20120701 - New audit procedures for Symantec, Thawte and Geotrust
As of July 1st 2012, Audits processes will change. Issuance of Symantec, Thawte and Geotrust certificates will be subdued to new rules.
Symantec introduces those new rules in order to enhance its products' security level and harmonize the processes of its different certification authorities by minimizing the number of probative documents.
Vetting of the domain
The DRL (Domain Release Letter), it's over! Document requested when the WHOIS does not present the requester as the domain's owner, it won't be accepted anymore.
The new options :
- Modify the WHOIS to make it be consistent with the reality
- Use a Professional Opinion Letter
- Have recourse to the DRC (Domain Rights Confirmation) that uses a phone number or an e-mail address registered in the WHOIS
Vetting of the organization
Business license documents won't be enough anymore. The authenticity of those documents will be verified through issuing agencies or a Professional Opinion Letter.
Obtain a Kbis
MonIdenum can provide a Kbis within minutes for free. Do not hesitate to use their services.
The corporate identifier will have to be included in the organization name (in some countries). Should the 'OU' optional field be filled, it vetted.
Vetting of the phone
If the phone number is not found in official directories we used to ask for a phone bill or a notary letter.
From now on, only the Professional Opinion Letter will be accepted.
In a nutshell: the Professional Opinion Letter is going to be in the center of the new audit procedures and will replace most of the existing documents.