← Certigna cases
Bugzilla #2043140
CCADB Compliance
Certigna: Delay in reporting an audit finding
CLOSED
Certigna
AI Summary
Certigna experienced a delay in reporting an audit finding identified during the 2026 ETSI audit, which was not created within the deadlines set forth in the CCADB’s Incident Reporting Guidelines. The incident was disclosed following a third-party comment. No impact on certificates was identified, and the CA has since updated its procedures to align with CCADB guidelines and improve compliance awareness among its team. All action items related to the incident have been completed, and the case is now closed.
Chronology
- Updates to the CCADB guidelines regarding the reporting of audit findings.
- An auditor identifies a finding during the annual audit.
- The audit report is published by the assessment body.
- A third party comments on the incident ticket regarding reporting deadlines.
- Full incident report is updated.
- Report closure summary is provided.
Participants
Josselin Allemandou
External References
Similar Local Cases
Certigna: Finding #1 ETSI Audit – Missing system configuration information in the CP/CPS
Dhimyotis / Certigna: Intermediate Cert(s) not disclosed in CCADB
Chunghwa Telecom: Delayed disclosure to Bug 2008782 GTLSCA Audit Incident Report #1 - mass certificate revocation plan
Chunghwa Telecom: Delayed disclosure to Bug 2008799 GTLSCA Audit Incident Report #3 - Missing vulnerability scan
Telia: Delayed submission of preliminary audit incident report
Firmaprofesional: Delayed initial incident reporting for Bug 2016475 (72-hour preliminary and 14-day full report timing)
Chunghwa Telecom: Delayed Annual Audit Report 2024
IdenTrust: Delay in updating a Bugzilla ticket Bug 2014610 - Next update