Re: Verifying Auditor Qualifications

Tue, 01 Sep 2020 11:47:57 -0700 

On 8/31/20 11:07 AM, Kathleen Wilson wrote:

On 8/28/20 3:59 PM, Kathleen Wilson wrote:

On 8/26/20 1:41 PM, Kathleen Wilson wrote:
The 5 CABs that I haven't been able to complete the Standard Check for are: 

- Bureau Veritas Italia S.p.A. - NAB is Accredia
- CSQA - NAB is Accredia
- KIWA - NAB is Accredia
- QMSCERT - NAB is Accredia
- QSCert - NAB is CAI




Update:  I received email from Accredia declaring the ETSI EN 
standards that the KIWA CAB is accredited for. I think it is 
reasonable to accept that for this auditor's re-verification. And I 
have asked that KIWA request Accredia to provide this information 
directly on their website for future reference.



Updates:


1) I received email from Accredia declaring the ETSI EN standards that 
the QMSCERT CAB is accredited for, and I will accept that for now.



2) The email from Accredia also said "We are working to provide this 
information directly on our website for future references."



3) 
https://ec.europa.eu/futurium/en/content/list-conformity-assessment-bodies-cabs-accredited-against-requirements-eidas-regulation 
was updated to provide the updated 
list_of_eidas_accredited_cabs-2020-08-28.pdf



Note: The 
https://ec.europa.eu/futurium/en/content/list-conformity-assessment-bodies-cabs-accredited-against-requirements-eidas-regulation 
site says:

    "Please note that the list is an informative tool."

So, the list_of_eidas_accredited_cabs-2020-08-28.pdf is not in itself 
sufficient proof of a CAB's qualifications. It is very helpful in making 
it easy to find the NAB and CAB accreditation information, but we must 
still check the NAB and CAB accreditation information and make sure the 
CAB accreditation document lists the ETSI EN 319 403, ETSI EN 319 401, 
ETSI EN 319 411-1, and ETSI EN 319 411-2 standards as per

https://wiki.mozilla.org/CA/Audit_Statements#Standard_Check

Thanks to all of you who have been helping with this!

Kathleen




Update: I received email from Accredia declaring the ETSI EN standards 
that the Bureau Veritas Italia S.p.A. and CSQA CABs are accredited for, 
and I will accept those for now.



So the remaining CAB that I still need to verify is QSCert, and I filed 
the following bug for it:


https://bugzilla.mozilla.org/show_bug.cgi?id=1662533

Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
























					Reply via email to