On 12/7/2015 10:24 AM, Peter Bowen wrote: > The current CA policy does not specify when audit reports are due to > Mozilla relative to the end date of the audit period. It only says > that CAs much provide the reports to Mozilla within 30 days of > receiving the report from their auditor. > > For the next version of the CA policy, I suggest that this be > remedied. I propose the following revised requirements: > > - All audit reports must clearly state whether they are for a period > of time or point in time. > - All audit reports that cover a period of time must list the start > date and end date of the period > - All audit reports that are for a point in time must list the point > in time date > - All audit reports must separately include the date the report was > issued (which will necessarily be after the end date or point in time > date) > - All audit reports must be provided to Mozilla within three months of > the point in time date or the end date of the period > > I think that all of these are reasonable and help to ensure that > compliance is appropriately monitored. > > Thanks, > Peter >
I was on the board of education for a public school district. State law requires school districts to have annual audits. The audits for our district covered the July-to-June fiscal year. The reports were received generally in November or December (5 to 6 months after the period audited). In the USA, individual tax returns for income received during a calendar year are not due until 15 April, 4.5 months after the end of the taxed year. I think > within three months of the point in time date or the end date of > the period does not give the certification authority sufficient time to provide an audit report to Mozilla. -- David E. Ross The Crimea is Putin's Sudetenland. The Ukraine will be Putin's Czechoslovakia. See <http://www.rossde.com/editorials/edtl_PutinUkraine.html>. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy

