[cabfpub] Ballot 121 (insurance)

Mon Jul 28 07:04:37 UTC 2014

We prefer this last wording you propose.

Regarding the amount and taking into account that nowadays, at least in
Spain we have a clear obligation of insurance covering 3.000.000 €, why do
not we use this figure as a reference (let's say $4,000,000)? I do not know
if the $5,000,000 figure has sound reasoning behind it.

-- 
*Chema López*
*Gestor de Proyectos - Departamento Técnico*
*AC Firmaprofesional, S.A.*

Edificio ESADECREAPOLIS - 1B13
08173 Sant Cugat del Vallès, Barcelona.
T.  934 774 245
M. 666 429 224

On Tue, Jul 15, 2014 at 4:54 PM, Ben Wilson <ben at digicert.com> wrote:

> All,
>
>
>
> I just spoke with an insurance expert in London.  She said that for
> purposes of obtaining insurance internationally, we should use generic
> terms in our insurance requirements under 8.4.
>
>
>
> For (A), she suggested that we just say something like “casualty insurance
> sufficient to cover CA system damage or loss due to fire, water, electrical
> failure, or natural disaster, and including, if reasonably available, data
> loss due to IT security failure.”  (Whether we require insurance for data
> loss or security breach is something we can debate further.)
>
>
>
> For (B), we should just say something like “third party coverage in the
> amount of at least _____ covering financial loss to EV Certificate
> Beneficiaries and/or Relying parties arising out of the CA’s negligent act,
> error, or omission in the performance of technology services under these
> Guidelines.”
>
>
>
> I think this puts us few steps closer to a resolution of this issue.
>   Now, if we can agree on a financial amount for (B).  What about 2 million
> Euros under (B)?  Discussion?
>
>
>
> Thanks,
>
>
>
> Ben
>
>
>
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] *On
> Behalf Of *i-barreira at izenpe.net
> *Sent:* Thursday, July 10, 2014 12:29 AM
> *To:* ben at digicert.com; arno.fiedler at nimbus-berlin.com;
> public at cabforum.org
>
> *Subject:* Re: [cabfpub] Ballot 121 (insurance)
>
>
>
> I personally, between both, prefer the first one. Including rating
> agencies like Standard&Poors, Fitch, etc. it´s worse than the A rating. I
> had no problems to find an insurer with that qualification in Spain (in
> fact I´ve changed 3 times my insurance company from Lloyd´s to Chubb and
> now to CFC underwriting)
>
>
>
>
>
> *Iñigo Barreira*
> Responsable del Área técnica
> i-barreira at izenpe.net
>
> 945067705
>
>
>
> [image: Descripción: cid:image001.png at 01CE3152.B4804EB0]
>
> ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta
> egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea
> gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi
> erantzuna. KONTUZ!
> ATENCION! Este mensaje contiene informacion privilegiada o confidencial a
> la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por
> error le agradeceriamos que no hiciera uso de la informacion y que se
> pusiese en contacto con el remitente.
>
>
>
> *De:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org
> <public-bounces at cabforum.org>] *En nombre de *Ben Wilson
> *Enviado el:* miércoles, 09 de julio de 2014 20:39
> *Para:* arno.fiedler at nimbus-berlin.com; public at cabforum.org
> *Asunto:* Re: [cabfpub] Ballot 121 (insurance)
>
>
>
> Arno,
>
> What if it said, “*MUST be an insurer rated with a financial strength
> indicating an excellent ability to meet its ongoing insurance obligations
> by Standard & Poor’s, A.M. Best, Fitch, Moody’s, DBRS, Japan Credit Rating
> Agency, Creditreform, Scope Ratings, or a similarly recognized rating
> agency"?*
>
> Cheers,
>
> Ben
>
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] *On
> Behalf Of *Ben Wilson
> *Sent:* Wednesday, July 9, 2014 10:15 AM
> *To:* arno.fiedler at nimbus-berlin.com; public at cabforum.org
> *Subject:* Re: [cabfpub] Ballot 121 (insurance)
>
>
>
> Thanks, Arno.  I’ll revise and resubmit.
>
>
>
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org
> <public-bounces at cabforum.org>] *On Behalf Of *Arno Fiedler
> *Sent:* Wednesday, July 9, 2014 6:05 AM
> *To:* public at cabforum.org
> *Subject:* Re: [cabfpub] Ballot 121 (insurance)
>
>
>
> Hello,
> it sounds very US-centric and very detailed, "*MUST be with a company
> rated no less than A- as to Policy Holder’s Rating in the current edition
> of Best’s Insurance Guide"* seems to be not applicable for "Rest of
> World."
> Best regards
> arno
>
>
> Am 08.07.2014 17:04, schrieb Ben Wilson:
>
> All,
>
> Based on feedback received so far from several international cyber
> insurance experts, here is a current iteration for revisions to Section 8.4
> of the EV Guidelines (redlined PDF attached).
>
> This is only for the EV Guidelines and would apply to CAs desiring to
> issue Extended Validation Certificates.
>
> This wording may be further refined based upon your input to Jeremy’s
> question and as any other information from insurance experts comes in.
>
> Please check with your insurance brokers to confirm that you either
> already have these coverages or that these can be obtained by your company
> at reasonable cost.
>
> Thanks,
>
> Ben
>
>
> *8.4.Insurance *
>
> Effective _______, each CA SHALL continuously maintain the following
> insurance related to its performance and obligations under these Guidelines:
>
> (A) insurance covering damages to systems, data, or software and for
> business interruptions due to natural disaster, fire, IT security failure,
> malware, cyber attack / criminal hacker, or theft, in the amount of at
> least two million US dollars ($2 million) in coverage; and
>
> (B) Technology Errors and Omissions insurance, with policy limits of at
> least five million US dollars ($5,000,000 per claim and in the aggregate)
> covering financial damages to third parties arising out of a negligent act,
> error, or omission in the performance of technology services under these
> Guidelines with coverage to be kept in place for all periods during which
> an EV Certificate issued by the CA is still valid. If coverage is
> non-renewed or canceled, the CA shall purchase extended reporting period
> coverage for at least a two-year period. Territory of coverage shall be
> global, except for countries sanctioned by the United States or the
> European Union.
>
> Such insurance must not exclude coverage when providing public key
> infrastructure services and MUST be with a company rated no less than A- as
> to Policy Holder’s Rating in the current edition of Best’s Insurance Guide
> (or with an association of companies each of the members of which are so
> rated).
>
> A CA MAY self-insure for liabilities that arise from such party's
> performance and obligations under these Guidelines provided that it has at
> least five hundred million US dollars in liquid assets based on audited
> financial statements in the past twelve months, and a quick ratio (ratio of
> liquid assets to current liabilities) of not less than 1.0.
>
>
>
>
>
>
>
> --
>
> Arno Fiedler
>
> Nimbus Technologieberatung GmbH
>
> Reichensteiner Weg 17
>
> 14195 Berlin
>
> Mobil:      0049-(0)172-3053272
>
> Fax:        0049-(0)30-89745-777
>
> E-Mail:     arno.fiedler at nimbus-berlin.com
>
> Web:        www.nimbus-berlin.com
>
> Geschäftsführer:  Arno Fiedler
>
> USt-IdNr. :       DE 203 269 920
>
> D-U-N-S® Nr.      50-730-8117
>
> HandelsregisterNr:HRB 109409 B
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140728/dbea466e/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 19121 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140728/dbea466e/attachment-0003.png>