diff --git a/OrganisationAssurancePolicy/PolicyOrganisationAssurance.html b/OrganisationAssurancePolicy/PolicyOrganisationAssurance.html
deleted file mode 100644
index e38ce0d..0000000
--- a/OrganisationAssurancePolicy/PolicyOrganisationAssurance.html
+++ /dev/null
@@ -1,403 +0,0 @@
-
-
-
-
-
- Organisation Assurance Policy
-
-
-
-
-
-
-
WARNING:
- The proper policy document is located
-
- on the CAcert website .
-
- This document is a working draft to include
- future revisions only, and is currently
- only relevant for the [policy] group.
-
-
-
-
- Organisation Assurance Policy
-
-
-
-Document: OAP COD11
-Author: Jens Paul
-Creation date: 2007-09-18
-Status: POLICY/DRAFT 2007-09-18 m20070918.x
-Changed: 2008-04-01 Teus Hagen policy list vote; add advisors and board
-Next status: POLICY 2008
-
-
- 0. Preliminaries
-
-
-This policy describes how Organisation Assurers ("OAs")
-conduct Assurances on Organisations.
-It fits within the overall web-of-trust
-or Assurance process of CAcert.
-
-
-
-This policy is not a Controlled document, for purposes of
-Configuration Control Specification ("CCS").
-
-
- 1. Purpose
-
-
-Organisations with assured status can issue certificates
-directly with their own domains within.
-
-
-
-The purpose and statement of the certificate remains
-the same as with ordinary users (natural persons)
-and as described in the CPS.
-
-
--
- The organisation named within is identified.
-
-
- The organisation has been verified according
- to this policy.
-
-
- The organisation is within the jurisdiction
- and can be taken to CAcert Arbitration.
-
-
-
- 2. Roles and Structure
-
- 2.1 Assurance Officer
-
-
-The Assurance Officer ("AO")
-manages this policy and reports to the CAcert Inc. Committee ("Board").
-
-
-
-The AO manages all OAs and is responsible for process,
-the CAcert Organisation Assurance Programme ("COAP") form,
-OA training and testing, manuals, quality control.
-In these responsibilities, other Officers will assist.
-
-
-The OA is appointed by the Board.
-Where the OA is failing the Board decides.
-
-
- 2.2 Organisation Assurers
-
-
-
-
- -
- An OA must be an experienced Assurer
-
- - Have 150 assurance points.
- - Be fully trained and tested on all general Assurance processes.
-
-
- -
- Must be trained as Organisation Assurer.
-
- - Global knowledge: This policy.
- - Global knowledge: A OA manual covers how to do the process.
- - Local knowledge: legal forms of organisations within jurisdiction.
- - Basic governance.
- - Training may be done a variety of ways,
- such as on-the-job, etc.
-
-
- -
- Must be tested.
-
- - Global test: Covers this policy and the process.
- - Local knowledge: Subsidiary Policy to specify.
- - Tests to be created, approved, run, verified
- by CAcert only (not outsourced).
- - Tests are conducted manually, not online/automatic.
- - Documentation to be retained.
- - Tests may include on-the-job components.
-
-
- -
- Must be approved.
-
- - Two supervising OAs must sign-off on new OA,
- as trained, tested and passed.
-
- - AO must sign-off on a new OA,
- as supervised, trained and tested.
-
-
-
- - The OA can decide when a CAcert
- (individual) Assurer
- has done several OA Application Advises to appoint this
- person to OA Assurer.
-
-
-
-
- 2.3 Organisation Assurance Advisor ("OAA")
- In countries/states/provinces where no OA Assurers are
- operating for an OA Application (COAP) the OA
- can be advised by an experienced local CAcert
- (individual) Assurer to take the decision
- to accept the OA Application (COAP) of the organisation.
-
-
- The local Assurer must have at least 150 Points,
- should know the language, and know
- the organisation trade office registry culture and quality.
-
-
-
- 2.4 Organisation Administrator
-
-
-The Administrator within each Organisation ("O-Admin")
-is the one who handles the assurance requests
-and the issuing of certificates.
-
-
- -
- O-Admin must be Assurer
-
- - Have 100 assurance points.
- - Fully trained and tested as Assurer.
-
-
- -
- Organisation is required to appoint O-Admin,
- and appoint ones as required.
-
- - On COAP Request Form.
-
-
- -
- O-Admin must work with an assigned OA.
-
- - Have contact details.
-
-
-
-
- 3. Policies
-
- 3.1 Policy
-
-
-There is one policy being this present document,
-and several subsidiary policies.
-
-
-
- - This policy authorises the creation of subsidiary policies.
- - This policy is international.
- - Subsidiary policies are implementations of the policy.
- - Organisations are assured under an appropriate subsidiary policy.
-
-
- 3.2 Subsidiary Policies
-
-
-The nature of the Subsidiary Policies ("SubPols"):
-
-
--
- SubPols are purposed to check the organisation
- under the rules of the jurisdiction that creates the
- organisation. This does not evidence an intention
- by CAcert to
- enter into the local jurisdiction, nor an intention
- to impose the rules of that jurisdiction over any other
- organisation.
- CAcert assurances are conducted under the jurisdiction
- of CAcert.
-
-
- For OAs,
- SubPol specifies the tests of local knowledge
- including the local organisation assurance COAP forms.
-
-
- For assurances,
- SubPol specifies the local documentation forms
- which are acceptable under this SubPol to meet the
- standard.
-
-
- SubPols are subjected to the normal
- policy approval process.
-
-
- 3.3 Freedom to Assemble
-
-
-Subsidiary Policies are open, accessible and free to enter.
-
-
--
- SubPols compete but are compatible.
-
-
- No SubPol is a franchise.
-
-
- Many will be on State or National lines,
- reflecting the legal
- tradition of organisations created
- ("incorporated") by states.
-
-
- However, there is no need for strict national lines;
- it is possible to have 2 SubPols in one country, or one
- covering several countries with the same language
- (e.g., Austria with Germany, England with Wales but not Scotland).
-
-
- There could also be SubPols for special
- organisations, one person organisations,
- UN agencies, churches, etc.
-
-
- Where it is appropriate to use the SubPol
- in another situation (another country?), it
- can be so approved.
- (e.g., Austrian SubPol might be approved for Germany.)
- The SubPol must record this approval.
-
-
-
- 4. Process
-
- 4.1 Standard of Organisation Assurance
-
-The essential standard of Organisation Assurance is:
-
-
--
- the organisation exists
-
-
- the organisation name is correct and consistent:
-
- - in official documents specified in SubPol.
- - on COAP form.
- - in CAcert database.
- - form or type of legal entity is consistent
-
- -
- signing rights:
- requestor can sign on behalf of the organisation.
-
-
- the organisation has agreed to the terms of the
-
- CAcert Community Agreement
- ,
- and is therefore subject to Arbitration.
-
-
-
- Acceptable documents to meet above standard
- are stated in the SubPol.
-
-
-
-
-The COAP form documents the checks and the resultant
-assurance results to meet the standard.
-Additional information to be provided on form:
-
-
--
- CAcert account of O-Admin (email address?)
-
-
- location:
-
- - country (MUST).
- - city (MUST).
- - additional contact information (as required by SubPol).
-
- -
- administrator account name(s) (1 or more)
-
-
- domain name(s)
-
-
- Agreement with
- CAcert Community Agreement.
- Statement and initials box for organisation
- and also for OA.
-
-
- Date of completion of Assurance.
- Records should be maintained for 7 years from
- this date.
-
-
-
-The COAP should be in English. Where translations
-are provided, they should be matched to the English,
-and indication provided that the English is the
-ruling language (due to Arbitration requirements).
-
-
- 4.3 Jurisdiction
-
-
-Organisation Assurances are carried out by
-CAcert Inc. under its Arbitration jurisdiction.
-Actions carried out by OAs are under this regime.
-
-
--
- The organisation has agreed to the terms of the
- CAcert Community Agreement.
-
-
- The organisation, the Organisation Assurers, CAcert and
- other related parties are bound into CAcert's jurisdiction
- and dispute resolution.
-
-
- The OA is responsible for ensuring that the
- organisation reads, understands, intends and
- agrees to the
- CAcert Community Agreement.
- This OA responsibility should be recorded on COAP
- (statement and initials box).
-
-
- 5. Exceptions
-
-
--
- Conflicts of Interest.
- An OA must not assure an organisation in which
- there is a close or direct relationship by, e.g.,
- employment, family, financial interests.
- Other conflicts of interest must be disclosed.
-
-
- Trusted Third Parties.
- TTPs are not generally approved to be part of
- organisation assurance,
- but may be approved by subsidiary policies according
- to local needs.
-
-
- Exceptional Organisations.
- (e.g., Vatican, International Space Station, United Nations)
- can be dealt with as a single-organisation
- SubPol.
- The OA creates the checks, documents them,
- and subjects them to to normal policy approval.
-
-
- DBA.
- Alternative names for organisations
- (DBA, "doing business as")
- can be added as long as they are proven independently.
- E.g., registration as DBA or holding of registered trade mark.
- This means that the anglo law tradition of unregistered DBAs
- is not accepted without further proof.
-
-
-
-
-
-