CAcert Bookshelf


Table of Contents

CAcert.org Policy Manual
CAcert.org Organisation Assurance Policy
Preliminaries
Purpose
Roles
Organisation Assurance Officer
Organisation Assurer
Policies
Processes
Individuals
Partnerships
Companies
Exceptions
CAcert.org Organisation Assurance sub-policy for Europe
Preliminaties
Scope
Requirements
Appoved Registry
Organisation
Extract

CAcert.org Policy Manual

2008-09-16


CAcert.org Organisation Assurance Policy

Teus Hagen

CAcert, Inc.

2008-09-16


Preliminaries

This CAcert Policy extends the Assurance Policy ("AP") by specifying how Organisation Assurance ("OA") is to be conducted by an Organisation Assurer ("OrgAssurer") under the supervision of the Organisation Assurance Officer ("OAO").

This policy is not a Controlled Document, for purposes of Configuration Control Specification ("CCS").

Purpose

Organisation Assurance allows an Organisation to issue Certificate(s) using CAcert Public Key Infrastructure (“PKI”).

Roles

Organisation Assurance Officer

The Organisation Assurance Officer (“OAO”) is responsible for Organisation Assurance and reports to the Assurance Officer (“AO”) who in turn reports to the CAcert Board.

Responsibilities include:

  • Management of all Organisation Assurer(s)

  • Product management of the process (eg Application Form, interfaces, etc.)

  • Maintenance of Procedures and Guidelines

Organisation Assurer

The Organisation Assurer (“OrgAssurer”)...

Policies

Processes

Individuals

Partnerships

Companies

Exceptions

CAcert.org Organisation Assurance sub-policy for Europe

Teus Hagen

CAcert, Inc.

2008-09-16


Preliminaties

This CAcert sub-policy extends the Organisation Assurance Policy ("OAP") by specifying how Organisation Assurance ("OA") is to be conducted by the assigned Organisation Assurer ("OrgAssurer") under the supervision of the Organisation Assurance Officer ("OAO") for entities within the defined scope.

Scope

This sub-policy is applicable to:

  • Any Organisation registered in Europe with a pre-approved trade office registry ("Approved Registry")

Note

This follows the European style of Chambers of Commerce (e.g Chambers of Commerce in continental Europe, Companies House in the United Kingdom and Ministry of Justice, Finance, or Commerce in Eastern Europe)

Requirements

This section describes any sub-policy specific requirements that are not otherwise defined in the OAP.

Appoved Registry

An Approved Registry:

  • Must follow the general model of a Trade Office and is thus a formal authority for dealing with local trade matters

  • Must have an official mandate by law to register certain types of Organisation (eg sole traders, partnerships, companies, associations)

  • Must have a search facility service that provides reliable documentary Record of the registration of an Organisation

Organisation

An Organisation:

  • Must be registered with an Approved Registry with an “active” status or equivalent.

  • May have zero or more Registered Name(s) in addition to the name of the Legal Entity.

  • Must be a distinct Legal Entity (eg incorporated) OR the constituent Legal Entity(s) must be identified.

Note

A Legal Entity may have various legal statuses with different liabilities. The Organisation may not be capable of legally becoming a CAcert Member, independently and separately from the individuals within. The OrgAssurer must take care to identify which individuals are Members, and which are therefore the natural legal entities behind the names.

Extract

Extract(s) supplied by an Approved Registry:

  • Must be obtained by the OrgAssurer as:

    • Original paper Extract obtained independently from the Approved Registry by the OrgAssurer

    • Digital Extract obtained online from the Approved Registry by the OrgAssurer

    • Digital Extract with a valid, trusted Digital Signature obtained by any means

    • Historical supplemental Extract(s) where it can be shown that material changes have not been made (e.g., via absence of subsequent submissions in official document listings)

  • Must include at least the following information:

    • Full Name of the Legal Entity

    • Unique Identifier of the Legal Entity within the Approved Registry (and Type of Unique Identifier, eg “Company Number”)

    • Type of the Legal Entity (eg “Limited Liability Company”)

    • Location of the Legal Entity (which must fall within the Jurisdiction of the Approved Registry)

    • Representative(s) of the Organisation