Co-Audit Meeting 2015-01-31
On FOSDEM, Brussels, Belgium.
Participants: DirkAstrath, AlexanderBahlo, IanGrigg, MartinGummi, BenediktHeintel, MarcusMaengel, RobertOleski, UlrichSchröter, JoostSteijlen
Contents
Presentation of new form and procededure
- The new form consist of three parts: the assurer's acceptance for the audit, the assurees acceptance for the audit and the evaluation part for the co-auditor
- the form guides through the process
- the process has 5 steps
- get and record acceptance from the assurer to observe the assurance and add his data to the database
- get and record acceptance from the assuree to see his personal data
- observe and document the assurance of the assurer over the assuree
- (optional) educate the assurer with the help of the findings
- enter the observation to the database
- the form need to be kept until the year after that the assurance was audited and need to be securely disposed thereafter
Presentation of new web application
- the application has a public statistic with reduced information
- the private part is secured by a certificate login, that only accepts valid CAcert certificates with email addresses ending on @c.o
- the system is build that flexible to hold multiple different Co-Audit programs without the need of reprogramming
- access is only granted for the co-auditors, the auditors and the application admins. Information is protected by a flexible roles and rights system
- wrong audit entries ca n be changed in the first 48 hours by the Co-Auditor. After that time an auditor need to delete the entry for new input.