Confirmed users, Administrators
5,526
edits
CA/Audit Statements: Difference between revisions
Jump to navigation
Jump to search
Added section about providing auditor qualifications.
(added info about what it means for a CA to be trusted by Mozilla's root store) |
(Added section about providing auditor qualifications.) |
||
| Line 195: | Line 195: | ||
# Bound by law, government regulation, or professional code of ethics; and | # Bound by law, government regulation, or professional code of ethics; and | ||
# Except in the case of an Internal Government Auditing Agency, maintains Professional Liability/Errors & Omissions insurance with policy limits of at least one million US dollars in coverage. | # Except in the case of an Internal Government Auditing Agency, maintains Professional Liability/Errors & Omissions insurance with policy limits of at least one million US dollars in coverage. | ||
== Providing Auditor Qualifications == | |||
'''DRAFT'''<br /> | |||
<br /> | |||
Version 2.7.1 of Mozilla's Root Store Policy requires CAs to have their auditor provide information about the auditor's qualifications when they provide audit statements. The information needs to be sufficient for us to see that the requirements listed above have been met by the audit team, but does not need to specifically name the individuals on the team, other than the lead auditor who signs the audit statement. The document to be provided about the audit team's qualifications must include the following. | |||
* Date that the document was written and signed by the lead auditor | |||
* Name and address of the organization performing the audit | |||
* Full name of the CA that was audited | |||
* Name of Audit Team | |||
* Basis of Accreditation, e.g. ETSI / WebTrust | |||
* Proof of Accreditation (URL), see below. | |||
* Lead Auditor | |||
** Name | |||
** Years of Experience | |||
** Type of Experience (IT, PKI, etc.) | |||
** Skills and Qualifications | |||
** Credentials/Designations | |||
** Except for the name of the Lead Auditor, we ask that you not provide any personally identifiable information. | |||
* For each additional member of the audit team: | |||
** Audit Team Member # (e.g. 1, 2, 3...) | |||
** Years of Experience | |||
** Type of Experience (IT, PKI, etc.) | |||
** Skills and Qualifications | |||
** Credentials/Designations | |||
== Verifying WebTrust Auditor Qualifications == | == Verifying WebTrust Auditor Qualifications == | ||