4 Factors to consider in choosing a CA

4.1.1 The following should be considered when choosing a CA from the list of S.E.E. accredited CAs.

• Financial stability (it is costly to switch CA)

• The Certificate Practice Statement (CPS) for the proposed CA, and any other proposed contractual documentation (contractual issues, and operational impact).

•  The formal comparison of the CA's CPS with the S.E.E. Key CP (this will highlight where the CA's operations differ from our ideal requirements)

• Commitment to third party audit (it is important that a CA's operations are of high quality and reflect their CPS)

• CRL and OCSP uptime (this directly impacts perceived application uptime for end-users)

• Process and turnaround for S.E.E. Key issuing, and replacement (affects ability for internal operations to service internal user base)

• Service levels of technical helpdesk (support for internal IT operations)

• Costs of S.E.E. Key issuance, renewal, replacement, revocation, and any initial agency registration charge.

• Billing systems, e.g. ability to invoice specifying internal cost centres, or using e-Procurement.

• Reporting systems, e.g. ability to report on certificates issued to agency ordered by expiry date.

• Availability of online directory for access to digital certificates (useful for troubleshooting, and for applications requiring encryption to individuals).

• Other system integration, e.g. Windows 2000 smart card logon support, remote access systems, ability to PKI-enable legacy applications.

• Reference sites, preferably including a site with experience of a certificate renewal process and tokens.

• Private keys stored in New Zealand

• Financial cover / Liability insurance associated with certificate