6 Managing a list of accredited CAs

6.1.1 The SSC E-government unit will need to work with CAs to have themselves accredited, ensure CA operations are audited, and manage changes to our requirements.

6.1.2 The introduction of new CAs will also impact the owners of inter-agency applications, who will need to test the CA's proposed certificates with their systems.

6.1.3 It is possible that many CAs or potential CAs will approach the e-government unit to be accredited for use. Management of the accreditation process and audit may have to be outsourced, as it could seriously drain e-government unit resources, and for the most part these are specialised activities best carried out by specialist non-government agencies.

6.1.4 New Zealand government agencies wishing to run their own CA will also need to go through the same process.

6.1.5 The e-government unit will need to have the power to remove a CA from the list of accredited suppliers due to non-compliance with government standards.

6.1.6 Accreditation requirements may change over time, and the e-government unit will need to be able to require CAs to have themselves re-accredited.

6.1.7 Note that if for any reason a CA should no longer be used within government, replacement of all certificates issued by the CA could be a huge burden on government.

6.1.8 Accreditation will require a contractual relationship between the CA and the e-government unit.

6.1.9 Through these activities the e-government unit will be acting on behalf of other New Zealand government agencies. At times the unit may need to make decisions without significant consultation.