(In reply to Wayne Thayer [:wayne] from comment #11)
Oliver: It has now been 2 months since I asked the questions in comment #10. Why has CFCA not responded?
Sorry for the late reply. We finished the internal audit in early August, and then we started the Webtrust external audit. I planned to submit the results after the external audit, but the external audit is still in progress, this is my personal fault.
Now, I would like to explain our internal audit from May 1, 2019 to July 31, 2019:
- During this period, CFCA has issued 33 EV certificates, 176 OV certificates and 26 document signature certificates. We have audited these 235 records, and the audit results show that the certificate acceptance, audit process, etc are in line with the requirements.
- However, it is pointed out in the report that at present, certificate processing is over-dependent on labor, and there is a risk of not rigorous audit. Hope improve it timely.
As I said before, we have realized the transition rely on artificial risks, so we have already start the automatic ordering system development work, the system is suitable for final subscriber and the internal audit personnel, through the big data technology to complete the authentication of the enterprise, realize automatic domain authentication, thus reducing the risk of manual audit. Considering other factors, we will retain the manual secondary audit process in the early stage.
Due to the complex design, we plan to complete it in stages. Currently, the first version of the system has been developed. The system passed the review on September 10, 2019, the test system is currently being deployed, if there is no problem with the test system, we will start phase ii construction and join the automatic audit. We hope to finish it by the end of this year, there maybe some uncertainty, but we will try to solve them.