 .'''THIS PAGE IS OUTDATED'''
----

== Completed Items in Audit Work Programme ==

=== Post-Audit-1 ===

This is the list of things that were achieved after termination of Audit-1.

||Task ||'''Who''' ||Since||Complete||
||[[https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html|Security Policy]] back to DRAFT || [[Iang]] || 201003xx || 201006xx ||
||[[http://www.cacert.org/policy/RootDistributionLicense.php|RDL]] to DRAFT || Mark ||2008xxxx ||[[PolicyDecisions#p20100710|p20100710]] ||
||Review of WoT Exceptions - [[TTP|TTP-Assist]] to DRAFT || [[UlrichSchroeter|U60]] || 2008xxxx || 201009xx ||
||Review of WoT Exceptions - [[PoJAM]] to DRAFT || [[UlrichSchroeter|U60]] || 2008xxxx || 201002xx ||
||Support expansion || [[Iang]] || 2008xxyy ||201002xx||
||Review of WoT Exceptions - [[PolicyDrafts/CodesigningAssurancePolicy|Code signing]] || policy group || 2008xxxx || 2009xxyy ||
||Software Changes to Website for RDL|| [[SoftwareDevelopmentTeam|Software]]||200806xx|| 201006xx  ||
||[[http://svn.cacert.org/CAcert/Policies/ConfigurationControlSpecification.html|CCS]] to DRAFT, including [[http://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html|CDL]] || [[Iang]] || 200611xx|| [[PolicyDecisions#p20100426|p20100426]] ||
||reviewed [[https://svn.cacert.org/CAcert/Policies/Agreements/3PVDisclaimerAndLicence.html|3pv's old D a L]], now to policy group ||[[Iang]]||20081221||20091213||
|| interim progress on support reported, [[https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20091206|Minutes]] see 2.2 || [[Brain/Support/TeamLeader|support t/l]] || 20091116 || 20091206 ||
|| resolution of the data protection project || [[Board]] || 20070822 || 20091206 ||
|| appointment of new support t/l || [[Board]] || 20080420 || [[https://community.cacert.org/board/motions.php?motion=m20091116.3|m20091116.3]] ||
|| end-of-life plan for Tverify || [[Board]] || [[https://wiki.cacert.org/PolicyDecisions|p20080712.1]] || [[https://community.cacert.org/board/motions.php?motion=m20090928.1|m20090928.1]] ||
|| first [[SystemAdministration/InfrastructureHost|infrastructure VMs]] come on line in [[Technology/Laboratory/Hardware/InfrastructureHost/Bern|Bern]] || swiss team || 200907xx || 200911xx ||
||CPS moved from svn.cacert.org/CAcert/policy.htm moved to [[https://www.cacert.org/policy/CertificationPracticeStatement.php|final home]]||Policy Group + Software||20090706|| [[PolicyDecisions|p20091106]] ||
|| re-initiated major review of Arbitration work-flow || Nick + Ulrich || 200907xx|| 200911xx ||
|| Board [[https://community.cacert.org/board/motions.php?motion=m20090912.1|confirmed that exceptions must have policy]] under [[http://www.cacert.org/policy/AssurancePolicy.php|Assurance Policy]] || [[Board]] || 200807xx || [[https://community.cacert.org/board/motions.php?motion=m20090912.1|m20090912.1]] ||
|| Support Review - upgrade to [[SecurityManual]]||Iang||20090502|| 20090721 ||
|| general [[SystemAdministration/InfrastructureHost|infrastructure hosting profile]] agreed || merano meeting || 20090802 || 200908xx ||
||Infrastructure (non-critical) hosting strategy agreed || [[Board]] || 200905xx || 200908xx ||
||[[https://www.cacert.org/policy/CertificationPracticeStatement.php|CPS]] to DRAFT||Board + Policy Group||20090124|| [[PolicyDecisions|p20090706]] ||
||final [[Audit/CommunityReport20090623|20090623 Community Report]]||[[Audit]]||20090426||20090623||

----
=== Completed Items during Audit 1 ===

||Task ||'''Who''' ||Since||Complete||
||'''resignation as auditor'''||Iang||20060101||[[https://lists.cacert.org/wws/arc/cacert-board/2009-06/msg00049.html|20090612]]||
||Access Engineer expansion - Bas added||oophaga||xx||[[https://lists.cacert.org/wws/arc/cacert-board/2009-06/msg00016.html|20090605]]||
||Old CAP forms patched with CCA||Dirk||20070830||20090601||
||old Assurer's [[https://lists.cacert.org/wws/arc/cacert-board/2009-05/msg00228.html|notified]] of Challenge||[[Board]] + PG||20080712 AP||20090522||
||sysadm expansion - added Stefan (ongoing)||wytze + teus + Arbitrator||20080930||m20090515.1||
||Management Assertion||Board||20060814|| m20090519.1||
||Assurance Review 2009 Spring Tour||Auditor + Assurers||20090516||20080712||
||[[Audit/CommunityReport20090426|20090426 Community Report]]||[[Audit]]||20090119||20090426||
||Software Review Innsbruck (software is audit fail)||PD + Auditor||20090301||20090420||
||Systems Review Visit #1||Auditor + sa/tl||20090301||20090506||
||Sysadm work-thru 2. passwords ||wytze||20081001|| 20090504 ||
||Switch off unChallenged Assurers||[[SoftwareDevelopmentTeam|Software]]||200806xx|| 20090404 ||
||[[http://svn.cacert.org/CAcert/Policies/AssurancePolicy.html|Assurance Policy]] to website [[http://www.cacert.org/policy/AssurancePolicy.php|AP]] ||software || [[PolicyDecisions|p20090105.2]] ||20090329||
||[[https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html|Security Policy]] to DRAFT || policy group ||20090313 ||20090327||
||svn.cacert.org/CAcert/policy.htm [[https://www.cacert.org/policy/CertificationPracticeStatement.php|CPS]] reviewed|| PD, teus || 20090124 || 20090313 ||
||[[https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html|Security Policy]] extracted from SM, reviewed || Wytze, PD || 20081201 ||20090306||
||[[https://svn.cacert.org/|CPS]] review sects 6||[[Audit]]||20090110||20090124||
||svn.cacert.org/CAcert/policy.htm [[https://www.cacert.org/policy/CertificationPracticeStatement.php|CPS]] incorporate [[PolicyDecisions|p20090105.1 domain/email decision]] 4.2.2|| iang || 20081224 || 20090124 ||
||Background Check first cut delivered for review||[[CAcertIncorporated|board]]||200709xx||20090123||
||[[Audit/CommunityReport20090119|20090119 Community Report]]||[[Audit]]||20081017||20090119||
||[[https://svn.cacert.org/|CPS]] review sects 1-5||[[Audit]]||20081016||20090110||
||svn.cacert.org/CAcert/policy.htm [[https://www.cacert.org/policy/CertificationPracticeStatement.php|CPS]] incorporates [[PolicyDecisions|p20081016 verified decision]] 4.5.2 || iang || 20081016 || 20090110 ||
||svn.cacert.org/CAcert/policy.htm [[https://www.cacert.org/policy/CertificationPracticeStatement.php#p4.2.2|domain/email verification]] to  [[PolicyDecisions|p20090105.1]] ||philipp Dunkel||20060101|| 20081224 ||
||[[http://svn.cacert.org/CAcert/Policies/AssurancePolicy.html|Assurance Policy]] to POLICY  [[PolicyDecisions|p20090105.2.2]]||philipp Dunkel||20080712|| 20081224 ||
||[[SecurityManual]] reviewed||iang + teus||20080101|| 20081201||
||[[Roots/NewRootsTaskForce|New Roots]] created (top + Assured) ||Guillaume + [[Roots/NewRootsTaskForce|nrTF]] ||[[TopMinutes-20070917|20070919]]|| 20081128||
||Systems admin - backups milestone ||wytze||20081001|| 20081128 ||
||[[http://iang.org/papers/open_audit_lisa.html|20081113 "An Open Audit"]] invited talk||[[Audit]]||200805xx||20081113||
||Milestone 1 agreed with NLnet||[[Board]]||20080101|| 200810xx||
||[[SecurityManual]] first cut delivered||Pat||20080101|| 20081010 ||
||[[Audit/CommunityReport20081007|20081007 Community Report]] (interim, AGM)||[[Audit]]||20080902||20081007||
||Systems admin team rebuild ||wytze||20061225||20081001||
||machines moved to NL Data Center ||everyone||20061225||20080930||
||[[Audit/CommunityReport20080902|20080902 Community Report]]||[[Audit]]||20080801||20080902||
||[[http://svn.cacert.org/CAcert/Policies/AssurancePolicy.html|Assurance Policy to DRAFT]]||[[AssuranceOfficer]]||20060631||[[ [[https://wiki.cacert.org/PolicyDecisions|p20080712.1]]||
||[[Audit/CommunityReport20080602|20080602 Community Report]]||[[Audit]]||20080531||20080602||
||[[Audit/CommunityReport20080321|20080321 Community Report]]||[[Audit]]||20080320||20080321||
||[[Audit/CommunityReport20080111|20080111 Community Report]]||[[Audit]]||20071226||20080320||
||[[http://svn.cacert.org/CAcert/CAcert_Inc/Funding/Iang_Audit_Agreement_20080303.pdf|Agreement on Audit Funding (iang)]]||[[Audit]]||200801xx||20080303||
||Assurers Training & Testing Programme||[[EducationOfficer|EO]]|| 200703.. ||20080301||
||Review of [[RisksLiabilitiesObligations|R/L/O]] ||[[Audit]]||20060921 ||20080211||
||[[http://www.cacert.org/policy/PolicyOnPolicy.php|PoP]] approved to POLICY under its own rules||policygroup||20080204||[[PolicyDecisions|p20080204.1]] ||
||[[http://www.cacert.org/policy/CAcertCommunityAgreement.php|CAcert Community Agreement]] approved to POLICY||policygroup||20070918||[[PolicyDecisions|p20080109.1]] ||
||Management / Audit handed over residual oversight || Board ||20070525|| 20070919||
||Present new POLICYs to [[NextAnnualGeneralMeeting|AGM]] for ratification||Members ||20061117||c20071117.x||
||[[http://svn.cacert.org/CAcert/PolicyOnPolicy.html|Policy on Policy]] approved to DRAFT||Board||200612..|| m20070929.4||
||[[http://www.cacert.org/policy/OrganisationAssurancePolicy.php|Organisation Assurance]] ||  Board || 20070905|| m20070919.x ||
||funding proposal for audit approved|| [[Board]] || 200706xx ||m20070919.5 ||
|| [[http://svn.cacert.org/CAcert/principles.html|Principles]] ''approved in principle''||Board||200707..||m20070918.5 ||
||[[http://www.cacert.org/policy/CAcertCommunityAgreement.php|CAcert Community Agreement]] (was RUA) approved to DRAFT||Board||20070830||m20070918.4 ||
||[[http://www.cacert.org/policy/DisputeResolutionPolicy.php|Dispute resolution policy]]||Board ||20060524||m20070918.3||
|| NRP's old --(D a L)-- approved to POLICY||Board||200703..||m20070918.1||
||Review of Minutes/Decisions of old board||[[Advisory]]||20060508||20070601||
||Minutes of [[SGM/SGM20070525|SGM 20070525]]|| [[Advisory]]||20070525||200706xx||

 * DecisionNumbers describes the last column
 * See [[AuditToDo]] for current tasks in the [[Audit]] project.

----
CategoryAudit