Call for tenders' details
Audit requirements & budget
In terms of "interacting with the Accredited Auditors" can the JRC clarify whether CA compliance audits will be funded directly at the JRC's expense or whether the contractor is responsible for using its own funds to procure the services of an Accredit Auditor?
We confirm that the contractor will be responsible for the entire process of auditing the EU Root CA, internal EA and AA on its own, both organisationally as well as financially. This requirement is also mentioned in Annex I - Part 2: Technical Specifications, e.g. on page 11: 'The contractor shall be responsible for the entire process of handling the audit process with the accredited PKI auditor and shall ensure that the EU root CA, EA and AA fulfil all requirements to be listed on the ECTL.'