CAcert Management Assertion

The board of CAcert Inc., on behalf of the entire CAcert Community, makes the following assertions:

CAcert is an open organisation run on behalf of a community of its members. All policies and practices are disclosed except where expressly mandated by security or privacy concerns (i.e.: passwords, etc...) and documented.

CAcert is running a certificate authority (CA) based on and conforming to the CAcert principles.

In order to achieve this CAcert does the following things:

• Assurance of Individuals (Web of Trust) according to the Assurance Policy (AP)
• Assurance of Organisations in accordance with the Organisation Assurance Policy (OAP)
• Training, Testing & Education of assurers using CATS
• Maintaining Secure Systems according to the Security Policy and the Security Manual (SM)
• Maintaining Member Privacy according to the CAcert Community Agreement (CCA)
• Issuance of Certificates in accordance with the Certificate Practice Statement (CPS)
• Limiting Liability of members and resolving disputes using Arbitration. In order to limit liability of members and resolve any disputes with CAcert and its members as well as provide third parties with a means of recourse a forum of arbitration is established.

To ensure compliance with these policies and this statement CAcert is committed to an audit process according to the David Ross Criteria (DRC) which intend to maintain the spirit and improve upon criteria such as Web-Trust® and others.