If public resources are used, then there should be a description of the types of public resources that are used, what data is retrieved from public resources, and how that data is used for verification of the entity referenced in the certificate.
The verification procedures often include contacting the organization through an independent means to confirm that the certificate subscriber is authorized by the organization to request the certificate. If this is the case, then it should be documented. The documentation should include such information such as how the company's contact information is obtained, the method for contacting the organization, who is contacted at the organization, and what information theyconfirm.
=== DNS names go in SAN ===