e2de6e8f7e
"Rename _all_ Policies from .php to .html and fix all links (was: Rename PolicyOnPolicy.php to .html)"
138 lines
4.1 KiB
HTML
138 lines
4.1 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" lang="en">
|
|
<title>CACert Organisation Assurance Program sub-policy for Germany</title>
|
|
<style type="text/css">
|
|
<!--
|
|
.comment {
|
|
color : steelblue;
|
|
}
|
|
-->
|
|
</style>
|
|
|
|
</head>
|
|
<body>
|
|
|
|
<h1> Organisation Assurance - sub-policy for German organisations</h1>
|
|
<div class="comment">
|
|
<table width="100%">
|
|
<tbody>
|
|
<tr>
|
|
<td rowspan="2">
|
|
Name: Organisation Assurance - sub-policy Germany <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD11.DE</a>
|
|
<br>
|
|
Creation Date : 2007-10-22
|
|
<br>
|
|
Editor: Jens Paul
|
|
<br>
|
|
Status: POLICY <a href="https://wiki.cacert.org/PolicyDecisions#p20140731">p20140731</a>
|
|
<br>
|
|
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright © CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy">CC-by-sa+DRP</a>
|
|
|
|
</td>
|
|
<td align="right" valign="top">
|
|
<a href="https://www.cacert.org/policy/PolicyOnPolicy.php">
|
|
<img src="images/cacert-policy.png" alt="OAP DE Status - POLICY" style="border-style: none;" height="31" width="88">
|
|
</a>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<h2 id="g0.1">0. Preliminaries</h2>
|
|
This sub-policy describes how Organisation Assurers ("OAs") conduct assurances on German organisations.
|
|
It fits within the overall web-of-trust or assurance process and the Organisation Assurance Policy (OAP) of CAcert.
|
|
<br>
|
|
|
|
<br>
|
|
|
|
<br>
|
|
|
|
<h2 id="g0.2">1. Purpose</h2>
|
|
This is a subsidiary policy to the OAP.
|
|
<br>
|
|
|
|
<br>
|
|
a. This sub-policy is applicable for the assurance of German organisations only.
|
|
<br>
|
|
b. This sub-policy is an implementation of the OAP.
|
|
<br>
|
|
c. In the below, where the Assurance Officer (AO) is referred to, this includes his local delegate.
|
|
<br>
|
|
|
|
<br>
|
|
|
|
<br>
|
|
|
|
<h2 id="g0.3">2. Organisation Assurers</h2>
|
|
|
|
<h2 id="g0.4">3. Requirements for the Organisation Assurer</h2>
|
|
In addition to the requirements defined in the OAP, an OA must meet the
|
|
following requirements for assuring German organisations:
|
|
<br>
|
|
a. Knowledge on common legal forms of organisations in Germany.
|
|
<br>
|
|
b. Must pass an additional test on local knowledge even if he is already an OA.
|
|
<br>
|
|
c. Should help the AO to define local requirements.
|
|
<br>
|
|
|
|
<br>
|
|
|
|
<br>
|
|
|
|
<h2 id="g0.5">4. Process</h2>
|
|
|
|
<h2 id="g0.6">5. Organisations</h2>
|
|
Acceptable organisations under this sub-policy must be:
|
|
<br>
|
|
|
|
<br>
|
|
a. Organisations created under the rules of the German jurisdiction.
|
|
<br>
|
|
b. Organisations must not be revoked by a competent authority with direct oversight over the organisation.
|
|
<br>
|
|
|
|
<br>
|
|
|
|
<h2 id="g0.7">6. Documents</h2>
|
|
The organisation has to provide documents to prove the essential standard of Organisation Assurance as defined in the policy:
|
|
<br>
|
|
a. The primary mechanism to prove existence is to get an official
|
|
extract from the official register, either via an online interface
|
|
or via physical means (organisation is asked to carry the costs)
|
|
<br>
|
|
b. Where not available, an official document will be required from the company, subject to such checks as defined by the AO.
|
|
<br>
|
|
c. If copies of official extracts from the official register are provided, they must be officially certified
|
|
<br>
|
|
d. Extracts from the official register should not be older than 4 weeks.
|
|
<br>
|
|
e. The AO maintains a list of which specific documents and tests can be acceptable for the certain types
|
|
of organisations.
|
|
<br>
|
|
f. The OA can ask for additional documents if needed to validate required information for the assurance action.
|
|
<br>
|
|
|
|
<br>
|
|
|
|
<h2 id="g0.8">7. COAP</h2>
|
|
<p>
|
|
In addition to the checks defined in the policy, the COAP form for German organisations requires:
|
|
<br>
|
|
a. The OA must keep all documentation for 10 years.
|
|
<br>
|
|
b. Signatures from organisation officials must meet the following requirements
|
|
<br>
|
|
i. as legally specified for the type of organisation
|
|
<br>
|
|
ii. as specified in the official documents (f.e. the excerpt from the register)
|
|
<br>
|
|
iii. as delegated within the organisation (proof of delegation needed)
|
|
</p>
|
|
|
|
|
|
</body>
|
|
</html>
|