Memorandum of Agreement (Template)

Document Sample
Memorandum of Agreement (Template) Powered By Docstoc
					                     Memorandum of Agreement (Template)

                            XXXXXXXXXXX                    〈PCA〉
Parties to the agreement:
                            Ministry of Economic Affairs   〈MOEA〉


     For the PCA that has passed the review of joining into interoperation with
MOEA, and qualified as a Principal Certification Authority as defined under “Taiwan
Bridge Certification Authority Certification Practice Statement” and so applied for
issuing of “Cross Certificates” (the Certificate) from MOEA. Henceforth, both parties
agree to execute this collaboration agreement (the Agreement) with terms &
conditions as follows:


Clause 1. Applicable Scope
             In the Cross Certificates application, PCA shall clearly identify the CA
         and the name of CA’s it controlled that are conducting interoperation with
         the MOEA; where there are changes to the controlled CA’s conducting
         interoperation under PCA, the PCA shall notify the MOEA in writing and
         announce it on the open website of PCA.

             The approved version 1.6 of “Taiwan Bridge Certification Authority
          Certification Practice Statement” (appendix 1) forms part of this agreement,
          and has the same power as this agreement. But where there is a conflict
          between the content of appendices and this agreement, this agreement shall
          prevail.

Clause 2. Service Scope
            MOEA shall provide public key cross certificates issuing, managing,
         renewing and revoking related certificate services to PCA according to the
         operating process clearly stated on appendix 1

Clause 3. Scope and Limit on use of Certificates
             Usage scope of Certificate: MOEA issues certificates to establish mutual
         trust between PCA and the MOEA, so as to enable the different levels of
         certificates issued by PCA can establish the certificate trust route required
         for interoperation with other Public key infrastructure areas already
         interoperating with the MOEA.
             Certificate usage restrictions: Certificates issued by MOEA can only be
         used within the scope specified by this agreement. The certificates can not
         be used in applications or businesses that can cause death, harm to people

                                            1
          physically or psychologically, or major harm to social order or social
          environment. Neither can it be used on any applications or businesses
          clearly prohibited by the Electronic Signatures Act or other relevant laws
          and regulations enacted by the authority.

Clause 4. Fees
            Unless there is separate written agreement between both parties, MOEA
         does not currently charge for the cross certification services that it provides
         now. Where MOEA starts charging at a later date, both parties shall
         document the agreement in writing then.

Clause 5. Rights & Responsibilities
             The PCA shall comply with the Certification Operation Standard
         already approved by the authority.
             Where the PCA uses the certificates issued by MOEA in scopes beyond
         this agreement, leading to any dispute situation, then PCA shall be solely
         responsible without any liability on the part of MOEA.
             MOEA shall keep the registration information, certificates information
         and other relevant information of PCA safely, avoiding any leakage, illegal
         uses or tampering. The retention period for the above mentioned
         information shall be in accordance with the operating process recorded
         within appendix 1 “4.6.2 Filing retention period”.
             MOEA shall complete the certificate revocation, CRL and publish them
         on the database within 10 days of receiving certificate revocation
         application from the PCA. The PCA shall announce the application for
         revoking the certificate on the website of PCA prior to the certificate
         revocation status has been published, so as to reduce its effect on other
         public certification authorities and take on all responsibilities arising out of
         using such certificates.
             The PCA and MOEA shall ensure their employees do not disclose, steal,
         misuse, forge or tamper the information, password or private key of any
         party.
             Both parties shall safeguard the private key and passwords
         corresponding to their certificates, and if they are damaged, lost, cracked,
         tampered with or stolen, the other party shall be notified for immediate
         processing and announcements.
             Both parties shall safeguard electronic information, and prevent any
         third parties from entering the computer operation and network system
         illegally.
             When either party accesses the registration information, certificates
                                           2
          information and other relevant information in possession, it must be strictly
          for business requirements and strictly controlled, and operated by the people
          with access rights to the operation.

Clause 6. Non-Disclosure.
             Beside the content of certificates are public information, both parties
         shall protect the privacy of either party in accordance with the requirements
         clearly stated in appendix 1.
             Upon termination of this agreement, the duty to non-disclosure shall
         remain valid within 3 years of terminating this agreement.

Clause 7. Changes, suspension or revocation of certificates.
             MOEA does not provide PCA certificate suspension services.
             Prior to the certificates expiring, if there is any change or revocation of
         certificate information, the PCA shall notify MOEA immediately. After
         confirming certificate amendment or revocation application from PCA, it
         shall process the application according to the rules in appendix 1.
             The process for applying for certificate revocation by the PCA shall be
         in accordance with appendix 1 “4.4.4 Procedure for requesting certificate
         revocation”.
             Where the PCA falls into any one of the following situations, it shall
         notify MOEA in writing or through digitally signed email:
             I. There have been changes to certificate contents and information
                   relating to PCA.

              II.   The information recorded in the certificate fields or extended
                    certificate fields of the certificates held by PCA does not comply
                    with the requirement of appendix 1.

              III. The PCA believes there are other causes justifying the submission
                   of certificate revocation application.


Clause 8. Procedures for processing cracked private keys.
             Where there are concerns that the private key held by either party has
         been destroyed, lost, cracked, tampered with or stolen, the other party shall
         be notified to take action, and both parties shall revoke the certificate of the
         opposite party in accordance with the required procedure in appendix 1 “4.4
         certificates on temporary suspension and revocation”, and then issue and
         public CRL on the database of both parties; after certificates has been
         revoked, the certificates shall be reissued.

                                           3
Clause 9. Ending operation.
             Where PCA has to end its operation, it must try to reduce its impact on
         the operation of business system to the minimum, and transfer the related
         certificates operation smoothly to other PCA to continue operation.
             Where MOEA has to end its operations, it shall proceed in accordance
         with the requirements contained in appendix 1 “4.9 BCA termination
         service”.

Clause 10. Liabilities for compensation and limitations of liability
              If MOEA breaches this agreement or relevant legal regulations
         intentionally or by neglect, leading to losses by the PCA, then MOEA shall
         compensate for the losses of PCA, but the scope of compensation is limited
         to the direct losses endured by the PCA, and the compensation ceiling shall
         be as per required by appendix 2 of this agreement.
              If the PCA breaches the certificates operation standards approved by
         relevant authority, conditions of this agreement or relevant legal regulations
         intentionally or by neglect, leading to losses by MOEA or other PCA, then
         it shall compensate for the losses of MOEA or other PCA. But the scope of
         compensation is limited to the direct losses endured, and the compensation
         ceiling amount is as per appendix 2 of this agreement.
              If either party causes losses to the other party due to disconnections in
         internet links, equipment malfunctions, or other force majeure natural
         disasters (e.g.: wars or earth quakes, etc), or other causes of no fault from
         either party, then the party shall not be liable for compensation.
              When either party terminates operation or this agreement, and causes
         other party or other PCA to ensure losses, then the party initiating the
         termination shall compensate the other party for the losses except
         terminating in accordance with the condition of item 1 under clause 14. The
         scope of compensation is limited to direct losses only, and the maximum
         amount of compensation is as per the conditions setout in appendix 2 of this
         agreement. The Certification service provided by MOEA is completely free
         of charge, the scope of compensation for losses caused by its certification
         service is restricted to direct losses only, and the maximum amount of
         compensation is as per the conditions setout in appendix 2 of this
         agreement.

Clause 11. Intellectual Property Rights
              Both parties agree to comply with the terms under appendix 1 “2.9
         Intellectual property rights”, and if either party infringes on the intellectual

                                           4
          property right, the infringing party shall be liable for compensation.
             The intellectual property of private key and public key generated by the
          PCA belong to PCA, but after its public key has been issued in certificate
          format by MOEA, the intellectual property of the certificate belongs to
          MOEA, the PCA and trusted certificate users only have the usage right to
          public key certificates.

Clause 12. Validity
             This agreement is effective from the date of execution for a period of
         five years. Before this agreement expires, if neither party notifies the
         termination of this agreement in writing, then it is deemed as extended.

Clause 13. Changes
             Any addition or amendment to this agreement shall be made in writing
         after negotiation between both parties, and if either party does not agree, it
         shall notify the other party in writing within three months to terminate this
         agreement.
             MOEA can amend the content of appendix 1 to this agreement or
         supplement the requirements at any time. But it shall notify PCA in writing
         and publish it on MOEA website three months prior to the amendment
         comes into effect, and if PCA has not responded with any disagreement in
         writing within one month of receiving the written notification, then the
         amendment is deemed accepted.

Clause 14. Termination
             Unless otherwise required, if either party would like to terminate this
         agreement, the party shall notify the other party in writing three months
         prior to termination.
             Both parties shall complete the certificate revocation, issuing of CRL
         and publish them onto the database with ten days prior to the termination
             If either party breaches the conditions of this agreement and failed to
         rectify the situation after the other party has notified for rectification within
         certain time limit, then the party not breaching the terms of this agreement
         can terminate this agreement with three months written notice. If the
         termination of this agreement causes damage to the non-breaching party of
         this agreement or other PCA, then the breaching party shall be liable for
         compensation.

Clause 15. Dispute resolution.
             Any disputes arising out of this agreement shall be arbitrated according
         to the arbitration laws of the Republic of China by the ROC arbitration

                                            5
         association in Taipei City. For the parts not related to disputes or unaffected
         by it, both parties shall continue to perform their duties under the
         agreement.

Clause 16. Basic laws and Jurisdiction
             This agreement is based on the laws of the Republic of China.
             For any litigations arising out of this agreement, both parties agree to
         submit to the authority of the district court of Taipei, Taiwan as the first
         ruling court.

Clause 17. Notifications
             Notifications by and between the parties to this agreement shall be made
         in writing, and the method and entity of notification for the parties to this
         agreement is as follows:
             PCA:                      Address:
                                       Email Address:
             MOEA:Ministry of Economic Affairs Department of Commerce
             Address: No. 15 FuZhou Street, Taipei 100.
                                        Email Address:
             Where there is change to the notification unit and notification method
         above, the other party shall be notified in writing. Where either party
         neglected in notifying the other party of the changes in notification unit and
         notification method, causing notifications to be rejected or undeliverable,
         then notice is deemed served at the time of issuing notice.

Clause 18. Severability
              If any one clause of this agreement breaches any prohibitions required
         by law or become null and void due to other causes, then other clauses in
         this agreement are still valid.
Clause 19. This agreement is executed in duplicates with both parties holding a
           original each, and 8 copies of the agreement with each party holding 4
           copies.




                                          6
Parties to the agreement:

                     PCA:

                     Representative:

                     Address:




                     MOEA: Ministry of Economic Affairs


                     Representative:

                     Address:


                     Date:




                                   7
Appendix 2.

                      Maximum Compensation Amount

(1) The maximum amount MOEA shall be liable as follows:

      Cross Certificate Type   Maximum Compensation Amount (NTD)
           Test Level                        Nil
             Level 1                       100,000
             Level 2                       500,000
             Level 3                      2,500,000
             Level 4                      5,000,000

(2)    PCA shall be liable for the same maximum compensation amount as
       described in the table above.




                                     8