← SwissSign AG cases
Bugzilla #1990269
Audit Related
SwissSign: recommendation on document release dual control
RESOLVED
FIXED
SwissSign AG
AI Summary
The audit report for SwissSign recommended improvements in dual control for public document releases during the markdown process. SwissSign transitioned from a manual email-based approval system to a Git and Markdown-based automated workflow, ensuring technically enforced dual control. This change was implemented and reviewed by auditors, confirming compliance with ETSI EN 319 401 requirements. All action items related to this recommendation have been completed, and SwissSign is committed to ongoing monitoring and feedback.
Chronology
- Preliminary Incident Report submitted
- Full Incident Report submitted
- Action item completed and reviewed by auditors
- Final call for comments on Incident Report
Participants
Sandy Balzer
External References
Similar Local Cases
SwissSign: recommendation on CA-specific risk assessment
SwissSign: recommendation on BIA/BCP review
SwissSign: Findings in 2024 Audit
SwissSign Audit info
Buypass: Findings in 2025 ETSI Audit - Audit Incident Report #2 - Supply chain policy
Sectigo: Trusted Role Access provided prior to completion of onboarding process
GoDaddy: Action Items
TURKTRUST audit regarding change management procedures and controls