CAcert Organisation Assurance Program sub-policy for Australia

Author(s): Robert Cruikshank, Sam Johnston
Creation date: WIP 2008-03-18 V0.3
Status: WIP DRAFT 2008-03-XXX
Date next status: changes expected in April 2008.

0. Preliminaries

This CAcert sub-policy extends the Organisation Assurance Policy ("OAP") by specifying how the CAcert Organisation Assurance Program ("COAP") is to be conducted by the assigned Organisation Assurer ("OA") under the supervision of the Assurance Officer ("AO") for entities within the defined scope.

1. Scope

This sub-policy is applicable to:

  1. Australian legal entities:
    1. Sole Traders
    2. Partnerships
    3. Companies
    4. Trusts

2. Requirements

This section describes any scope specific requirements that are not otherwise defined in the OAP.

2.1 Organisation

  1. Sole traders operating under their own name are not required to obtain a business name registration.
  2. Applicants MUST be a valid legal entity but CAN have an arbitrary number of registered trading names.

2.2 Records

  1. Digital Signatures CAN be accepted in Australia under the Electronic Transactions Act(s).
  2. Records SHOULD typically be retained for a statutory period of five years.
  3. Reports SHOULD be submitted electronically via digitally signed email (including any attachments) by the OA to the AO.

2.3 Application Form

  1. The jurisdiction MUST be specified as 'Australia' (for companies and trusts) or an Australian State or Territory (for sole traders and partnerships).
  2. Any applicable organisation identifiers (ACN/ABN/ARBN) MUST be specified where applicable (not required for sole traders operating under their own name).

3. Registration

3.1 Registries

  1. Australian Securities and Investments Commission ("ASIC") [http://www.asic.gov.au/]
    1. National Names Index [http://www.search.asic.gov.au/gns001.html]
  2. Australian Taxation Office ("ATO") [http://www.ato.gov.au/]
    1. Australian Business Register ("ABR") [http://www.abr.business.gov.au/]
  3. AusRegistry [http://www.ausregistry.com.au/]
    1. .au ccTLD WHOIS [http://whois.ausregistry.net.au/]

3.2 Agents

  1. ASIC
    1. ASIC Information Brokers [http://www.asic.gov.au/asic/asic.nsf/byheadline/Information+brokers?openDocument]
    2. ASIC Service Centers [http://www.asic.gov.au/asic/asic.nsf/byheadline/ASIC+Service+Centre+Addresses?openDocument]

3.3 Identifiers

  1. Australian Company Number ("ACN") is a unique 9 digit identifying number assigned by ASIC when a body becomes registered as a company under corporations law.
  2. Australian Registered Body Number ("ARBN") is a unique 9 digit identifying number assigned by ASIC when a body is registered with them other than as a company, for example, foreign companies and registrable Australian bodies.
  3. Australian Business Number ("ABN") is a unique 11 digit identifying number issued to all entities registered in the Australian Business Register (ABR).

3.4 Documents

  1. ASIC Company Extract
  2. Certificate of Incorporation
  3. Certificate of Registration of Business Name
  4. -->

4. Processes

4.1 Assurance

  1. Each person listed in an application MUST be individually assured and referenced by a confirmed email.
  2. Sole traders operating under their own name CAN be automatically approved without further checks.
  3. All other trading names (including companies) MUST be verified against the National Names Index and/or Australian Business Register, where the status MUST be 'Registered' or 'Active' respectively.
  4. Partnership applicants MUST additionally be verified in these registers as a current individual member.
  5. Company applications MUST be made by an individual who is duly authorised to sign on behalf of the company:
    1. Officeholder applicants (directors and secretaries) MUST be verified in an "ASIC Company Extract" which is to be obtained for a fee (reclaimable from the applicant) by the OA from an ASIC Service Center or ASIC Information Broker.
    2. Any other applicant MUST prove that they are duly authorised to sign on behalf of the entity (for example via delegation and/or under replacible rules) to the satisfaction of the OA, for approval by the AO.

4.2 Domain Names

  1. .au ccTLD WHOIS contains organisation information (including identifiers where applicable) which MUST exactly match the organisation's details.
  2. Any other domain names MUST exactly match the organisation's details for the registrant (or equivalent) or be subject to technical verification measures.