to do it.
|
|||
|
||||
<p>
|
||||
This Policy explicitly defers detailed security practices to the
|
||||
<a href="http://wiki.cacert.org/wiki/SecurityManual">Security Manual</a>
|
||||
<a href="http://wiki.cacert.org/SecurityManual">Security Manual</a>
|
||||
("SM").
|
||||
The SM says how things are done.
|
||||
As practices are things that vary from time to time,
|
||||
|
@ -244,7 +245,7 @@ explicitly defer single, cohesive components of the
|
|||
security practices into separate procedures documents.
|
||||
Each procedure should be managed in a wiki page under
|
||||
their control, probably at
|
||||
<a href="http://wiki.cacert.org/wiki/SystemAdministration/Procedures">
|
||||
<a href="http://wiki.cacert.org/SystemAdministration/Procedures">
|
||||
SystemAdministration/Procedures</a>.
|
||||
Each procedure must be referenced explicitly in the Security Manual.
|
||||
</p>
|
||||
|
@ -1351,12 +1352,11 @@ and becomes your authority to act.
|
|||
|
||||
<p>
|
||||
Components may be outsourced.
|
||||
<span class="strike">
|
||||
Team leaders may outsource non-critical components
|
||||
on notifying the Board.
|
||||
Critical components must be approved by the Board.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
</span>
|
||||
Any outsourcing arrangements must be documented.
|
||||
All arrangements must be:
|
||||
</p>
|
||||
|
@ -1386,9 +1386,11 @@ All arrangements must be:
|
|||
|
||||
<p>
|
||||
Contracts should be written with the above in mind.
|
||||
<span class="change">
|
||||
Outsourcing of critical components must be approved by the Board.
|
||||
</span>
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="s9.5">9.5 Confidentiality, Secrecy </h3>
|
||||
|
||||
<p>
|
||||
|
|
Loading…
Reference in a new issue