Certificate Practice Statement Policy
Version1.0.3 Last Updated2023-11-13 APPROVED
1. Overview
This Certificate Practice Statement (CPS) Policy outlines the practices and procedures followed by AccuCode AI Inc. in the issuance, management, revocation, and renewal of digital certificates. This policy is in accordance with the requirements of the AccuCode AI Certificate Policy (CP) and the AccuCode AI Public Key Infrastructure (PKI).
2. Purpose
The purpose of this policy is to ensure that the AccuCode AI PKI is operated in a secure, trustworthy, and consistent manner, and that all parties involved in the PKI have a clear understanding of their roles and responsibilities.
3. Scope
This policy applies to all digital certificates issued by the AccuCode AI PKI, including those used for authentication, encryption, and digital signatures. This policy also applies to all AccuCode AI employees, contractors, and third parties involved in the operation of the PKI.
4. Policy
4.1 Certificate Issuance
All digital certificates issued by the AccuCode AI PKI shall be issued in accordance with the AccuCode AI Certificate Policy and the requirements of this CPS. The issuance of certificates shall be performed by authorized AccuCode AI personnel only.
4.2 Certificate Lifecycle Management
The AccuCode AI PKI shall maintain a system for the management of certificate lifecycles, including issuance, revocation, and renewal. This system shall be operated in accordance with the requirements of the AccuCode AI Certificate Policy and industry best practices.
4.3 Key Management
The AccuCode AI PKI shall maintain a secure system for the management of cryptographic keys, including key generation, distribution, storage, and destruction. All keys shall be generated and stored using Azure Key Vault, which is SOC-II compliant.
4.4 Certificate Revocation
The AccuCode AI PKI shall maintain a system for the revocation of digital certificates in accordance with the AccuCode AI Certificate Policy. Revocation requests shall be processed promptly and in accordance with industry best practices.
4.5 Certificate Renewal
The AccuCode AI PKI shall maintain a system for the renewal of digital certificates in accordance with the AccuCode AI Certificate Policy. Renewal requests shall be processed promptly and in accordance with industry best practices.
4.6 Audit and Compliance
The AccuCode AI PKI shall be subject to regular audits to ensure compliance with the AccuCode AI Certificate Policy, this CPS, and industry best practices. Audit results shall be reviewed by the InfoSec team and any necessary corrective actions shall be taken promptly.
5. Roles and Responsibilities
5.1 PKI Manager
The PKI Manager is responsible for the overall operation and management of the AccuCode AI PKI, including ensuring compliance with the AccuCode AI Certificate Policy and this CPS.
5.2 PKI Administrators
PKI Administrators are responsible for the day-to-day operation of the AccuCode AI PKI, including certificate issuance, revocation, and renewal.
5.3 InfoSec Team
The InfoSec team is responsible for reviewing audit results and ensuring that any necessary corrective actions are taken promptly.
6. Policy Compliance
6.1 Compliance Measurement
The InfoSec team will verify compliance to this policy through various methods, including but not limited to, periodic audits, business tool reports, and internal and external feedback to the policy owner.
6.2 Exceptions
Any exception to the policy must be approved by the InfoSec team in advance.
6.3 Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.