rewording, new header, for Arbitration a20120121.1
git-svn-id: http://svn.cacert.org/CAcert/Policies@2372 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
parent
89d729cbf0
commit
780dadd473
1 changed files with 71 additions and 86 deletions
|
@ -2,54 +2,49 @@
|
||||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
||||||
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||||
<head>
|
<head>
|
||||||
<title>
|
<title> Organisation Assurance Policy </title>
|
||||||
Organisation Assurance Policy
|
<style type="text/css">
|
||||||
</title>
|
<!--
|
||||||
</head>
|
.comment {
|
||||||
<body>
|
color : steelblue;
|
||||||
<p>
|
}
|
||||||
<center>
|
-->
|
||||||
<big>
|
</style>
|
||||||
<br><b>WARNING:</b><br>
|
</head>
|
||||||
The proper policy document is located<br>
|
|
||||||
<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">
|
|
||||||
on the CAcert website </a>.<br>
|
|
||||||
</big></b>
|
|
||||||
This document is a working draft to include<br>
|
|
||||||
future revisions only, and is currently<br>
|
|
||||||
only relevant for the [policy] group.<br>
|
|
||||||
</center>
|
|
||||||
</p>
|
|
||||||
|
|
||||||
<h1>
|
<body>
|
||||||
Organisation Assurance Policy
|
<div class="comment">
|
||||||
</h1>
|
<table width="100%"><tr><td>
|
||||||
<p>
|
Name: OAP <a style="color: steelblue" href="//svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD11</a><br />
|
||||||
<a href="../PolicyOnPolicy.html"><img src="../cacert-draft.png" alt="CAcert Draft" height="31" width="88" style="border-style: none;" /> </a><br />
|
Author: Jens Paul<br />
|
||||||
Document: OAP COD11<br />
|
Creation date: 2007-09-18<br />
|
||||||
Author: Jens Paul<br />
|
Status: POLICY/DRAFT 2007-09-18 <a style="color: steelblue" href="//wiki.cacert.org/wiki/TopMinutes-20070917">m20070918.x </a><br />
|
||||||
Creation date: 2007-09-18<br />
|
Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
|
||||||
Status: POLICY/DRAFT 2007-09-18 <a href="http://wiki.cacert.org/wiki/TopMinutes-20070917">m20070918.x </a><br />
|
|
||||||
Changed: 2008-04-01 Teus Hagen policy list vote; add advisors and board<br />
|
</td><td align="right">
|
||||||
Next status: POLICY 2008<br />
|
<a href="//www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="Security Policy Status == POLICY" style="border-width:0" /></a>
|
||||||
<!-- $Id$ -->
|
</td></tr></table>
|
||||||
</p>
|
</div>
|
||||||
<h2> <a name="0">0. </a> Preliminaries </h2>
|
|
||||||
|
<h1> Organisation Assurance Policy </h1>
|
||||||
|
|
||||||
|
<h2 id="s0">0. Preliminaries </h2>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
This policy describes how Organisation Assurers ("OAs")
|
This policy describes how Organisation Assurers ("OAs")
|
||||||
conduct Assurances on Organisations.
|
conduct assurances on organisations.
|
||||||
It fits within the overall web-of-trust
|
Organisation assurance fits within the overall web-of-trust
|
||||||
or Assurance process of CAcert.
|
or assurance process of CAcert.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
This policy is not a Controlled document, for purposes of
|
This policy is subsidiary to Assurance Policy ("AP" COD13) and
|
||||||
Configuration Control Specification ("CCS").
|
is a Controlled document under
|
||||||
|
Configuration Control Specification ("CCS" COD2).
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h2> <a name="1"> 1. </a> Purpose </h2>
|
<h2 id="s1"> 1. Purpose </h2>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Organisations with assured status can issue certificates
|
Organisations with assured status can issue certificates
|
||||||
|
@ -73,27 +68,27 @@ and as described in the CPS.
|
||||||
</li></ul>
|
</li></ul>
|
||||||
|
|
||||||
|
|
||||||
<h2> <a name="2"> 2. </a> Roles and Structure </h2>
|
<h2 id="s2"> 2. Roles and Structure </h2>
|
||||||
|
|
||||||
<h3> <a name="2.1"> 2.1 </a> Assurance Officer </h3>
|
<h3 id="s2.1"> 2.1 Assurance Officer </h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
The Assurance Officer ("AO")
|
The Assurance Officer
|
||||||
manages this policy and reports to the CAcert Inc. Committee ("Board").
|
manages this policy and reports to the CAcert Inc. Committee ("Board").
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
The AO manages all OAs and is responsible for process,
|
The Assurance Officer manages all OAs and is responsible for process,
|
||||||
the CAcert Organisation Assurance Programme ("COAP") form,
|
the CAcert Organisation Assurance Programme ("COAP") form,
|
||||||
OA training and testing, manuals, quality control.
|
OA training and testing, manuals, quality control.
|
||||||
In these responsibilities, other Officers will assist.
|
In these responsibilities, other Officers will assist.
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
The OA is appointed by the Board.
|
The Assurance Officer is appointed by the Board
|
||||||
Where the OA is failing the Board decides.
|
and may be replaced by the Board.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h3> <a name="2.2"> 2.2 </a> Organisation Assurers </h3>
|
<h3 id="s2.2"> 2.2 Organisation Assurers </h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
</p>
|
</p>
|
||||||
|
@ -101,8 +96,8 @@ Where the OA is failing the Board decides.
|
||||||
<ol type="a"> <li>
|
<ol type="a"> <li>
|
||||||
An OA must be an experienced Assurer
|
An OA must be an experienced Assurer
|
||||||
<ol type="i">
|
<ol type="i">
|
||||||
<li>Have 150 assurance points.</li>
|
<li>Have 50 Experience Points.</li>
|
||||||
<li>Be fully trained and tested on all general Assurance processes.</li>
|
<li>Be fully trained and tested on all general assurance processes.</li>
|
||||||
</ol>
|
</ol>
|
||||||
|
|
||||||
</li><li>
|
</li><li>
|
||||||
|
@ -126,6 +121,7 @@ Where the OA is failing the Board decides.
|
||||||
<li> Tests are conducted manually, not online/automatic. </li>
|
<li> Tests are conducted manually, not online/automatic. </li>
|
||||||
<li> Documentation to be retained. </li>
|
<li> Documentation to be retained. </li>
|
||||||
<li> Tests may include on-the-job components. </li>
|
<li> Tests may include on-the-job components. </li>
|
||||||
|
<li> Final test to be a number of supervised organisation assurances. </li>
|
||||||
</ol>
|
</ol>
|
||||||
|
|
||||||
</li><li>
|
</li><li>
|
||||||
|
@ -134,37 +130,31 @@ Where the OA is failing the Board decides.
|
||||||
<li> Two supervising OAs must sign-off on new OA,
|
<li> Two supervising OAs must sign-off on new OA,
|
||||||
as trained, tested and passed.
|
as trained, tested and passed.
|
||||||
</li>
|
</li>
|
||||||
<li> AO must sign-off on a new OA,
|
<li> To appoint a new OA, the Assurance Officer must sign-off
|
||||||
as supervised, trained and tested.
|
as supervised, trained and tested.
|
||||||
</li>
|
</li>
|
||||||
</ol>
|
</ol>
|
||||||
</li>
|
</li>
|
||||||
<li>The OA can decide when a CAcert
|
|
||||||
(individual) Assurer
|
|
||||||
has done several OA Application Advises to appoint this
|
|
||||||
person to OA Assurer.
|
|
||||||
</li>
|
|
||||||
|
|
||||||
</ol>
|
</ol>
|
||||||
|
|
||||||
<h3> <a name="2.3"> 2.3 </a> Organisation Assurance Advisor ("OAA") </h3>
|
<h3 id="s2.3"> 2.3 Local Assurer as Advisor </h3>
|
||||||
<p>In countries/states/provinces where no OA Assurers are
|
<p>In countries/states/provinces where no OAs are
|
||||||
operating for an OA Application (COAP) the OA
|
operating, the OA
|
||||||
can be advised by an experienced local CAcert
|
may rely upon the advice of an experienced local CAcert
|
||||||
(individual) Assurer to take the decision
|
(individual) Assurer in performing the organisation assurance.
|
||||||
to accept the OA Application (COAP) of the organisation.
|
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
The local Assurer must have at least 150 Points,
|
The local Assurer must have at least 50 Experience Points,
|
||||||
should know the language, and know
|
should know the language, and know
|
||||||
the organisation trade office registry culture and quality.
|
the organisation trade office registry culture and quality.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
<h3> <a name="2.4"> 2.4 </a> Organisation Administrator </h3>
|
<h3 id="s2.4"> 2.4 Organisation Administrator </h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
The Administrator within each Organisation ("O-Admin")
|
The Administrator within each organisation ("O-Admin")
|
||||||
is the one who handles the assurance requests
|
is the one who handles the assurance requests
|
||||||
and the issuing of certificates.
|
and the issuing of certificates.
|
||||||
</p>
|
</p>
|
||||||
|
@ -191,9 +181,9 @@ and the issuing of certificates.
|
||||||
</ol>
|
</ol>
|
||||||
|
|
||||||
|
|
||||||
<h2> <a name="3"> 3. </a> Policies </h2>
|
<h2 id="s3"> 3. Policies </h2>
|
||||||
|
|
||||||
<h3> <a name="3.1"> 3.1 </a> Policy </h3>
|
<h3 id="s3.1"> 3.1 Policy </h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
There is one policy being this present document,
|
There is one policy being this present document,
|
||||||
|
@ -207,7 +197,7 @@ and several subsidiary policies.
|
||||||
<li> Organisations are assured under an appropriate subsidiary policy. </li>
|
<li> Organisations are assured under an appropriate subsidiary policy. </li>
|
||||||
</ol>
|
</ol>
|
||||||
|
|
||||||
<h3> <a name="3.2"> 3.2 </a> Subsidiary Policies </h3>
|
<h3 id="s3.2"> 3.2 Subsidiary Policies </h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
The nature of the Subsidiary Policies ("SubPols"):
|
The nature of the Subsidiary Policies ("SubPols"):
|
||||||
|
@ -226,7 +216,7 @@ The nature of the Subsidiary Policies ("SubPols"):
|
||||||
</li><li>
|
</li><li>
|
||||||
For OAs,
|
For OAs,
|
||||||
SubPol specifies the <i>tests of local knowledge</i>
|
SubPol specifies the <i>tests of local knowledge</i>
|
||||||
including the local organisation assurance COAP forms.
|
including the local COAP forms.
|
||||||
</li><li>
|
</li><li>
|
||||||
For assurances,
|
For assurances,
|
||||||
SubPol specifies the <i>local documentation forms</i>
|
SubPol specifies the <i>local documentation forms</i>
|
||||||
|
@ -237,7 +227,7 @@ The nature of the Subsidiary Policies ("SubPols"):
|
||||||
policy approval process.
|
policy approval process.
|
||||||
</li></ol>
|
</li></ol>
|
||||||
|
|
||||||
<h3> <a name="3.3"> 3.3 </a> Freedom to Assemble </h3>
|
<h3 id="s3.3"> 3.3 Freedom to Assemble </h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Subsidiary Policies are open, accessible and free to enter.
|
Subsidiary Policies are open, accessible and free to enter.
|
||||||
|
@ -270,11 +260,11 @@ Subsidiary Policies are open, accessible and free to enter.
|
||||||
</li></ol>
|
</li></ol>
|
||||||
|
|
||||||
|
|
||||||
<h2> <a name="4"> 4. </a> Process </h2>
|
<h2 id="s4"> 4. Process </h2>
|
||||||
|
|
||||||
<h3> <a name="4.1"> 4.1 </a> Standard of Organisation Assurance </h3>
|
<h3 id="s4.1"> 4.1 Standard of Organisation Assurance </h3>
|
||||||
<p>
|
<p>
|
||||||
The essential standard of Organisation Assurance is:
|
The essential standard of organisation assurance is:
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<ol type="a"><li>
|
<ol type="a"><li>
|
||||||
|
@ -292,9 +282,7 @@ The essential standard of Organisation Assurance is:
|
||||||
requestor can sign on behalf of the organisation.
|
requestor can sign on behalf of the organisation.
|
||||||
</li><li>
|
</li><li>
|
||||||
the organisation has agreed to the terms of the
|
the organisation has agreed to the terms of the
|
||||||
<b>
|
CAcert Community Agreement,
|
||||||
CAcert Community Agreement
|
|
||||||
</b>,
|
|
||||||
and is therefore subject to Arbitration.
|
and is therefore subject to Arbitration.
|
||||||
</li></ol>
|
</li></ol>
|
||||||
|
|
||||||
|
@ -303,7 +291,7 @@ The essential standard of Organisation Assurance is:
|
||||||
are stated in the SubPol.
|
are stated in the SubPol.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h3> <a name="4.2"> 4.2 </a> COAP </h3>
|
<h3 id="s4.2"> 4.2 COAP </h3>
|
||||||
<p>
|
<p>
|
||||||
The COAP form documents the checks and the resultant
|
The COAP form documents the checks and the resultant
|
||||||
assurance results to meet the standard.
|
assurance results to meet the standard.
|
||||||
|
@ -325,11 +313,11 @@ Additional information to be provided on form:
|
||||||
domain name(s)
|
domain name(s)
|
||||||
</li><li>
|
</li><li>
|
||||||
Agreement with
|
Agreement with
|
||||||
<b>CAcert Community Agreement</b>.
|
CAcert Community Agreement.
|
||||||
Statement and initials box for organisation
|
Statement and initials box for organisation
|
||||||
and also for OA.
|
and also for OA.
|
||||||
</li><li>
|
</li><li>
|
||||||
Date of completion of Assurance.
|
Date of completion of assurance.
|
||||||
Records should be maintained for 7 years from
|
Records should be maintained for 7 years from
|
||||||
this date.
|
this date.
|
||||||
</li></ol>
|
</li></ol>
|
||||||
|
@ -341,17 +329,17 @@ and indication provided that the English is the
|
||||||
ruling language (due to Arbitration requirements).
|
ruling language (due to Arbitration requirements).
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h3> <a name="4.3"> 4.3 </a> Jurisdiction </h3>
|
<h3 id="s4.3"> 4.3 Jurisdiction </h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Organisation Assurances are carried out by
|
Organisation assurances are carried out by
|
||||||
CAcert Inc. under its Arbitration jurisdiction.
|
CAcert Inc. under its Arbitration jurisdiction.
|
||||||
Actions carried out by OAs are under this regime.
|
Actions carried out by OAs are under this regime.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<ol type="a"><li>
|
<ol type="a"><li>
|
||||||
The organisation has agreed to the terms of the
|
The organisation has agreed to the terms of the
|
||||||
<b>CAcert Community Agreement</b>.
|
CAcert Community Agreement.
|
||||||
</li><li>
|
</li><li>
|
||||||
The organisation, the Organisation Assurers, CAcert and
|
The organisation, the Organisation Assurers, CAcert and
|
||||||
other related parties are bound into CAcert's jurisdiction
|
other related parties are bound into CAcert's jurisdiction
|
||||||
|
@ -360,12 +348,12 @@ Actions carried out by OAs are under this regime.
|
||||||
The OA is responsible for ensuring that the
|
The OA is responsible for ensuring that the
|
||||||
organisation reads, understands, intends and
|
organisation reads, understands, intends and
|
||||||
agrees to the
|
agrees to the
|
||||||
<b>CAcert Community Agreement</b>.
|
CAcert Community Agreement.
|
||||||
This OA responsibility should be recorded on COAP
|
This OA responsibility should be recorded on COAP
|
||||||
(statement and initials box).
|
(statement and initials box).
|
||||||
</li></ol>
|
</li></ol>
|
||||||
|
|
||||||
<h2> <a name="5"> 5. </a> Exceptions </h2>
|
<h2 id="s5"> 5. Exceptions </h2>
|
||||||
|
|
||||||
|
|
||||||
<ol type="a"><li>
|
<ol type="a"><li>
|
||||||
|
@ -396,8 +384,5 @@ Actions carried out by OAs are under this regime.
|
||||||
This means that the anglo law tradition of unregistered DBAs
|
This means that the anglo law tradition of unregistered DBAs
|
||||||
is not accepted without further proof.
|
is not accepted without further proof.
|
||||||
</li></ol>
|
</li></ol>
|
||||||
<p><a href="http://validator.w3.org/check?uri=referer"><img src="http://www.w3.org/Icons/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /> </a>
|
</body>
|
||||||
</p>
|
|
||||||
</body>
|
|
||||||
</html>
|
</html>
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue