Role of this document

The real current full policy is at Organisation Assurance Policy. This page is for rethinks, discussion, etc as to changes to OAP. This wiki page is not policy.

Criticisms of OAP

Recently, some criticisms in Organisation Assurance Policy have emerged, leading to a rethink and a need for a make-over of OAP. Here are the bugs (from Audit/CommunityReport20081007 2.4):

  1. the verification of the commonName needs to be documented according to (new) policy group decision that all information is to be verified.
    1. how is this done?
    2. how does the Org know what is ok and what is not?
  2. the relative responsibilities need to be laid out in the OAP:
    1. Organisation Assurer,
    2. O-Admin,
    3. Organisation, and
    4. the individuals inside the organisation.
  3. it has been suggested that a feature of automatic certificate populating is in place. These needs to be documented and tied into the various policy statements: verification, keys security, etc.
  4. the procedure for doing the OA needs to be documented, in much the same way as the the Assurer's Handbook does it for Individual Assurance. The OrganisationAssuranceManual may be a good starting point for that.

    1. how are the OAs trained?
  5. there probably needs to be a document for the Org itself
    • its own manual as opposed to the mamnual for OAs.

Specifically, Audit is proceeding on the basis that OAP will not be part of the current cycle.

CategoryDeprecated CategoryOrganisationAssurance