Re: ETSI Audits Almost Always FAIL to list audit period

Am Dienstag, 31. Oktober 2017 10:21:47 UTC+1 schrieb Dimitris Zacharopoulos: > It is not the first time this issue is brought up. While I have a very > firm opinion that ETSI auditors under the ISO 17065 (focused on the > quality of products/services) and ETSI EN 319 403 definitely check >

RE: ETSI Audits Almost Always FAIL to list audit period

For example, in all our audits for other standards, no “audit period” is clearly documented in the report; time since previous audit is always implied. >>> >>> Again, I don't believe that it is reasonable to assume that >>> auditing/sampling has been done over the full year. >>>

Re: ETSI Audits Almost Always FAIL to list audit period

This is a long thread but the topic is very critical so I hope people are patient enough to read through this long discussion. On 1/11/2017 12:37 πμ, Ryan Sleevi wrote: On Tue, Oct 31, 2017 at 5:29 PM, Dimitris Zacharopoulos via dev-security-policy

Re: ETSI Audits Almost Always FAIL to list audit period

On 10/31/17 2:57 PM, Dimitris Zacharopoulos wrote: [NS]: If all ETSI reports delivered to Root Programs had clear indication regarding the “audit period” and the type of the audit (i.e. full), probably this discussion would not be raised at all? Correct. For example, in all our

Re: ETSI Audits Almost Always FAIL to list audit period

On Tue, Oct 31, 2017 at 5:29 PM, Dimitris Zacharopoulos via dev-security-policy wrote: > > I don't believe your statement is supported by the evidence - which is why >> I'm pushing you to provide precise references. Consider from the >> perspective as a

Re: ETSI Audits Almost Always FAIL to list audit period

Thank you, Dimitris, for sharing input from your auditor. > Long story short, as an accredited CAB, we _definitely_ must check > historical data over the period since previous audit. This requirement > is clearly included in Section 7.9 of ETSI EN 319 403 >

Re: ETSI Audits Almost Always FAIL to list audit period

eriod-in-time") is answered in section 7.9 of ETSI EN 319 403. Forwarded Message Subject: RE: ETSI Audits Almost Always FAIL to list audit period Date: Tue, 31 Oct 2017 15:33:31 +0200 From: Nikolaos Soumelidis <qms...@qmscert.com> Organization: QCERT T

Re: ETSI Audits Almost Always FAIL to list audit period

On Tue, Oct 31, 2017 at 8:34 AM, Dimitris Zacharopoulos via dev-security-policy wrote: > > Do you believe that the requirements stated in the policy are unclear? That >> is, as Kathleen mentioned, the Mozilla policy states all the information >> that must be

Re: ETSI Audits Almost Always FAIL to list audit period

On 31/10/2017 1:37 μμ, Ryan Sleevi via dev-security-policy wrote: On Tue, Oct 31, 2017 at 5:21 AM Dimitris Zacharopoulos via dev-security-policy wrote: It is not the first time this issue is brought up. While I have a very firm opinion that ETSI auditors

Re: ETSI Audits Almost Always FAIL to list audit period

On Tue, Oct 31, 2017 at 5:21 AM Dimitris Zacharopoulos via dev-security-policy wrote: > > It is not the first time this issue is brought up. While I have a very > firm opinion that ETSI auditors under the ISO 17065 (focused on the > quality of