From 9cfceaad121125026a9fd6977d8c226c1eef13ab Mon Sep 17 00:00:00 2001
From: Teus Hagen <teus@cacert.org>
Date: Mon, 22 Oct 2007 10:24:41 +0000
Subject: [PATCH] nitial version of sub policy for Germany: draft status.

git-svn-id: http://svn.cacert.org/CAcert/Policies@447 14b1bab8-4ef6-0310-b690-991c95c89dfd
---
 .../OrganisationAssurance-SubPolGermany.html  | 62 +++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 OrganisationAssurancePolicy/OrganisationAssurance-SubPolGermany.html

diff --git a/OrganisationAssurancePolicy/OrganisationAssurance-SubPolGermany.html b/OrganisationAssurancePolicy/OrganisationAssurance-SubPolGermany.html
new file mode 100644
index 0000000..4348b2d
--- /dev/null
+++ b/OrganisationAssurancePolicy/OrganisationAssurance-SubPolGermany.html
@@ -0,0 +1,62 @@
+<h1> <font color="blue">Organisation Assurance - sub-policy for German organisations</font></h1>
+<br><br>
+Author: Jens Paul
+<br>
+Creation date: WIP 2007-10-19 V0.1
+<br>
+Status: <font="red">DRAFT</font> 2007-10-22 based on WIP version 0.2
+<br>
+Date next status: changes expected in December 2007.
+<br>
+<!-- $Id$ -->
+
+<h2>0. Preliminaries</h2>
+This sub-policy describes how Organisation Assurers ("OAs") conduct assurances on German organisations. 
+It fits within the overall web-of-trust or assurance process and the Organisation Assurance Policy (OAP) of CAcert.
+<br><br><br>
+
+<h2>1. Purpose</h2>
+This is a subsidiary policy to the OAP.
+<br><br>
+a. This sub-policy is applicable for the assurance of German organisations only.<br>
+b. This sub-policy is an implementation of the OAP.<br>
+c.  In the below, where the Assurance Officer (AO) is referred to, this includes his local delegate.
+<br><br><br>
+
+<h2>2. Organisation Assurers</h2>
+
+<h2>2.1 Requirements for the Organisation Assurer</h2>
+In addition to the requirements defined in the OAP, an OA must meet the following requirements for assuring German organisations:<br>
+a. Knowledge on common legal forms of organisations in Germany.<br>
+b. Must pass an additional test on local knowledge even if he is already an OA.<br>
+c. Should help the AO to define local requirements.
+<br><br><br>
+ 
+<h2>3. Process</h2>
+
+<h2>3.1 Organisations</h2>
+Acceptable organisations under this sub-policy must be:
+<br><br>
+a. Organisations created under the rules of the German jurisdiction.<br>
+b. Organisations must not be revoked by a competent authority with direct oversight over the organisation.
+<br><br>
+
+<h2>3.2 Documents</h2>
+The organisation has to provide documents to prove the essential standard of Organisation Assurance as defined in the policy:<br>
+a. The primary mechanism to prove existence is to get an official extract from the official register, either via an online interface 
+or via physical means (organisation is asked to carry the costs)<br>
+b. Where not available, an official document will be required from the company, subject to such checks as defined by the AO.<br>
+c. If copies of official extracts from the official register are provided, they must be officially certified<br>
+d. Extracts from the official register should not be older than 4 weeks.<br>
+e. The AO maintains a list of which specific documents and tests can be acceptable for the certain types
+of organisations.<br>
+f. The OA can ask for additional documents if needed to validate required information for the assurance action.
+<br><br>
+
+<h2>3.3 COAP</h2>
+In addition to the checks defined in the policy, the COAP form for German organisations requires:<br>
+a. The OA must keep all documentation for 10 years.<br>
+b. Signatures from organisation officials must meet the following requirements<br>
+&nbsp&nbsp&nbsp i.&nbsp&nbsp as legally specified for the type of organisation<br>
+&nbsp&nbsp&nbsp ii.&nbsp as specified in the official documents (f.e. the excerpt from the register)<br>
+&nbsp&nbsp&nbsp iii. as delegated within the organisation (proof of delegation needed)