Before: Arbitrator UlrichSchroeter (A), Respondent: Martin Simons (R), Claimant: Wytze van der Raay (C), Case: a20120418.1

History Log

Original Dispute, Discovery (Private Part) (optional)

EOT Private Part

Discovery

Ruling

The ruling consists of two parts.

  1. The first question is whether the candidate in question should be considered reliable enough to gain access to CAcert systems and data as part of (R)'s work for CAcert. I hereby come to the following ruling:
    • The background check has not revealed any material issues in conflict with a role under Security Policy (SP).

    • During the interview, all relations to problem areas that are subject to the ABC interview was discovered and observed during the interview, and discussed. No relationship has been found that represents a material threat to CAcert.
    • Based on (R)'s long time experience in the IT business area at least over a decade with jobs at several companies and projects (CV list goes back to 1999) and the answers given in the interview shows that (R) is considered reliable enough to gain access to CAcert's critical systems. With his knowledge about procedures in big companies in general he has the background knowledge to follow and fulfill CAcert's procedures in the critical area. Potential conflicts of interests have been discussed in the interview, including elements that could turn into CoI's in the future, but currently no CoI's have been identified. Technical skills have been discovered in an interview between (C) and (R) back in March 2012.
  2. For a recommendation on continued training in the areas of data security, social engineering, and other relevant fields I come to the following ruling:
    • Investigation of potential weaknesses in social engineering revealed that (R) had some familiarity with this topic. I recommend further training in this area. A first lesson in this area was given by interviewer.
    • However (R) has knowledge about Policies and Rules work in major companies, we've discovered lesser knowledge about CAcert's policies and procedures in detail. So therefor my recommendation to the teamleader is, to continue with the advises that we've started in the ABC interview. (R) to study CAcert's Security Policy in the SVN and CAcert's Security Manual in the wiki. Also the System Administration documentation in the wiki, especialy the System Administration - Procedures to become familiar with the CAcert specific rules and procedures framework.

Frankfurt/Main, 2012-10-31

Execution

Similiar Cases

a20091209.1

Arbitrated Background Check over Wolfgang Kasulke

a20091215.1

Arbitrated Background Check over Martin Schulze

a20120211.1

Arbitrated Background Check over Marek Michal Mazur


Arbitrations/a20120418.1 (last edited 2012-10-31 14:19:56 by UlrichSchroeter)