[cabfpub] Definition of Audit Period

Gervase Markham gerv at mozilla.org
Fri Mar 17 12:50:20 UTC 2017


Hi Jeff,

On 15/03/17 18:22, Jeff Ward via Public wrote:
> Don Sheehy and I worked up the following definition for “Audit Period”
> with a copy attached in Word for your reference.  Please let us know if
> you have any questions.

Thank you for preparing this. It is a useful explanation of audit
practice; however, one snag is that definitions in the BRs are normally
a single paragraph, and this is four long paragraphs. :-)

I think the goal here is to avoid a problem we have seen in several CAs,
where they assume the "audit period" is the "audit fieldwork period",
when it is not. So a definition which busts that myth is most important
to us.

Might we get away with something like the following, which is based on
the ideas in your text:

Audit Period: During a period-of-time audit, the period between the
first day and the last day of operations considered by the auditors in
their engagement. (This is not the same as the period of time when the
auditors are on-site at the CA.) Audit periods are required to be
continuous from audit to audit, and of maximum length 1 year.

?

Gerv



More information about the Public mailing list