dropped the redundant text in 9.1.4.2 so as to refer directly to critical roles in 1.1.1.

Introduced the acronym ABC into the background section.


git-svn-id: http://svn.cacert.org/CAcert/Policies@1869 14b1bab8-4ef6-0310-b690-991c95c89dfd

SecurityPolicy.html

@@ -46,10 +46,11 @@ a:hover {
 <body lang="en-GB">
 
 <ul class="change">
+<li> 20100411: rewrote the critical roles to align with ABC requirement, dropped Board.
 <li> 20100404: status changes to WIP<br>
     <span class="q"> Security Policy is no longer binding, as of 20100404</span><br />
-<li> 20901213: addition of WIP changes<br />
-<li> 20090327: status change to DRAFT <a href="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>.<br />
+<li> 20901213: addition of WIP changes
+<li> 20090327: status change to DRAFT <a href="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>.
 </ul>
 
 <p>
@@ -90,7 +91,8 @@ Board may add additional components into the Security Manual.
 <h4><a name="1.1.1">1.1.1.</a> Covered Personnel </h4>
 
 <p>
-These roles are directly covered:
+Critical roles are covered.
+These roles are defined as:
 </p>
 
 <ul><li>
@@ -100,9 +102,7 @@ These roles are directly covered:
     </li><li>
       Support Engineers
     </li><li>
-      Software Assessors
-    </li><li class="change">
-      Application Engineers
+      Software Assessors (including Application Engineers)
 </li></ul>
 
 <h4><a name="1.1.2">1.1.2.</a> Out of Scope </h4>
@@ -206,7 +206,7 @@ This policy document says what is done, rather than how to do it.
 <p>
 This Policy explicitly defers detailed security practices to the
 <a href="http://wiki.cacert.org/wiki/SecurityManual">Security Manual</a>
-("SM"),
+("SM").
 The SM says how things are done.
 As practices are things that vary from time to time,
 including between each event of practice,
@@ -1192,7 +1192,7 @@ New team members need:
 
 <ul>
     <li> Recommendation by team leader </li>
-    <li> Independent background check </li>
+    <li> Arbitrated Background Check ("ABC") </li>
     <li> Authorisation by Board </li>
 </ul>
 
@@ -1200,16 +1200,17 @@ New team members need:
 The team supports the process of adding new team members.
 </p>
 
-<h4> <a name="9.1.4"> 9.1.4. </a> Background Check Procedures</h4>
+<h4> <a name="9.1.4"> 9.1.4. </a> Arbitrated Background Check - Procedures</h4>
 <p>
-Background checks are carried out with full seriousness.
-Background checks must be conducted under the direction of the Arbitrator,
+The Arbitrated Background Check ("ABC")
+must be conducted under the direction of the Arbitrator,
 with a separate Case Manager to provide four eyes.
+ABCs are carried out with full seriousness.
 </p>
 
 <h4> <a name="9.1.4.1"> 9.1.4.1. </a> Scope </h4>
 <p>
-An investigation should include examination of:
+An investigation within ABC should include examination of:
 </p>
 
 <ul>
@@ -1223,22 +1224,13 @@ An investigation should include examination of:
 
 <h4> <a name="9.1.4.2"> 9.1.4.2. </a> Coverage </h4>
 <p>
-A background check is to be done for all critical roles.
-The background check should be done on all of:
+ABC is to be done on every individual in a critical role.
 </p>
 
-<ul>
-    <li> Systems Administrator </li>
-    <li> Access Engineers </li>
-    <li> Software Assessor <span class="change"> (including Application Engineer)</span></li>
-    <li> Support Engineer </li>
-    <li class="change strike"> Board </li>
-</ul>
-
 <h4> <a name="9.1.4.3"> 9.1.4.3. </a> Documentation </h4>
 
 <p>
-The process of the background check should be documented as a procedure.
+The process of the ABC should be documented as a procedure.
 </p>
 
 <p>