© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community.

Slides:



Advertisements
Similar presentations
WHO, WHAT, HOW Your Internal Audit Team …by your side. …at your service. …in your best interests.
Advertisements

DIGNITY THROUGH ACTION WORKSHOP
CIP Cyber Security – Security Management Controls
You can type your own categories and points values in this game board. Type your questions and answers in the slides we’ve provided. When you’re in slide.
Purpose of the Standards
Control environment and control activities. Day II Session III and IV.
Workforce Engagement Survey Engaging the workforce in simple and effective action planning.
University of Sunderland CIFM03Lecture 3 1 QMS / Standards CIFM03 Lecture 3.
Unit 2: Managing the development of self and others Life Science and Chemical Science Professionals Higher Apprenticeships Unit 2 Managing the development.
Thinking Actively in a Social Context T A S C.
Test Organization and Management
1 How to Recruit, Organize, and Retain Volunteers Breakout Session # 1&2, 4&5 Jack Bishop, CPCM, Mentor, Rio Grande Chapter How to Recruit, Organize, and.
HPN/HCS Update Mandy Fallon HCA Education and Research.
New international standard on complaints handling Bill Dee SOCAP International Symposium Melbourne 2004.
Recruit, Train, and Educate Airmen to Deliver Airpower for America How Focus Groups Can Help Your Unit 1.
M I N I S T R Y O F I N D U S T R Y, E M P L O Y M E N T A N D C O M M U N I C A T I O N S OECD Guidelines on Corporate Governance of State Owned Enterprises.
Challenges to successful quality improvement HAIVN 2012.
Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.
Pro-active Security Measures
S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.
Internal/External Audit Corporate Governance part 5.
The Roles Evaluators Play in Providing TA to SPDG Projects 1 Cheryl Leever Huffman C L Huffman & Associates 3316 Eton Avenue Oklahoma City, OK 73122
“The Role of Experience in Software Testing Practice” A Review of the Article by Armin Beer and Rudolf Ramler By Jason Gero COMP 587 Prof. Lingard Spring.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
Ministry of Finance Compliance assessment of the management and control systems of the managing authorities under the Operational programmes. Conclusions.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Evetns, April 2009, #2 Welcome!
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 How Cacert responded to audit...
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 What is the CCA?
Client Certs -- the old-new thing CAcert The Community CA cacert.org.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 The Purpose of an Assurance.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit.
2.0 Assurance Practice.
Group evaluation There is need to assess the degree to which a group is achieving or has achieved its set goals. The process of assessing this constitutes.
Pre-planning Planning to plan (and adapt) Implementation starts Here!
ATS Service Assurance Suite presentation
Building Association Representative Training
Monitoring and Evaluation
CAcert A Communities Way To Professionalism
Cisco Data Virtualization
Predetermined Objectives – 2013/14
ONUR AIR QUALITY DIRECTORATE
ServiceNow Implementation Knowledge Management
Client Certs -- the old-new thing
The Club Health Assessment
make sure you have signed in to this training.
CAcert and the Audit.
2. Assurance Practice.
EMPLOYEE ENGAGEMENT SURVEY RESULTS
The Idea Behind Group Work
End of Year Performance Review Meetings and objective setting for 2018/19 This briefing pack is designed to be used by line managers to brief their teams.
Engaging families. Creating communities.
Predetermined Objectives – 2013/14
Identify & Document Client Requirements.
CPS Strategy 2018/19 Represent - Support - Develop
Involvement and Scrutiny in the Governance at WCHG
Direct Enhanced Scheme for People with Learning Disabilities
TRAX: A Sneak Preview of the NEW SMP Training Tracker
TRAX: A Sneak Preview of the NEW SMP Training Tracker
WHAT TO EXPECT: A CROWN CORPORATION’S GUIDE TO A SPECIAL EXAMINATION
Representing All Faculty: The Role of the Senate President
Boards Self Reflection
Safety Hour Discussion Pack
Continuity of Operations Planning
IST346: What Is IT?.
Transformation of the National Statistical System: Experience
10 Innovation Lessons For Success.
National Pandemic Flu Service
ECA Quality Control Arrangements
Resistance Management Process Decision Tree
Presentation transcript:

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit The 1 st Audit failed mid 2009 Primary reason: lack of capacity Deeper reason: “someone (else) is doing it.” Realisation that Auditor doesn't 'do' the audit Board cannot 'do' the audit Only the Community can muster the capacity

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit New strategy for audit Many-part strategy: 1. Change the message 2. Build up the capacity Teams fix the problems 4. Engage an Auditor

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit Change the message from... “the board / auditor is doing the audit” To...

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit YOU are doing the audit!

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit Example 1 – communications Ask not: When is my audit done for me, Rather, ask: What can I do for my audit?

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit (easy) Example 2 - contributions ● Smaller audit checks → the Community. ● But, reliability for audit? ● Reliability comes from framework... ● We have the basics: ● the CAP form! ● the certificate!

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit CARS – CAcert Assurer Reliable Statement To: Event Team Leader I presented ATE material to X Assurers Iang, CARS

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit ● Add CARS to report ● Has meaning: ● We the Community can RELY ● Similar (same?) meaning as certs, CAP form ● Backed up by: CCA, DRP ● team leaders can collate, reliably

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit (harder) Example 3 - process Assurance Team is doing it's bit: Requirement: A.2.y The CP details how the CA verifies that RAs operate in accord with CA's policies.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit Solution: Education team creates the ATEs Events team rolls it out to all Assurers, Co-audit team checks the Assurers at each ATE, Assurance Officer collects (CARS), collates, presents. Here, today, you are contributing to the Audit!

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Helping CAcert? 2. Building the teams i. Policy + Documentation + Internal Audit ii. Assurance, Events, Education, Org-Assurers iii. Dispute Resolution: Arbitrators + Case Managers iv. Support: Triage + Support Engineers v. Software: Testing, Development, Assessment vi. Sysadm: Critical, Access, Infrastructure, Hosting

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Basic s Every role requires... ✔ Familiarity with the breadth and basics of CAcert. ✔ Assurer c.f., CARS. ✔ Helping with recruiting and training. ✔ Following Policies and Practices. Some roles go through SP 9.2 process: Arbitrated Background Check + Board approval because of the access to data or special features.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 i. Consultants Business Consultants lead Policies and practices to approval, and support Audit. They are strongly aware of the policies and principles of the Community. They are familiar with Security, IT standards and general business processes.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 ii. Senior Assurers Senior Assurers help and run ATEs, develop the reach of Assurance, and develop the CATS Assurer Challenge. They are very strong on Assurance. They are comfortable with people, presentations, and Community.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 ii. Organisation Assurers Organisation Assurers verify Orgs. They are good with org regulations, careful and methodical. They are strong on Assurance and understand the needs of business.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Arbitrators are people who show exceptionally good judgement in resolving difficult situations. They are strongly aware of the policies and principles of the Community. Good at listening, researching, thinking, reducing and writing. iii. Arbitrators

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Case Managers are organised, good with detail, on top of , and comfortable with working to the tune of the Arbitrator. And, they do not fall in the trap of letting their opinions carry them away. iii. Case Managers

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Support Engineers are people with lots of time, able to communicate with humans and techies. SEs are very patient, cautious and reliable. SEs are “completers,” very methodical. SP: ABC+approval iv. Support Engineers

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Triage have: some time, daily, comfortable with webapps (OTRS), able to quickly dive into messy s, and slice and dice them to the right place. Triage is the starting place for a lot of things... iv. Triage

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 New: larger architecture + design (later) mix of Java, PHP, Javascript, C/C++ likely. Old: patience with old, undocumented PHP. And a desire to get us back on track with fixes! Testers: patient, communicative with techies and can see the human/user view. Software Assessors: approve changes SP: ABC+approval. Software

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Infrastructure Sysadms are very good with Linux, and know quite a lot about security practices. Because of our need for 4 eyes and dual control and redundant access to our systems, all sysadms work with 1-3 others in small teams. Follow doco, share brief reports on actions. Infra Team

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Access Engineers: located near Ede, NL. Strongly familiar with security access controls and with basics of hardware and hosting. Watches for proper procedures and controls. Follows Security Policy, records actions. SP: ABC+approval. Access Engineers

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 The systems administrators on the critical team work to Security Policy (“the bible”) and other documentation. Strongly familiar with security. Always working with at least 1 other under 4 eyes or dual control. Follows Security Policy, records actions. SP: ABC+approval. Critical Sysadms

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Helping CAcert? Building the teams (redux) i. All of these teams exist ii. More info in January's Annual Report iii. svn.cacert.org/CAcert_Inc/General_Meetings/ iv. AGM /CAcert_Annual_Report_2009.pdf v. 13 teams, 28 pages, 20 cats, 3 kangaroos... vi. Straw poll: = 39 vii. No invitation, just ask...

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit What can I do for my audit?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.