You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
cacert-policies/OrganisationAssurancePolicy/OrganizationAssuranceSubPol...

143 lines
5.9 KiB
HTML

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
CACert Organisation Assurance Program sub-policy for the United States of America
</title>
</head>
<body>
<h1>
CAcert Organisation Assurance Program sub-policy for the United States of America
</h1>
<p>
<a href="../PolicyOnPolicy.html"><img src="../images/cacert-wip.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
Author: Fred Trotter<br />
Creation date: 2008-05-26<br />
Status: WiP 2008-05-26<br />
Next status: DRAFT 2008<br />
<!-- $Id: OrganisationAssuranceSubPolicyUSA.html 772 2008-05-01 13:46:20Z teus $ -->
</p>
<h2>
0. Preliminaries
</h2>
<p>
This CAcert sub-policy extends the Organisation Assurance Policy ("OAP") by specifying how Organisation Assurance is to be conducted by the assigned Organisation Assurer ("OA") under the supervision of the Organisation Assurance Officer ("OAO") for entities within the defined scope.
</p>
<h2>
1. Scope
</h2>
<p>
This sub-policy is applicable to:<br />
</p>
<ol style="list-style-type: lower-alpha;">
<li>Legal entities in the United States of America:<br />
<ol style="list-style-type: lower-roman;">
<li>Corporations (including non-profit)
</li>
<li>Limited Liability Companies (LLC)
</li>
<li>Partnerships
</li>
<li> Sole Proprietorships
</li>
<li> Churches, Clubs and other groups
</li>
<li> Universities, Colleges and other schools
</li>
</ol>
</li>
</ol>
<h2>
2. Requirements
</h2>
<p>
This section describes any scope specific requirements that are not otherwise defined in the OAP.
</p>
<h3>
2.1 Organisation
</h3>
<ol style="list-style-type: lower-alpha;">
<li>Applicants MUST be a valid legal entity but MAY have an arbitrary number of registered trading names.
</li>
</ol>
<h3>
2.2 Records
</h3>
<ol style="list-style-type: lower-alpha;">
<li>Digital Signatures MAY be accepted as per Section 9 of the Uniform Electronic Transactions Act and the Electronic Signatures in Global and National Commerce Act. Organizations that have specific compliance concerns should work with the organizational assurer and the author of the document to ensure that specific requirements are met.
</i>
<li>Historic documents MAY be accepted where it can be proven that material changes have not been made (eg via absence of subsequent submissions in official document listings).
</li>
</ol>
<h3>
2.3 Application Form
</h3>
<ol style="list-style-type: lower-alpha;">
<li> CACert is centrally concerned with determining who is has the local authority to recognize local organizations. In the United States, this will be determined in the following order:</li>
<li><ul>
<li> The Secretary of State (sos) in the State or Territory in question </li>
<li> A Credit Check if a sos record is not available </li>
<li> If neither of these are possible, it is the responsibility of the organization to propose an alternative to the sos as a enumerating body. </li>
<li> The Assurer should see if CACert has already made a determination about this enumerating body. </li>
</ul>
<li> Here is a partial list of such organizations. </li>
<ul>
<li> For Catholic associated organizations, the local Diocese should be consulted</li>
<li> For Medical Organizations/Providers The NPI database maintained by CMS <a href='https://nppes.cms.hhs.gov/NPPES/Welcome.do'>https://nppes.cms.hhs.gov/NPPES/Welcome.do</a></li>
</ul>
</li>
<li>Some of the secretary of state offices require a fee to search the database. In any case that the Assurer must pay a fee to verify that an organization is legitimate, CACert will charge the cost of the verification to the applicant and refund the Assurer. </li>
</li>
</ol>
<h2>
3. Registration
</h2>
<h3>
3.2 Identifiers
</h3>
<ol style="list-style-type: lower-alpha;">
<li>Whereever possible and appropriate, Employee Idetification Number should be used.
</li>
</ol>
<h3>
3.3 Documents
</h3>
<ol style="list-style-type: lower-alpha;">
<li>Valid documents are either from a certifying state agency or confirmed on case-by-case basis
</li>
</ol>
<h2>
4. Processes
</h2>
<ol style="list-style-type: lower-alpha;">
<li> Contact an Organizational Assurer to begin the process. </li>
</ol>
<h3>
4.1 Assurance
</h3>
<ol style="list-style-type: lower-alpha;">
<li>Each person listed in an application MUST be individually assured and referenced by a confirmed email.
</li>
<li>All entities MUST be verified by a Secretary of State, at least the physical address location must mirror information in the domain name being registered. Unfortunately for this reason, domains with anonymized or P.O. Box address registrations will not be allowed. </li>
<li>Members of partnerships must be individually assurered before the organization can be assured. </li>
<li>Company applications MUST be made by an individual who is duly authorised to sign on behalf of the company:
<ol style="list-style-type: lower-roman;">
<li>Officeholder applicants (directors or preferably secretary) MUST be verified in documents available from the relevant Secretary of State, or other verifying organization. </li>
<li>Any other applicant MUST prove that they are duly authorised to sign on behalf of the entity (for example via delegation and/or under company rules) to the satisfaction of the OA, for approval by the OAO.
</li>
</ol>
</li>
</ol>
<p>
<a href="http://validator.w3.org/check?uri=referer"><img src="../images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
</p>
</body>
</html>