@ -2,54 +2,49 @@
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" > < html xmlns = "http://www.w3.org/1999/xhtml" >
< head >
< head >
< title >
< title > Organisation Assurance Policy < / title >
Organisation Assurance Policy
< style type = "text/css" >
< / title >
<!--
< / head >
.comment {
< body >
color : steelblue;
< p >
}
< center >
-->
< big >
< / style >
< br > < b > WARNING:< / b > < br >
< / head >
The proper policy document is located< br >
< a href = "http://www.cacert.org/policy/OrganisationAssurancePolicy.php" >
< body >
on the CAcert website < / a > .< br >
< div class = "comment" >
< / big > < / b >
< table width = "100%" > < tr > < td >
This document is a working draft to include< br >
Name: OAP < a style = "color: steelblue" href = "//svn.cacert.org/CAcert/Policies/ControlledDocumentList.html" > COD11< / a > < br / >
future revisions only, and is currently< br >
Author: Jens Paul< br / >
only relevant for the [policy] group.< br >
Creation date: 2007-09-18< br / >
< / center >
Status: POLICY/DRAFT 2007-09-18 < a style = "color: steelblue" href = "//wiki.cacert.org/wiki/TopMinutes-20070917" > m20070918.x < / a > < br / >
< / p >
Licence: < a style = "color: steelblue" href = "//wiki.cacert.org/Policy#Licence" title = "this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP < / a > < br / >
< h1 >
< / td > < td align = "right" >
Organisation Assurance Policy
< a href = "//www.cacert.org/policy/PolicyOnPolicy.html" > < img src = "images/cacert-policy.png" alt = "Security Policy Status == POLICY" style = "border-width:0" / > < / a >
< / h1 >
< / td > < / tr > < / table >
< p >
< / div >
< a href = "../PolicyOnPolicy.html" > < img src = "../cacert-draft.png" alt = "CAcert Draft" height = "31" width = "88" style = "border-style: none;" / > < / a > < br / >
Document: OAP COD11< br / >
< h1 > Organisation Assurance Policy < / h1 >
Author: Jens Paul< br / >
Creation date: 2007-09-18< br / >
< h2 id = "s0" > 0. Preliminaries < / h2 >
Status: POLICY/DRAFT 2007-09-18 < a href = "http://wiki.cacert.org/wiki/TopMinutes-20070917" > m20070918.x < / a > < br / >
Changed: 2008-04-01 Teus Hagen policy list vote; add advisors and board< br / >
Next status: POLICY 2008< br / >
<!-- $Id$ -->
< / p >
< h2 > < a name = "0" > 0. < / a > Preliminaries < / h2 >
< p > < p >
This policy describes how Organisation Assurers ("OAs")
This policy describes how Organisation Assurers ("OAs")
conduct Assurances on O rganisations.
conduct assurances on organisations.
It fits within the overall web-of-trustOrganisation assurance fits within the overall web-of-trust
or A ssurance process of CAcert.
or assurance process of CAcert.
< / p > < / p >
< p > < p >
This policy is not a Controlled document, for purposes of
This policy is subsidiary to Assurance Policy ("AP" COD13) and
Configuration Control Specification ("CCS").
is a Controlled document under
Configuration Control Specification ("CCS" COD2).
< / p > < / p >
< h2 > < a name = "1" > 1. < / a > < / h2 > < h2 id = "s1" > 1. Purpose < / h2 >
< p > < p >
Organisations with assured status can issue certificates
Organisations with assured status can issue certificates
@ -73,27 +68,27 @@ and as described in the CPS.
< / li > < / ul > < / li > < / ul >
< h2 > < a name = "2" > 2. < / a > < / h2 > < h2 id = "s2" > 2. Roles and Structure < / h2 >
< h3 > < a name = "2.1" > 2.1 < / a > < / h3 > < h3 id = "s2.1" > 2.1 Assurance Officer < / h3 >
< p > < p >
The Assurance Officer ("AO")
The Assurance Officer
manages this policy and reports to the CAcert Inc. Committee ("Board").
manages this policy and reports to the CAcert Inc. Committee ("Board").
< / p > < / p >
< p > < p >
The AO manages all OAs and is responsible for process,
The Assurance Officer manages all OAs and is responsible for process,
the CAcert Organisation Assurance Programme ("COAP") form,
the CAcert Organisation Assurance Programme ("COAP") form,
OA training and testing, manuals, quality control.
OA training and testing, manuals, quality control.
In these responsibilities, other Officers will assist.
In these responsibilities, other Officers will assist.
< / p > < / p >
< p > < p >
The OA is appointed by the Board.
The Assurance Officer is appointed by the Board
Where the OA is failing the Board decides .and may be replaced by the Board .
< / p > < / p >
< h3 > < a name = "2.2" > 2.2 < / a > < / h3 > < h3 id = "s2.2" > 2.2 Organisation Assurers < / h3 >
< p > < p >
< / p > < / p >
@ -101,8 +96,8 @@ Where the OA is failing the Board decides.
< ol type = "a" > < li > < ol type = "a" > < li >
An OA must be an experienced Assurer
An OA must be an experienced Assurer
< ol type = "i" >
< ol type = "i" >
< li > Have 150 assurance p oints.< / li >
< li > Have 50 Experience P oints.< / li >
< li > Be fully trained and tested on all general A ssurance processes.< / li >
< li > Be fully trained and tested on all general a ssurance processes.< / li >
< / ol >
< / ol >
< / li > < li >
< / li > < li >
@ -126,6 +121,7 @@ Where the OA is failing the Board decides.
< li > Tests are conducted manually, not online/automatic. < / li >
< li > Tests are conducted manually, not online/automatic. < / li >
< li > Documentation to be retained. < / li >
< li > Documentation to be retained. < / li >
< li > Tests may include on-the-job components. < / li >
< li > Tests may include on-the-job components. < / li >
< li > Final test to be a number of supervised organisation assurances. < / li >
< / ol >
< / ol >
< / li > < li >
< / li > < li >
@ -134,37 +130,31 @@ Where the OA is failing the Board decides.
< li > Two supervising OAs must sign-off on new OA,
< li > Two supervising OAs must sign-off on new OA,
as trained, tested and passed.
as trained, tested and passed.
< / li >
< / li >
< li > AO must sign-off on a new OA,
< li > To appoint a new O A, the Assurance Officer must sign-off
as supervised, trained and tested.
as supervised, trained and tested.
< / li >
< / li >
< / ol >
< / ol >
< / li >
< / li >
< li > The OA can decide when a CAcert
(individual) Assurer
has done several OA Application Advises to appoint this
person to OA Assurer.
< / li >
< / ol > < / ol >
< h3 > < a name = "2.3" > 2.3 < / a > Organisation Assurance Advisor ("OAA") < / h3 > < h3 id = "s2.3" > 2.3 Local Assurer as Advisor < / h3 >
< p > In countries/states/provinces where no OA Assurers are
< p > In countries/states/provinces where no OAs are
operating for an OA Application (COAP) the OA
operating, the OA
can be advised by an experienced local CAcert
may rely upon the advice of an experienced local CAcert
(individual) Assurer to take the decision
(individual) Assurer in performing the organisation assurance.
to accept the OA Application (COAP) of the organisation.
< / p >
< / p >
< p >
< p >
The local Assurer must have at least 1 50 Points,
The local Assurer must have at least 50 Experience Points,
should know the language, and know
should know the language, and know
the organisation trade office registry culture and quality.
the organisation trade office registry culture and quality.
< / p >
< / p >
< h3 > < a name = "2.4" > 2.4 < / a > < / h3 > < h3 id = "s2.4" > 2.4 Organisation Administrator < / h3 >
< p > < p >
The Administrator within each O rganisation ("O-Admin")
The Administrator within each o rganisation ("O-Admin")
is the one who handles the assurance requests
is the one who handles the assurance requests
and the issuing of certificates.
and the issuing of certificates.
< / p > < / p >
@ -191,9 +181,9 @@ and the issuing of certificates.
< / ol > < / ol >
< h2 > < a name = "3" > 3. < / a > < / h2 > < h2 id = "s3" > 3. Policies < / h2 >
< h3 > < a name = "3.1" > 3.1 < / a > < / h3 > < h3 id = "s3.1" > 3.1 Policy < / h3 >
< p > < p >
There is one policy being this present document,
There is one policy being this present document,
@ -207,7 +197,7 @@ and several subsidiary policies.
< li > Organisations are assured under an appropriate subsidiary policy. < / li >
< li > Organisations are assured under an appropriate subsidiary policy. < / li >
< / ol > < / ol >
< h3 > < a name = "3.2" > 3.2 < / a > < / h3 > < h3 id = "s3.2" > 3.2 Subsidiary Policies < / h3 >
< p > < p >
The nature of the Subsidiary Policies ("SubPols"):
The nature of the Subsidiary Policies ("SubPols"):
@ -226,7 +216,7 @@ The nature of the Subsidiary Policies ("SubPols"):
< / li > < li >
< / li > < li >
For OAs,
For OAs,
SubPol specifies the < i > tests of local knowledge< / i >
SubPol specifies the < i > tests of local knowledge< / i >
including the local organisation assurance COAP forms.
including the local COAP forms.
< / li > < li >
< / li > < li >
For assurances,
For assurances,
SubPol specifies the < i > local documentation forms< / i >
SubPol specifies the < i > local documentation forms< / i >
@ -237,7 +227,7 @@ The nature of the Subsidiary Policies ("SubPols"):
policy approval process.
policy approval process.
< / li > < / ol > < / li > < / ol >
< h3 > < a name = "3.3" > 3.3 < / a > < / h3 > < h3 id = "s3.3" > 3.3 Freedom to Assemble < / h3 >
< p > < p >
Subsidiary Policies are open, accessible and free to enter.
Subsidiary Policies are open, accessible and free to enter.
@ -270,11 +260,11 @@ Subsidiary Policies are open, accessible and free to enter.
< / li > < / ol > < / li > < / ol >
< h2 > < a name = "4" > 4. < / a > < / h2 > < h2 id = "s4" > 4. Process < / h2 >
< h3 > < a name = "4.1" > 4.1 < / a > < / h3 > < h3 id = "s4.1" > 4.1 Standard of Organisation Assurance < / h3 >
< p > < p >
The essential standard of Organisation A ssurance is:
The essential standard of organisation a ssurance is:
< / p > < / p >
< ol type = "a" > < li > < ol type = "a" > < li >
@ -292,9 +282,7 @@ The essential standard of Organisation Assurance is:
requestor can sign on behalf of the organisation.
requestor can sign on behalf of the organisation.
< / li > < li >
< / li > < li >
the organisation has agreed to the terms of the
the organisation has agreed to the terms of the
< b >
CAcert Community Agreement,
CAcert Community Agreement
< / b > ,
and is therefore subject to Arbitration.
and is therefore subject to Arbitration.
< / li > < / ol > < / li > < / ol >
@ -303,7 +291,7 @@ The essential standard of Organisation Assurance is:
are stated in the SubPol.
are stated in the SubPol.
< / p > < / p >
< h3 > < a name = "4.2" > 4.2 < / a > < / h3 > < h3 id = "s4.2" > 4.2 COAP < / h3 >
< p > < p >
The COAP form documents the checks and the resultant
The COAP form documents the checks and the resultant
assurance results to meet the standard.
assurance results to meet the standard.
@ -325,11 +313,11 @@ Additional information to be provided on form:
domain name(s)
domain name(s)
< / li > < li >
< / li > < li >
Agreement with
Agreement with
< b > < / b >
CAcert Community Agreement.
Statement and initials box for organisation
Statement and initials box for organisation
and also for OA.
and also for OA.
< / li > < li >
< / li > < li >
Date of completion of A ssurance.
Date of completion of a ssurance.
Records should be maintained for 7 years from
Records should be maintained for 7 years from
this date.
this date.
< / li > < / ol > < / li > < / ol >
@ -341,17 +329,17 @@ and indication provided that the English is the
ruling language (due to Arbitration requirements).
ruling language (due to Arbitration requirements).
< / p > < / p >
< h3 > < a name = "4.3" > 4.3 < / a > < / h3 > < h3 id = "s4.3" > 4.3 Jurisdiction < / h3 >
< p > < p >
Organisation A ssurances are carried out by
Organisation a ssurances are carried out by
CAcert Inc. under its Arbitration jurisdiction.
CAcert Inc. under its Arbitration jurisdiction.
Actions carried out by OAs are under this regime.
Actions carried out by OAs are under this regime.
< / p > < / p >
< ol type = "a" > < li > < ol type = "a" > < li >
The organisation has agreed to the terms of the
The organisation has agreed to the terms of the
< b > < / b >
CAcert Community Agreement.
< / li > < li >
< / li > < li >
The organisation, the Organisation Assurers, CAcert and
The organisation, the Organisation Assurers, CAcert and
other related parties are bound into CAcert's jurisdiction
other related parties are bound into CAcert's jurisdiction
@ -360,12 +348,12 @@ Actions carried out by OAs are under this regime.
The OA is responsible for ensuring that the
The OA is responsible for ensuring that the
organisation reads, understands, intends and
organisation reads, understands, intends and
agrees to the
agrees to the
< b > < / b >
CAcert Community Agreement.
This OA responsibility should be recorded on COAP
This OA responsibility should be recorded on COAP
(statement and initials box).
(statement and initials box).
< / li > < / ol > < / li > < / ol >
< h2 > < a name = "5" > 5. < / a > < / h2 > < h2 id = "s5" > 5. Exceptions < / h2 >
< ol type = "a" > < li > < ol type = "a" > < li >
@ -396,8 +384,5 @@ Actions carried out by OAs are under this regime.
This means that the anglo law tradition of unregistered DBAs
This means that the anglo law tradition of unregistered DBAs
is not accepted without further proof.
is not accepted without further proof.
< / li > < / ol >
< / li > < / ol >
< p > < a href = "http://validator.w3.org/check?uri=referer" > < img src = "http://www.w3.org/Icons/valid-xhtml11-blue" alt = "Valid XHTML 1.1" height = "31" width = "88" style = "border-style: none;" / > < / a >
< / body >
< / p >
< / body >
< / html > < / html >
Ian Grigg
13 years ago