CAcert RA-Audit Program
Introduction
CAcert's RA-Audit Program is an internal audit function with the goal to check the CAcert's registration authority's (RA) compliance to internal rules and regulations. The RA is a basic organisation within CAcert. It is build by CAcerts Assurers and therefore decentralised and distributed all over the world.
The RA-Audit team consisting of senior Assurers monitors the execution of the Assurance Policy during assurances take place between an assurer and an assurer. The RA-Auditors at as passive observers during the process and take notes on what they see. The collected evidence is digitalised into a central database.
History
The RA-Audit Program was established in 2009 by CAcert's internal Auditor at the ATE Spring tour 2009 with the name "Co-Audit" and updated in 2010 under the supervision of CAcert's Assurance Officer.
In 2015 a new system was introduced to make the RA-Auditors more passive observers. Also a new web-based system WS introduced to store the records and calculate statistics. Since the renewal in 2015, the RA-Auditors work as an Audit subteam under the supervision of the internal Auditor.
Current KPI
A Key performance indicator (KPI) is defined for the RA-Audit program: 2% of yearly assurance should be audited.
References
Meetings
2010-02-06 Assurance MiniTOP, Brussels, BE
2015-01-15 on FOSDEM 2015, Brussels, BE