Am Dienstag, 31. Oktober 2017 10:21:47 UTC+1 schrieb Dimitris Zacharopoulos:
> It is not the first time this issue is brought up. While I have a very
> firm opinion that ETSI auditors under the ISO 17065 (focused on the
> quality of products/services) and ETSI EN 319 403 definitely check
>
For example, in all our audits for other standards, no “audit
period” is clearly documented in the report; time since previous
audit is always implied.
>>>
>>> Again, I don't believe that it is reasonable to assume that
>>> auditing/sampling has been done over the full year.
>>>
This is a long thread but the topic is very critical so I hope people
are patient enough to read through this long discussion.
On 1/11/2017 12:37 πμ, Ryan Sleevi wrote:
On Tue, Oct 31, 2017 at 5:29 PM, Dimitris Zacharopoulos via
dev-security-policy
On 10/31/17 2:57 PM, Dimitris Zacharopoulos wrote:
[NS]: If all ETSI reports delivered to Root Programs had clear
indication regarding the “audit period” and the type of the audit (i.e.
full), probably this discussion would not be raised at all?
Correct.
For example, in all our
On Tue, Oct 31, 2017 at 5:29 PM, Dimitris Zacharopoulos via
dev-security-policy wrote:
>
> I don't believe your statement is supported by the evidence - which is why
>> I'm pushing you to provide precise references. Consider from the
>> perspective as a
Thank you, Dimitris, for sharing input from your auditor.
> Long story short, as an accredited CAB, we _definitely_ must check
> historical data over the period since previous audit. This requirement
> is clearly included in Section 7.9 of ETSI EN 319 403
>
eriod-in-time") is answered in section 7.9 of ETSI EN 319 403.
Forwarded Message
Subject: RE: ETSI Audits Almost Always FAIL to list audit period
Date: Tue, 31 Oct 2017 15:33:31 +0200
From: Nikolaos Soumelidis <qms...@qmscert.com>
Organization: QCERT
T
On Tue, Oct 31, 2017 at 8:34 AM, Dimitris Zacharopoulos via
dev-security-policy wrote:
>
> Do you believe that the requirements stated in the policy are unclear? That
>> is, as Kathleen mentioned, the Mozilla policy states all the information
>> that must be
On 31/10/2017 1:37 μμ, Ryan Sleevi via dev-security-policy wrote:
On Tue, Oct 31, 2017 at 5:21 AM Dimitris Zacharopoulos via
dev-security-policy wrote:
It is not the first time this issue is brought up. While I have a very
firm opinion that ETSI auditors
On Tue, Oct 31, 2017 at 5:21 AM Dimitris Zacharopoulos via
dev-security-policy wrote:
>
> It is not the first time this issue is brought up. While I have a very
> firm opinion that ETSI auditors under the ISO 17065 (focused on the
> quality of
10 matches
Mail list logo