CAcert regrets to announce that Ian Grigg resigned as auditor for CAcert, effective the 12th of June 2009. Ian is ending his activity on behalf of CAcert Inc within the “audit for CAcert,” audit project.
Ian’s work was a primary element in the audit project, which started in the beginning of 2008. The one and a half years project is almost at the point of the second of the three mile stones. Because of the long time it takes for getting policies accepted in the far-flung CAcert Community and CAcert Board, a board run in the spare time of its members, the end date of the project has shifted greatly. The true amount of work was underestimated.
All together, this made funding and periodic payment of expenses quite troublesome.
Ian influenced and achieved quite a lot of the current set of policies, agreements and documentation. CAcert thanks Ian for his contribution. It is most regrettable that Board actions to find solutions to the problems mentioned did not succeed to undo the resignation.
CAcert now has to find another auditor, and we expect that this may take some time. In the meantime, some work still has to be done in order to get CAcert ready for an audit.
This includes: finalizing and accepting the Certificate Policy Statement (CPS); working to make sure that Organisation Assurance can be audited (i.e., write-up of the Organisation Assurer Manual, and …); continuing the audit on the code for security; continuing finding a solution for Third Party assurances; continuing to incorporate new policy functions into the Web software system; testing of the new (Sub)Root Keys; Assurance information and training, etc.
As you can see “some work” is actually quite a lot of work.
Also, Ian has an audit to-do list described in his wiki Audit To Do.
If you have any questions or would like to get involved with the audit project, please contact support at cacert.org. We’d like to hear from you.
President of Board