## page was renamed from Brain-Policy/Tasks
## page was renamed from Brain/PoliciesAndSignificantTechnicalStandards/PolicyDRAFT
## this page was redirected to Brain/PoliciesAndSignificantTechnicalStandards/PoliciesDRAFT .  Bugger.

== Intro ==

This is the work page for policies or policy proposals that should get the attention of the Policy Group.  It is part of the overall [[Policy]] area.

=== Organisation of Documents ===

Approved policies are at [[http://www.cacert.org/policy/|the main website]].  

See [[Policy/Guide|Editor's Guide to Good Policies]] for more info on where other documents are, and [[https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html|Controlled Document List]] for what documents are on ''the policy track''.  Other documents are typically labelled something else, such as ''Practice'' or ''Manual'', to distinguish from PoP documents.  Most of these are created by a parent policy, such as the [[AssuranceHandbook2]] and the [[SecurityManual]].

== Priorities for Policy Group ==

 1. Update Policy on Policies [[http://www.cacert.org/policy/PolicyOnPolicy.php|PoP]] (COD1)
 1. Review appeal process in Dispute Resolution Policy [[www.cacert.org/policy/DisputeResolutionPolicy.html|DRP]] (COD7) - required by Arbitration ruling - addressed, did not come near to a consensus, no change to the DRP
 1. Add some kind of privacy policy for the website - required by EU law, because our servers are running there

The priority for the following tasks has to be decided:
 1. Review Assurance Policy [[www.cacert.org/policy/AssurancePolicy.html|AP]] (COD13)
 1. Overwork Dispute Resolution Policy [[www.cacert.org/policy/DisputeResolutionPolicy.html|DRP]] (COD7)
 1. Organisation Assurance
   * reveiw current subsidiary policies
   * add further subsidiary policies
 1. Assurance Policy subsidiary policies:
   * Legacy Points Policy -- an anticipated policy to clarify the status of old pre-AP points.
   * Nucleus project
 1. Review [[www.cacert.org/policy/CertificationPracticeStatement.html|CPS]] (COD6)

As well as pure policy work, there are also process tasks:
 1. Update Policy part of the wiki
 1. Move policies away from software controlled area on the website - if PoP allows this

== other Policies in need for a review ==

'''SP''' [[http://www.cacert.org/policy/SecurityPolicy.html|Security Policy]] is the document that controls all security processes.
   * E.g., hardware, software, logging and root keys.
   * [[SecurityManual|Security Manual]] is now the "practices manual" that remains under the detailed control of the team leaders, and documents the detail of how they meet SecurityPolicy.
   * SecurityManual authorises many Procedures which can be found by searching for Cetegory / Procedures (see the SM).

'''RDL''' or [[https://svn.cacert.org/CAcert/Policies/Agreements/RootDistributionLicense.html|Root Distribution License]] There are some concerns about how the modification feature can be abused and whether we want to tighten that up.  We also need a FAQ and a review of CCA.  [[Policy/RootDistributionLicense|RDL action page]].

'''PP''' [[http://www.cacert.org/policy/PrivacyPolicy.html|Privacy Policy]] (COD5)  As a policy, it was ''approved in principle'' by the CAcert Inc. Association Board before the PoP regime came into being.  It is therefore in a special status which only approximates the current regime, and can be considered to be grandfathered in place.

'''CCS''' [[http://www.cacert.org/policy/ConfigurationControlSpecification.html|Configuration Control Specification]] (COD2) 'specifies what documents and processes are "controlled" for audit criteria purposes.

'''OAP''' [[http://www.cacert.org/policy/OrganisationAssurancePolicy.php|]] is in full 
  * The OAP is now up for review, according to [[PolicyDrafts/OrganisationAssurance]], as the OA area has exposed many weaknesses.

'''PoJAM''':  A subpol for Juniors:
 * [[PolicyDrafts/PolicyOnJuniorAssurersMembers2]] was version 2,  [[PolicyDrafts/PolicyOnJuniorAssurersMembers]] was version 1.

'''TTP-Assist''': Using TTPs to assist our Senior Assurers to complete their assurances remotely:
 * [[http://www.cacert.org/policy/TTPAssistedAssurancePolicy.html|TTP-assisted Assurance Policy]] is now in '''DRAFT'''.
 * [[PolicyDrafts/TTPAssurerCheck|TTP Assurance Policy]] collects some old notes.  Should deprecate and/or rewrite and/or rename.
 * [[https://svn.cacert.org/CAcert/Policies/RemoteAssurancePolicy.html|Remote Assurance Policy]] wip for some variation, now overtaken by TTP-Assist.
 * Also see [[https://svn.cacert.org/CAcert/Policies/RemoteVerificationPolicy.html|Remote Verification Policy]] wip for another variation, now overtaken by TTP-Assist.

=== Organisation Assurance Sub-Policies in DRAFT ===
Organisation Assurance Policy authorises the creation of sub-policies to describe different circumstances.

 Europe:: [[http://www.cacert.org/policy/OrganisationAssurancePolicy_Europe.html |Sub Policy Organisation Europe]] - COD11EU covers European-style Registries.
   * Note that this overlaps with some of the below, and they remain in force?  Or are replaced?.
   * OAP specifically permits overlap.
 Germany:: [[http://www.cacert.org/policy/OrganisationAssurancePolicy_Germany.html |Sub Policy Organisation Germany]] - COD11DE states the information for Organisation Assurances for Germany.
   * The Organisation Application (COAP form Germany) is available in [[http://svn.cacert.org/CAcert/Forms/COAP_DE.pdf|PDF]] and [[http://svn.cacert.org/CAcert/Forms/COAP_DE.odt|Open Office]] format.
 Australia:: [[http://www.cacert.org/policy/OrganisationAssurancePolicy_Australia.html |Sub Policy Organisation Australia]] - COD11AU states the information for Organisation Assurances for Australia.
   * The Organisation Application (COAP form Australia) is available in [[http://svn.cacert.org/CAcert/Forms/CAcertOrganisationAssuranceForm.pdf|PDF]] and [[http://svn.cacert.org/CAcert/Forms/CAcertOrganisationAssuranceForm.odt|Open Office]] format.
 Ireland:: [[http://svn.cacert.org/CAcert/Policies/OrganisationAssurancePolicy/OrganisationAssuranceSubPolicyIreland.html|Sub Policy Organisation Ireland]] - COD11EI states the information for Organisation Assurances for Australia. This policy draft has been voted for draft on 29nd of April 2008 on Policy Email list to DRAFT status.

Following may have been replaced by Europe subsidiary policy.

  Holland:: [[http://svn.cacert.org/CAcert/Policies/OrganisationAssurancePolicy/OrganisationAssuranceSubPolicyNetherlands.html|Sub Policy Organisation Holland]] - COD11NL states the information for Organisation Assurances for the Netherlands. This policy draft has been voted for draft on 18th of September 2007 on the TOP meeting and 22nd of October 2007 on Policy Email list to DRAFT status.
    * The Organisation Application (COAP form NL) is available in [[http://svn.cacert.org/CAcert/Forms/COAP_NL.pdf|PDF]] and [[http://svn.cacert.org/CAcert/Forms/COAP_NL.odt|Open Office]] format.
  Austria:: [[http://svn.cacert.org/CAcert/Policies/OrganisationAssurancePolicy/OrganisationAssurance-SubPolAustria.html|Sub Policy Organisation Austria]] - COD11AT states the information for Organisation Assurances for Austria. This policy draft has been voted for draft on 8th of March 2008 on Policy Email list to DRAFT status.
    * The Organisation Application (COAP form Austria) is available in [[http://svn.cacert.org/CAcert/Forms/COAP_DE.pdf|PDF]] and [[http://svn.cacert.org/CAcert/Forms/COAP_DE.odt|Open Office]] format.
    * The Organisation Application (general English COAP form, a template example) is available in [[http://svn.cacert.org/CAcert/Forms/Samples/COAP_EN_AU_Company.pdf|PDF]].

 
== WIP - Work in Progress - Policies ==

All of these are 'open for comments' and need work.  They are all intended for ''POLICY'' track.

 * [[http://svn.cacert.org/CAcert/Policies/OrganisationAssurancePolicy/|subsidiary policies]] for Organisation Assurance:
  . Norway:: has been [[http://svn.cacert.org/CAcert/Policies/OrganisationAssurancePolicy/OrganisationAssuranceSubPolicyNorway.html|requested]].
  . United Kingdom:: has been [[http://svn.cacert.org/CAcert/Policies/OrganisationAssurancePolicy/OrganisationAssuranceSubPolicyUnitedKingdom.html|requested]].
  . Swiss:: has been requested.  Some old notes may be in [[PolicyDrafts/SwissOASubPol]].


 * [[Nucleus]] (WIP)
 * [[PolicyDrafts/CodesigningAssurancePolicy|Code-signing Assurance Policy]] is being worked on.  However, the CPS says that only Assurers can have Code-signing, so at least it has a workaround while the subsidiary policy is worked on.

== Miscellaneous ==

=== referenced (policy) documents ===
(this needs some work...)
 * [[http://svn.cacert.org/CAcert/principles.html|Principles of the Community]]
   * As a Member of the CAcert Community one is further obliged to work within the spirit of the Principles of the Community.
   * This document is incorporated by referenced in CCA, so it takes on a sense of an important but not fiercely controlled document.

=== Not on the Policy Group task list... ===

 * Definition of a Senior Assurer:
   * This question is now stabilised in the [[AssuranceHandbook2#What_is_a_Senior_Assurer.3F|Assurance Handbook's definition]].
   * [[https://svn.cacert.org/CAcert/Assurance/SeniorAssurer.html|Senior Assurer]] - an old trial definition and process for designating Assurers who are a more active part of the community, and more experienced.
   * Additional documents, with stricter/lesser Senior Assurer definitions, that contributed to our current definition can be found in the Minutes of the [[https://svn.cacert.org/CAcert/Assurance/Minutes/20090517MiniTOP.html|Assurance MiniTOP - Munich 20090517]] and [[https://svn.cacert.org/CAcert/Assurance/Minutes/20100206BrusselsMiniTOP.html|MiniTOP Assurance - Brussels 20100206]].
 * [[https://svn.cacert.org/CAcert/Assurance/Minutes/20100206BrusselsMiniTOP.html#co-audit|Co-Auditor]] - a definition and process for Assurers to help in the "Audit over Assurance" program to collect the evidence for an Auditor.
 * ''policy on funding'' - rules and guidelines for managing funds, donations, expenses.  Is this a policy, or an executive document?  No, it is an Exec practice for the Board to deal with.  Not really policy.
 * [[http://svn.cacert.org/CAcert/PolicyOnFoundations.html|Policy on Foundations]] This is really an Executive / Board practices document on "How to create and structure a supporting Foundation."
 * PolicyDrafts/DigitalSigning and DigitalSignature - Notes on Design and Policy (ideas) to make Digital Signing work
   * This is unlikely to go Policy track.
   * Also see [[CARS]].
 * [[https://svn.cacert.org/CAcert/Policies/PolicyOnGovernance.html|Governance]] is [[PhilippDunkel]]'s exercise explaining the Governance lay out of the Community.  It is currently more descriptive.  If it were to be a policy, it might end up being a Constitution.

''These above were all at one time considered questions for policy group.''

=== Translations ===

Once a policy has reached a certain stability, the Community may desire to translate it.  However note that the English version remains the policy.  It is undefined how these translations are delivered, and Members will need to rely on the English version.

  * [[Brain/Study/Translations/CCA| CCA Translations]]
  * [[Brain/Study/Translations/PoJAM| PoJAM Translations]]

<<BR>>

None of these are as yet identified and started on the policy track.


----
 . CategoryAudit
 . CategoryPolicy