Incidents

This page's purpose is to report, review and follow incidents within CAcert.

Definitions

An incident is an event that could lead to loss of, or disruption to CAcert's operations, services or functions. If not handled it can escalate into an emergency, crisis or a disaster.

The incident management is therefore a process driven by CAcert's internal audit team to limit the potential disruption caused by such an event, followed by a return to normal business.

Incidents could effect one ore more of the following:

Process

  1. Incident Report
  2. Incident Classification
  3. Incident Handling with an Incident Response Team consisting of required functions within CAcert
  4. Incident Documentation and strategies to avoid further occurrence
  5. Incident Communication to CAcert's Management

Report an incident

If you have the feeling or a proof that something in the community does not comply to the internal rules, please send an e-mail to <audit AT SPAMFREE cacert DOT org> to contact the audit team.

Try to be as precise as possible with your incident and add a proof where possible. All cases will be handled anonymously, the audit team will never reveal your identity without your confirmation. We need to follow every hint.

'Beware:' The Incident Reporting is no substitution for a proper Arbitration case. Even Arbitration might get involved into the incidents to provide required information under privacy, we do not handle any arbitration cases.

Lists of Incidents

{-} red open - {o} orange running - {0} yellow execution - {g} green closed

Incident Nr.

Incident Manager

Status

Synopsis

i20160410.1

BenediktHeintel

{o} running

Association rule violations

i20151207.1

BenediktHeintel

{g} closed

Potential Abuse of Power

i20151205.1

BenediktHeintel

{0} execution

Data Privacy breach

i20150725.2

BenediktHeintel

{-} open

Signer security issue

i20150725.1

BenediktHeintel

{-} open

Missing document

i20150219.1

BenediktHeintel

{g} closed

Data Privacy breach

i20150115.1

BenediktHeintel

{g} closed

Wrong Version of CCA deployed

i20141011.1

BenediktHeintel

{g} closed

Support Team not following established process

i20140814.1

BenediktHeintel

{0} execution

Attempted Privacy data breach

i20140628.1

BenediktHeintel

{0} execution

Data Privacy breach

i20140625.1

BenediktHeintel

{0} execution

Data Privacy breach & potential abuse of power

i20140325.1

BenediktHeintel

{g} closed

Potential abuse of power

i20130810.1

BenediktHeintel

{g} closed

Potential loss of CAcert Root Certificate credentials

Incident Template

i201YMMDD.n

{-} init

template for an incident.


CategoryAudit