[cabfpub] Ballot 121 (insurance)

Ben Wilson ben at digicert.com
Wed Jul 9 16:15:17 UTC 2014


Thanks, Arno.  I’ll revise and resubmit.

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Arno Fiedler
Sent: Wednesday, July 9, 2014 6:05 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Ballot 121 (insurance)

 

Hello,
it sounds very US-centric and very detailed, "MUST be with a company rated
no less than A- as to Policy Holder’s Rating in the current edition of
Best’s Insurance Guide" seems to be not applicable for "Rest of World." 
Best regards
arno


Am 08.07.2014 17:04, schrieb Ben Wilson:

All,

Based on feedback received so far from several international cyber insurance
experts, here is a current iteration for revisions to Section 8.4 of the EV
Guidelines (redlined PDF attached).  

This is only for the EV Guidelines and would apply to CAs desiring to issue
Extended Validation Certificates. 

This wording may be further refined based upon your input to Jeremy’s
question and as any other information from insurance experts comes in.  

Please check with your insurance brokers to confirm that you either already
have these coverages or that these can be obtained by your company at
reasonable cost.

Thanks,

Ben

 


8.4.Insurance 


Effective _______, each CA SHALL continuously maintain the following
insurance related to its performance and obligations under these Guidelines:

(A) insurance covering damages to systems, data, or software and for
business interruptions due to natural disaster, fire, IT security failure,
malware, cyber attack / criminal hacker, or theft, in the amount of at least
two million US dollars ($2 million) in coverage; and 

(B) Technology Errors and Omissions insurance, with policy limits of at
least five million US dollars ($5,000,000 per claim and in the aggregate)
covering financial damages to third parties arising out of a negligent act,
error, or omission in the performance of technology services under these
Guidelines with coverage to be kept in place for all periods during which an
EV Certificate issued by the CA is still valid. If coverage is non-renewed
or canceled, the CA shall purchase extended reporting period coverage for at
least a two-year period. Territory of coverage shall be global, except for
countries sanctioned by the United States or the European Union. 

Such insurance must not exclude coverage when providing public key
infrastructure services and MUST be with a company rated no less than A- as
to Policy Holder’s Rating in the current edition of Best’s Insurance Guide
(or with an association of companies each of the members of which are so
rated). 

A CA MAY self-insure for liabilities that arise from such party's
performance and obligations under these Guidelines provided that it has at
least five hundred million US dollars in liquid assets based on audited
financial statements in the past twelve months, and a quick ratio (ratio of
liquid assets to current liabilities) of not less than 1.0. 

 

 





-- 
Arno Fiedler
Nimbus Technologieberatung GmbH
Reichensteiner Weg 17
14195 Berlin
Mobil:      0049-(0)172-3053272
Fax:        0049-(0)30-89745-777
E-Mail:     arno.fiedler at nimbus-berlin.com
Web:        www.nimbus-berlin.com
Geschäftsführer:  Arno Fiedler
USt-IdNr. :       DE 203 269 920
D-U-N-S® Nr.      50-730-8117
HandelsregisterNr:HRB 109409 B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140709/c05d2e4c/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5453 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140709/c05d2e4c/attachment-0001.p7s>


More information about the Public mailing list