20180308 cabf acab'c_presentation_v2
•
0 likes•266 views
Report
Share
Download to read offline
News from the Council of Accredited Conformity Assessment Bodies (ACAB-c) on Harmonized audit attestation presented by Philipp Bouchet from ACABc Member LSTI France and Mattias Wiedenhorst ACABc Member TÜVIT
Recommended
More Related Content
Similar to 20180308 cabf acab'c_presentation_v2
Similar to 20180308 cabf acab'c_presentation_v2 (20)
Recently uploaded
Recently uploaded (20)
20180308 cabf acab'c_presentation_v2
- 1. News from the Council of Accredited Conformity Assessment Bodies (ACAB-c) – Harmonized audit attestation and other topics CA/B Forum Meeting – March 8th, 2018 Washington
- 2. 2 CA/B Forum Meeting – Washington March 8th, 2018 Voluntary Membership Accredited Conformity Assessment Bodies: Conformity assessment bodies (CABs) accredited by a EA or IAF member according to ISO/IEC 17065 + eIDAS Art. 3 No. 18 scope of accreditation in the area of electronic identification and trust services for electronic transactions Supporting Parties: Organization who are directly or indirectly affected by accredited CABs and their work: trust service provider (TSP), supervisory bodies (SB), European Standards Organizations (ESO), the CA/B-Forum and manufacturers of technical equipment used by TSP. ACAB’Council
- 3. 3 CA/B Forum Meeting – Washington March 8th, 2018 Council of ISO/IEC 17065 accredited CABs • Setup and maintain an ACAB’c “Code of Conduct” • Information exchange • Interpretation of standards • Communication to third parties • Publish a list of member CABs • Provide a recognition mark Main Objectives ACAB’Council
- 4. 4 CA/B Forum Meeting – Washington March 8th, 2018 February 8th, 2018 - Paris • New ACAB’c template for audit attestation letter approved • New member KPMG Switzerland • New member candidates APCER, ASIT, Datenschutz cert, TCAB • New Board approved Meetings ACAB’Council
- 5. 5 CA/B Forum Meeting – Washington March 8th, 2018 Philippe Bouchet – Chairman Matthias Wiedenhorst – Vice Chairman Armelle Trotin – General secretary Board ACAB’Council
- 6. 6 CA/B Forum Meeting – Washington March 8th, 2018 • First version introduced and agreed during Bilbao F2F meeting 2016 • Missing items (e.g. citation of the audited TSP policy documents) had since then been added independently by the different members • Some information was still felt to be “hidden” within the attestation • New version of the audit attestation template has been approved during Paris meeting Harmonized ETSI Audit Attestation
- 7. 7 CA/B Forum Meeting – Washington March 8th, 2018 Harmonized ETSI Audit Attestation Attestation Date & “Clean audit” statement CAB contact information
- 8. 8 CA/B Forum Meeting – Washington March 8th, 2018 Harmonized ETSI Audit Attestation Identification of CAB and TSP Identification of Root CA
- 9. 9 CA/B Forum Meeting – Washington March 8th, 2018 Harmonized ETSI Audit Attestation Audit type, Dates, Standards used CP / CPS documents covered
- 10. 10 CA/B Forum Meeting – Washington March 8th, 2018 Harmonized ETSI Audit Attestation Sub-CA Details
- 11. 11 CA/B Forum Meeting – Washington March 8th, 2018 • Separate Attestation for each Root CA • Required information are pointed out more explicitly • ACAB’c template is available and can be used right now • Was given as input to ETSI EN 319 403 template to harmonize form and content Harmonized ETSI Audit Attestation
- 12. 12 CA/B Forum Meeting – Washington March 8th, 2018 • Seeking for further input from consumers (e.g. ALV issues) in order to make attestations as comfortable as possible Harmonized ETSI Audit Attestation
- 13. 13 CA/B Forum Meeting – Washington March 8th, 2018 • Possibilities around ETSI Audit Attestation • No mandatory requirement, but CA’s could be encouraged to require attestations derived from one of the templates from their CAB • Attestation template to be amended to ETSI EN 319 403 could be made mandatory by CABF • ACAB’c attestation template could be made mandatory by CABF Harmonized ETSI Audit Attestation
- 14. 14 CA/B Forum Meeting – Washington March 8th, 2018 • No mandatory requirement, but CA’s could be encouraged to require attestations derived from one of the templates from their CAB • Pro • Flexibility for CA’s and CAB’s • Con • No mandatory template, root program operators will still have to deal with individual attestations Harmonized ETSI Audit Attestation
- 15. 15 CA/B Forum Meeting – Washington March 8th, 2018 • Attestation template to be amended to ETSI EN 319 403 could be made mandatory by CABF • Pro • Publically available to all CAB’s • Con • Publically available to all CAB’s, root store operators would have to check accreditation • Due to normative procedures, changes to the template would require a rather long time period (~ 1 year) Harmonized ETSI Audit Attestation
- 16. 16 CA/B Forum Meeting – Washington March 8th, 2018 • ACAB’c attestation template could be made mandatory by CABF • Pro • Fast adaption of the template in case of requested changes • Only available to ACAB’C members, hence only to duly accredited CAB’s • Con • Only available to ACAB’c members => CAB’s need to join ACAB’c Harmonized ETSI Audit Attestation
- 17. 17 CA/B Forum Meeting – Washington March 8th, 2018 • Topics that have popped up in real life • Not enough for a CA to say “The auditor must take care of everything.” • CA’s are responsible to request the correct audit from their auditor and to provide the required information for a correct audit attestation • Point-in-time vs. period of time • Date issues Other topics – CA’s & Auditors
- 18. 18 CA/B Forum Meeting – Washington March 8th, 2018 • Language of BR is unambiguous • Point-in-time before issuing the first PTC certificate • unbroken sequence of audit periods after that • In case the CA changes its auditor, the new auditor still has to perform a period-of-time audit • Point-in-time only if the CA is audited “for the first time…” • Not, if the CA is audited “for the first time by this auditor…” Point-in-time vs. Period-of-time
- 19. 19 CA/B Forum Meeting – Washington March 8th, 2018 • Audit dates • period during which the audit is performed • Audit period dates • period of time for which the operation of the CA is assessed • Audit attestation date • Date on which the audit attestation is issued Date issues
- 20. 20 CA/B Forum Meeting – Washington March 8th, 2018 • Should be obvious, but real life shows that it might be worth mentioning • Audit periods must not be longer than one year (“365 days”) • Audit periods may overlap, but there must not be uncovered days between two consecutive periods • End of the audit period must not be after end of the audit • Attestation date must not be before end of the audit Date issue
- 21. 21 CA/B Forum Meeting – Washington March 8th, 2018 Philippe Bouchet ACAB’c Chairman LSTI pbouchet@lsti.fr Matthias Wiedenhorst ACAB‘c Vice-Chairman TUV Informationstechnik GmbH TUV NORD GROUP m.wiedenhorst@tuvit.de
- 22. 22 CA/B Forum Meeting – Washington March 8th, 2018 The Accredited Conformity Assessment Bodies’ council 65, rue de Gergovie 75014 Paris – France Secretariat Armelle Trotin + 33 (0)6 08 67 51 44 secretary@acab-c.com For further information or in order to register, please contact us at: www.acab-c.com