[cabfpub] Fwd: question on 17.9 of baseline

Ben Wilson ben at digicert.com
Tue Jan 21 20:08:17 UTC 2014 

See question below:

-------- Original message --------
From: "Sheehy, Don (CA - Toronto)" <dosheehy at deloitte.ca> 
Date: 01/21/2014  11:42 AM  (GMT-07:00) 
To: ben at digicert.com 
Subject: question on 17.9 of baseline 
 
 
 
Can you pose this to the forum
 
“17.9 Regular    Quality  Assessment       of       Technically      Constrained     Subordinate     CAs    
During the period in which a Technically Constrained Subordinate CA issues Certificates, the CA which signed the
Subordinate CA SHALL monitor adherence to the CA’s Certificate Policy and the Subordinate CA’s Certification
Practice Statement. On at least a quarterly basis, against a randomly selected sample of the greater of one certificate
or at least three percent of the Certificates issued by the Subordinate CA, during the period commencing
immediately after the previous audit sample was taken, the CA shall ensure all applicable Baseline Requirements are
met.
 
Has the Forum established how they will get evidence that the population the subordinate says have issued is accurate to choose the 3%
What specifically will be checked since the cert is technically constrained ? – ie what are the applicable baseline Requirements that will be tested ( this sould be agreed for consistency)
The evidence for the 3% checking will then need to be kept for the auditors for the baseline audit.
 
 
Thanks
 
Don
 
 
 
Donald E. Sheehy, CPA, CA, CISA, CRISC, CIPP/C
Partner | Enterprise Risk
Deloitte 
30 Wellington St Wt, PO Box 400, Stn Commerce Crt, Toronto, ON M5L 1B1
Direct: 416-601-5863 | Main: 416-601-6500
Fax: 416-601-6400 | Mobile: 416-301-2350
dosheehy at deloitte.ca | www.deloitte.ca
 
Deloitte is proud to be an Official Supplier 
of the Canadian Olympic team 
 
Please consider the environment before printing.
 
 
 
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system. Thank you. 
Information confidentielle: Le présent message, ainsi que tout fichier qui y est joint, est envoyé à l'intention exclusive de son ou de ses destinataires; il est de nature confidentielle et peut constituer une information privilégiée. Nous avertissons toute personne autre que le destinataire prévu que tout examen, réacheminement, impression, copie, distribution ou autre utilisation de ce message et de tout fichier qui y est joint est strictement interdit. Si vous n'êtes pas le destinataire prévu, veuillez en aviser immédiatement l'expéditeur par retour de courriel et supprimer ce message et tout document joint de votre système. Merci.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140121/881fb562/attachment-0002.html>

More information about the Public mailing list