Confirmed users
377
edits
CA/Audit Statements: Difference between revisions
→Providing Auditor Qualifications: Attempt to clarify language
(→Providing Auditor Qualifications: Removed requirement to disclose insurance carrier) |
(→Providing Auditor Qualifications: Attempt to clarify language) |
||
| Line 117: | Line 117: | ||
Version 2.7.1 of Mozilla's Root Store Policy requires CAs to have their auditor provide information about the auditor's qualifications when they provide audit statements. The information needs to be sufficient for us to see that the requirements listed above have been met by the audit team, but does not need to specifically name the individuals on the team, other than the lead auditor who signs the audit statement. The Audit Team may consist of one person provided that the person meets all criteria set out above and that there is an audit quality reviewer. | Version 2.7.1 of Mozilla's Root Store Policy requires CAs to have their auditor provide information about the auditor's qualifications when they provide audit statements. The information needs to be sufficient for us to see that the requirements listed above have been met by the audit team, but does not need to specifically name the individuals on the team, other than the lead auditor who signs the audit statement. The Audit Team may consist of one person provided that the person meets all criteria set out above and that there is an audit quality reviewer. | ||
CAs must submit a summary of the Audit Team's qualifications and experience as outlined below with respect to the audit. The information can also be provided as part of the audit result documentation, like the [https://www.acab-c.com/downloads/ ETSI Audit Attestation Letter (AAL)], or as a supplement to the WebTrust Assurance Report. | CAs must submit a summary of the Audit Team's qualifications and experience, as outlined below with respect to the audit. The information can also be provided as part of the audit result documentation, like the [https://www.acab-c.com/downloads/ ETSI Audit Attestation Letter (AAL)], or as a supplement to the WebTrust Assurance Report. | ||
* Date that the audit report was signed | * Date that the audit report was signed | ||
| Line 124: | Line 124: | ||
* Audit Criteria, e.g. ETSI / WebTrust | * Audit Criteria, e.g. ETSI / WebTrust | ||
* Proof of audit firm or CAB Accreditation (URL), see paragraphs below. | * Proof of audit firm or CAB Accreditation (URL), see paragraphs below. | ||
* Name of Lead Auditor (except where prohibited by law, | * Name of Lead Auditor (except where prohibited by law or other public policy, in which case, we ask that you not provide any personally identifiable information) | ||
* For the Audit Team and the Audit Quality Reviewer, qualification information such as: | * For the Audit Team and the Audit Quality Reviewer, qualification information such as: | ||
** Number of Audit Team Members | ** Number of Audit Team Members | ||