Re: Verifying Auditor Qualifications

Wed, 26 Aug 2020 11:55:30 -0700 

On 6/3/20 4:20 PM, Kathleen Wilson wrote:
It recently came to my attention that I need to be more diligent in verifying auditor qualifications. <snip> 
https://wiki.mozilla.org/CA/Audit_Statements#Auditor_Qualifications


All,


While re-verifying auditor qualifications I have run into the following 
situation, that I will appreciate your opinions on.



https://wiki.mozilla.org/CA/Audit_Statements#Standard_Check


>> Check 1:  The NAB is listed as “full member” under 
https://european-accreditation.org/ea-members/directory-of-ea-members-and-mla-signatories/


The NAB, Accredia (https://www.accredia.it/) is listed as a "Full Member".



>> Check 2:  The accreditation documentation was issued by that NAB and 
is hosted on the NAB's website


The accreditation documentation on the NAB's website for a few CABs:


QMSCERT: 
http://services.accredia.it/ppsearch/accredia_orgmask.jsp?ID_LINK=1733&area=310&PPSEARCH_ORG_SEARCH_MASK_ORG=3761



Bureau Veritas Italia: 
http://services.accredia.it/ppsearch/accredia_orgmask.jsp?ID_LINK=1733&area=310&PPSEARCH_ORG_SEARCH_MASK_ORG=0663



CSQA: 
http://services.accredia.it/ppsearch/accredia_orgmask.jsp?ID_LINK=1733&area=310&PPSEARCH_ORG_SEARCH_MASK_ORG=0010




>> Check 3: The CABs accreditation documentation explicitly refers to 
all of the following: <ETSI EN 319 403, ETSI EN 319 401, ETSI EN 319 
411-1, and ETSI EN 319 411-2>



This is where I'm running into difficulty. The NAB's accreditation 
documentation does not explicitly state that the CAB is certified to 
audit against those ETSI EN standards.



For each of the CABs listed above, an Allegato (for UNI CEI EN/ISO/IEC 
17065:2012) can be downloaded that says: "TSP (Trust Service Provider) 
and the services they offer compared with (EU Regulation) 910/2014 and / 
or specific provisions adopted by the national authorities for the 
services covered by the Accreditation Scheme."



Which apparently refers to the the following documents that list the 
ETSI EN standards:
Italian: 
https://www.accredia.it/app/uploads/2020/03/Circolare_tecnica_DC_05-2020.pdf
English: 
https://www.accredia.it/app/uploads/2017/03/7015_DC2017SSV046eng.pdf

https://www.accredia.it/documento/circolare-dc-n-82017-informativa-in-merito-allaccreditamento-degli-organismi-di-certificazione-operanti-a-fronte-dei-requisiti-del-regolamento-ue-2014_910-eidas-e-della-norma-etsi-en-319_4/



Is that sufficient evidence that the CAB is certified by the NAB to 
audit according to the ETSI EN 319 403, ETSI EN 319 401, ETSI EN 319 
411-1, and ETSI EN 319 411-2 standards?


Thanks,
Kathleen






_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
























					Reply via email to