<div dir="ltr">We prefer this last wording you propose.<div><br></div><div>Regarding the amount and taking into account that nowadays, at least in Spain we have a clear obligation of insurance covering 3.000.000 €, why do not we use this figure as a reference (let's say $4,000,000)? I do not know if the $5,000,000 figure has sound reasoning behind it.</div>
<div><br></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><span style="color:rgb(136,136,136)">-- </span><br style="color:rgb(136,136,136)"><div dir="ltr"><font color="#999999" style="color:rgb(136,136,136)"><b>Chema López</b></font><div>
<font color="#999999"><b>Gestor de Proyectos - Departamento Técnico</b></font></div><div style="color:rgb(136,136,136)"><font color="#999999"><b>AC Firmaprofesional, S.A.</b></font><br></div><div style="color:rgb(136,136,136)">
<br></div><div style="color:rgb(136,136,136)"><font color="#999999">Edificio ESADECREAPOLIS - 1B13</font></div><div style="color:rgb(136,136,136)"><font color="#999999">08173 Sant Cugat del Vallès, Barcelona. </font></div>
<div style="color:rgb(136,136,136)"><font color="#999999">T. 934 774 245</font></div><div style="color:rgb(136,136,136)"><font color="#999999">M. 666 429 224</font></div><div style="color:rgb(136,136,136)"></div></div></div>
</div>
<br><br><div class="gmail_quote">On Tue, Jul 15, 2014 at 4:54 PM, Ben Wilson <span dir="ltr"><<a href="mailto:ben@digicert.com" target="_blank">ben@digicert.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">All,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">I just spoke with an insurance expert in London. She said that for purposes of obtaining insurance internationally, we should use generic terms in our insurance requirements under 8.4. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">For (A), she suggested that we just say something like “casualty insurance sufficient to cover CA system damage or loss due to fire, water, electrical failure, or natural disaster, and including, if reasonably available, data loss due to IT security failure.” (Whether we require insurance for data loss or security breach is something we can debate further.)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">For (B), we should just say something like “third party coverage in the amount of at least _____ covering financial loss to EV Certificate Beneficiaries and/or Relying parties arising out of the CA’s negligent act, error, or omission in the performance of technology services under these Guidelines.” <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">I think this puts us few steps closer to a resolution of this issue. Now, if we can agree on a financial amount for (B). What about 2 million Euros under (B)? Discussion?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">Thanks,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">Ben<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="line-height:normal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> <a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a> [mailto:<a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a>] <b>On Behalf Of </b><a href="mailto:i-barreira@izenpe.net" target="_blank">i-barreira@izenpe.net</a><br>
<b>Sent:</b> Thursday, July 10, 2014 12:29 AM<br><b>To:</b> <a href="mailto:ben@digicert.com" target="_blank">ben@digicert.com</a>; <a href="mailto:arno.fiedler@nimbus-berlin.com" target="_blank">arno.fiedler@nimbus-berlin.com</a>; <a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a></span></p>
<div><div class="h5"><br><b>Subject:</b> Re: [cabfpub] Ballot 121 (insurance)<u></u><u></u></div></div><p></p></div></div><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">I personally, between both, prefer the first one. Including rating agencies like Standard&Poors, Fitch, etc. it´s worse than the A rating. I had no problems to find an insurer with that qualification in Spain (in fact I´ve changed 3 times my insurance company from Lloyd´s to Chubb and now to CFC underwriting)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div><p class="MsoNormal" style="line-height:normal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal" style="line-height:9.75pt"><b><span lang="ES-TRAD" style="font-size:8.5pt;font-family:"Tahoma","sans-serif"">Iñigo Barreira</span></b><span lang="ES-TRAD" style="font-size:8.5pt;font-family:"Tahoma","sans-serif""><br>
Responsable del Área técnica<br><a href="mailto:i-barreira@izenpe.net" target="_blank">i-barreira@izenpe.net</a><u></u><u></u></span></p><p class="MsoNormal" style="line-height:normal"><span lang="ES-TRAD" style="font-size:8.5pt;font-family:"Tahoma","sans-serif"">945067705</span><span lang="ES-TRAD" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:normal"><span lang="ES-TRAD" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal" style="line-height:normal">
<span lang="ES" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><img border="0" width="585" height="111" src="cid:image001.png@01CFA00A.62379280" alt="Descripción: cid:image001.png@01CE3152.B4804EB0"></span><span lang="ES-TRAD" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:9.75pt"><span lang="ES" style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#888888">ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!</span><span lang="ES" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#888888"><br>
</span><span lang="ES" style="font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#888888">ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.</span><span lang="ES" style="font-family:"Calibri","sans-serif";color:navy"><u></u><u></u></span></p>
</div><p class="MsoNormal"><span lang="ES" style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="line-height:normal"><b><span lang="ES" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">De:</span></b><span lang="ES" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> <a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org" target="_blank">mailto:public-bounces@cabforum.org</a>] <b>En nombre de </b>Ben Wilson<br>
<b>Enviado el:</b> miércoles, 09 de julio de 2014 20:39<br><b>Para:</b> <a href="mailto:arno.fiedler@nimbus-berlin.com" target="_blank">arno.fiedler@nimbus-berlin.com</a>; <a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a><br>
<b>Asunto:</b> Re: [cabfpub] Ballot 121 (insurance)<u></u><u></u></span></p></div></div><p class="MsoNormal"><span lang="ES"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">Arno,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">What if it said, “</span><i>MUST be an insurer rated with a financial strength indicating an excellent ability to meet its ongoing insurance obligations by Standard & Poor’s, A.M. Best, Fitch, Moody’s, DBRS, Japan Credit Rating Agency, Creditreform, Scope Ratings, or a similarly recognized rating agency"?</i><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">Cheers,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">Ben<u></u><u></u></span></p>
<div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal" style="line-height:normal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> <a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a> <a href="mailto:[mailto:public-bounces@cabforum.org]" target="_blank">[mailto:public-bounces@cabforum.org]</a> <b>On Behalf Of </b>Ben Wilson<br>
<b>Sent:</b> Wednesday, July 9, 2014 10:15 AM<br><b>To:</b> <a href="mailto:arno.fiedler@nimbus-berlin.com" target="_blank">arno.fiedler@nimbus-berlin.com</a>; <a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a><br>
<b>Subject:</b> Re: [cabfpub] Ballot 121 (insurance)<u></u><u></u></span></p></div></div><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">Thanks, Arno. I’ll revise and resubmit.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="line-height:normal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> <a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org" target="_blank">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Arno Fiedler<br>
<b>Sent:</b> Wednesday, July 9, 2014 6:05 AM<br><b>To:</b> <a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a><br><b>Subject:</b> Re: [cabfpub] Ballot 121 (insurance)<u></u><u></u></span></p></div>
</div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">Hello,<br>it sounds very US-centric and very detailed, "<i>MUST be with a company rated no less than A- as to Policy Holder’s Rating in the current edition of Best’s Insurance Guide"</i> seems to be not applicable for "Rest of World." <br>
Best regards<br>arno<br><br><br>Am 08.07.2014 17:04, schrieb Ben Wilson:<u></u><u></u></p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">All,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">Based on feedback received so far from several international cyber insurance experts, here is a current iteration for revisions to Section 8.4 of the EV Guidelines (redlined PDF attached). </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">This is only for the EV Guidelines and would apply to CAs desiring to issue Extended Validation Certificates. </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">This wording may be further refined based upon your input to Jeremy’s question and as any other information from insurance experts comes in. </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">Please check with your insurance brokers to confirm that you either already have these coverages or that these can be obtained by your company at reasonable cost.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">Thanks,</span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d">Ben</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><h2 style="margin-top:10.0pt"><b><span style="font-family:"Cambria","serif";color:#4f81bd">8.4.Insurance </span></b><b><span style="font-size:13.0pt;line-height:115%;font-family:"Cambria","serif";color:#4f81bd"><u></u><u></u></span></b></h2>
<p>Effective _______, each CA SHALL continuously maintain the following insurance related to its performance and obligations under these Guidelines:<u></u><u></u></p><p style="margin-left:.5in">(A) insurance covering damages to systems, data, or software and for business interruptions due to natural disaster, fire, IT security failure, malware, cyber attack / criminal hacker, or theft, in the amount of at least two million US dollars ($2 million) in coverage; and <u></u><u></u></p>
<p style="margin-left:.5in">(B) Technology Errors and Omissions insurance, with policy limits of at least five million US dollars ($5,000,000 per claim and in the aggregate) covering financial damages to third parties arising out of a negligent act, error, or omission in the performance of technology services under these Guidelines with coverage to be kept in place for all periods during which an EV Certificate issued by the CA is still valid. If coverage is non-renewed or canceled, the CA shall purchase extended reporting period coverage for at least a two-year period. Territory of coverage shall be global, except for countries sanctioned by the United States or the European Union. <u></u><u></u></p>
<p>Such insurance <span style="text-transform:uppercase">must</span> not exclude coverage when providing public key infrastructure services and MUST be with a company rated no less than A- as to Policy Holder’s Rating in the current edition of Best’s Insurance Guide (or with an association of companies each of the members of which are so rated). <u></u><u></u></p>
<p>A CA MAY self-insure for liabilities that arise from such party's performance and obligations under these Guidelines provided that it has at least five hundred million US dollars in liquid assets based on audited financial statements in the past twelve months, and a quick ratio (ratio of liquid assets to current liabilities) of not less than 1.0. <u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
</blockquote><p class="MsoNormal" style="margin-bottom:12.0pt;line-height:normal"><u></u> <u></u></p><pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">-- <u></u><u></u></span></pre>
<pre>
<span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">Arno Fiedler<u></u><u></u></span></pre><pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">Nimbus Technologieberatung GmbH<u></u><u></u></span></pre>
<pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">Reichensteiner Weg 17<u></u><u></u></span></pre><pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">14195 Berlin<u></u><u></u></span></pre>
<pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">Mobil: 0049-(0)172-3053272<u></u><u></u></span></pre><pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">Fax: 0049-(0)30-89745-777<u></u><u></u></span></pre>
<pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">E-Mail: <a href="mailto:arno.fiedler@nimbus-berlin.com" target="_blank">arno.fiedler@nimbus-berlin.com</a><u></u><u></u></span></pre>
<pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">Web: <a href="http://www.nimbus-berlin.com" target="_blank">www.nimbus-berlin.com</a><u></u><u></u></span></pre><pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">Geschäftsführer: Arno Fiedler<u></u><u></u></span></pre>
<pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">USt-IdNr. : DE 203 269 920<u></u><u></u></span></pre><pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">D-U-N-S® Nr. 50-730-8117<u></u><u></u></span></pre>
<pre><span style="font-size:10.0pt;line-height:115%;font-family:"Courier New"">HandelsregisterNr:HRB 109409 B<u></u><u></u></span></pre></div></div></div></div><br>_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
<br></blockquote></div><br></div>