Audit Criteria Management Package
Currently there is some PHP glue code that runs as a browser of criteria. Blech.
We could do better with a package. Meanwhile here are some requirements.
- Search.
- ability to add
- auditor comments
- auditor verification statements, per criteria
- community comments
- including responsibility marks
- community member verification statements, per criteria
- including client-signed attestation
- view templates
- add and drop comments, statements, etc
- relationship columns from drc to webtrust, etc
- horizontal reports
- "blocked by" top 10.
- ability to extract URLs for saving and sharing
Criteria
Although the DRC advance the state of the art dramatically, there are some potential flaws.
- no criteria on
- architecture,
- security model, threat model?
- business model?
- no criteria on competence
- cryptography, x.509, certs, PKI, OpenPGP, etc
- software, implementation
- law, contracts, liability, insurance, risks
- general business
- policy and management
- disputes
- need a criteria that discusses jurisdiction and relying parties + subscribers
- should specify that an RPA is needed
- need a criteria on the process for filing a dispute
- could be a postal delivery of mail
- or physical service
- or net service
- hmmm, A.3.b probably covers this.
- need a criteria that discusses jurisdiction and relying parties + subscribers
Any of these things could be a bug or a bonus.
CrowdIt
[2010-10-06] Current modified DRP browser is named CrowdIt