On Tue, Apr 05, 2022 at 09:19:08AM -0700, Kathleen Wilson wrote: > The problem that we ran into over the past year is that there can be > business or other reasons that impact when a company like CPA Canada will > enter into agreements (or end agreements) with other companies. So, while > our desire is to require auditors to be either members of ACAB'c or listed > on the CPA Canada website, there may be business reasons not related to > CAs/PKI for which such relationships cannot be established or continued. We > also learned over the past year that an auditor can be removed from such > membership/list after they have already started or even finished the audit > of the CA for that year, even when that auditor has been on the list for > several previous years and has not done anything to warrant being removed. > > Maybe we can replace the "SHOULD" with "MUST (unless written permission is > granted by Mozilla)"... > > I'm not a fan of that type of wording, but at least it would be stronger > than the "SHOULD", and would still enable us to handle certain situations > that we have been running into without having to grant exceptions to > written policy. > > I would also prefer to say "prior written permission", but we ran into > situations in which the audits and audit statements had already been > completed before the auditor was removed from the membership/list (to no > fault of their own). [snip]
All this sound awfully nontransparent. Can I hear more about those "other reasons" where auditors were delisted? Is this related to (I'm just guessing) data protection? conflicting regulatory requirements? international santions? How can I get a list of audits (and/or auditors) where those written permissions have been granted? -- pozdrawiam / best regards Wojtek Porczyk -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/YkyT2A7K/KO1x%2BHR%40invisiblethingslab.com.
signature.asc
Description: PGP signature
