6 How will accreditation be done?

6.1.1 The S.E.E. Key CP (paper 9) defines most of our requirements for a Certification Authority.

6.1.2 The CA will be given an outline of what will be required of them. This is attached as Appendix A.

6.1.3 The CA will compare their CPS with our CP in affect providing a self-assessment. An example of what this might look like is attached as Appendix B.

6.1.4 The CA will provide a copy of their current audited annual report.

6.1.5 The CA will provide access to any accreditation certificates or audit reports to demonstrate their commitment to third party audit

6.1.6 The CA will provide S.E.E. Application owners relying on the S.E.E. PKI the opportunity to test the CA's certificates with their application.

6.1.7 The accreditation process is likely to be an iterative process in constant consultation with the CA. For example, we may see very quickly that a CA's offering cannot meet some broad requirements, and these should be discussed with the CA immediately to determine how to resolve the matter.

6.2 Recognition of other accreditation schemes

6.2.1 We will accept most existing accreditation schemes like WebTrust for CAs, Identrus, Gatekeeper, and tScheme as satisfactory evidence of audit.

6.2.2 The CA will still need to follow the normal accreditation process including confirming compliance with our Certificate Policy.

6.3 Acceptable auditors

6.3.1 We will need to ensure that audits have been conducted by an auditor that we judge to be competent, and that audits are recent enough to be indicative of the CA's current operations. At this stage we believe we should consider auditors credentials on a case-by-case basis.