Audit To Do

Intro


Stuff that is Complete is now in Audit/Done. Each item below moves there when complete.

Audit-1 Closure Tasks

List of tasks that I have to finish off to get closure on the audit.

Task

Status

Comment

Recommended list of audit tasks

new board / SGM

A prioritised and named list of tasks as a work programme. This was more or less dominated by board priorities (finance, data prot., infra-hosting) and in detail was not done.

brain dump

new board

done informally with new directors over skype

DRC

server down

bring the DRC browser up to date so the criteria can be considered an accurate record and/or move it to a better platform

Systems

next

document the preliminary findings, next steps. see above, over-swept by board priorities.

Finance & support

...

document all the in-kind and help for the audit process

Cleanup Doco

ongoing

wiki, SVN

Outstanding Tasks

This is the list of things that are outstanding following the path of the first DRC Audit:

Task

Who

Status

Blocking

Since

Comment

Assurance Review

Audit

ATE 2010 tour

.

20100101

Review of Assurance but requires co-audit data.

Notifications

Board + Wytze

Board has requested

Assurance Review

20070830

notify all Members of CCA. See RolloutCommunityAgreement

Software Changes to Website

Board Software

???

Assurance Review

200806xx

b. add checkboxes "I agree to CCA." to cert creation; c. drop wrong/out-of-date contract text; See RolloutCommunityAgreement

Software

Board (PD)

rebuild

DRC-C

20090520

need to review the Software Development progress - did first complete patch to SP 20101005?

Systems - Disaster Recovery

Board

...

DRC-A

200905xx

pending

Systems - Backups

Board

...

DRC-C

200905xx

pending

Support expansion

support t/l

in progress

...

201002xx

complete

Security Policy to POLICY

support t/l, sysadm + policy group

to policy group

...

20090327

taken to DRAFT, some mods needed

Domain / email verification

Board Software

policy decision made

CPS

20081224

needs to implement new p20090105.1 domain/email decision

Root documentation

Board nrTF

incomplete

DRC-C

20090508

review of roots in visit #1 found lacks in documentation and protection

Test New Roots

Board nrTF

wip

DRC-C

20081129

testing of roots

Future, ongoing

Things that were either deliberately deferred in last Audit, or are routine and regular.

Task

Who

Status

Blocking

Since

Comment

Assurance Work Plan

Ulrich

basics in mini-TOP

future audits

20090517

mini-TOP in Munich laid out the basic problems that Assurance has to deal with over next year

Review of WoT Exceptions - OA, SuperA, TVerify, ...

authors

only blocking themselves

DRC-C

Some of these are being wound-down so may be scrapped by time Audit gets to them

Assurance Handbook

AO

wip

.

2006-06...

Needs to incorporate all from Assurance Policy (now DRAFT)

CN= for OAs

policy

decided

CPS

20060101

policy decision is that all info is verified; now need to fix CPS

Community Reports

CAcert Inc and/or Audit

wip

next milestone

20071226

Ongoing requirement from NLnet. Last from Audit was June 20090623

OrganisationAssurance review

board

deferred

.

20081003

resolve policy questions. Document practices, add verification. Do we need a OrganisationAssuranceManual?

OA root

nrTF

OAP

.

20081003

Create one Assured Organisation subroot.

Member root

nrTF

email/domain checking

.

200801xx

as per DRC. Create one Member subroot.

Webtrust criteria

Auditor

Deferred

Working on DRC only for now, although Board has requested a comment on switching. Also look at ETSI.


CategoryAudit

Audit/ToDo (last edited 2014-06-02 21:45:33 by BenediktHeintel)