Call for tenders' details
Status
Submission date
27/05/2019
Answer date
03/06/2019
Language
Status
Answered
Question details
Subject
Audit requirements & budget
Question
In terms of "interacting with the Accredited Auditors" can the JRC clarify whether CA compliance audits will be funded directly at the JRC's expense or whether the contractor is responsible for using its own funds to procure the services of an Accredit Auditor?
Answer
03/06/2019
We confirm that the contractor will be responsible for the entire process of auditing the EU Root CA, internal EA and AA on its own, both organisationally as well as financially. This requirement is also mentioned in Annex I - Part 2: Technical Specifications, e.g. on page 11: 'The contractor shall be responsible for the entire process of handling the audit process with the accredited PKI auditor and shall ensure that the EU root CA, EA and AA fulfil all requirements to be listed on the ECTL.'