Audit Report 20080321

As promised, there is now a current report posted on the wiki from Audit. Highlights:

  • CAcert is in the process of rolling out its new CAcert Community Agreement. The website now refers to it.
  • Soon, expect to see checkboxes to tick with statements like “I agree to the CAcert Community Agreement”.
  • The Assurance Policy is the next policy that the Audit needs tied down. Currently, it is at an advanced stage. Debate is going on as to whether to drop the requirement for Dates of Birth, as these are considered useful for fraud in some places. Unfortunately, the system does use this as an internal discriminator, so there are pros and cons.
  • Pat Wilson is now working on the Security Manual. Thanks, and welcome Pat!
  • The critical systems are the critical path for audit! Evaldo has been tasked to build the sysadm team, move the systems and implement dual control. See other blog entries!
  • Have you met the Assurer Challenge yet? CATS is in place, and some time soon, assurances will be blocked for those who have not as yet met the challenge.
  • If you are interested in the Audit work, there is a ToDo list on the wiki, and I have put the audit criteria online with the working commentary and (wip) conformance. See the main report for that location and the secret password!

That’s it from the Audit side. Now over to you!

Leave a Reply