SP9.5 "Confidentiality, Secrecy CAcert is an open organisation and adopts a principle of open disclosure wherever possible. ... In concrete terms, confidentiality or secrecy may be maintained only under a defined method in policy, or under the oversight of the Arbitrator (which itself is under DRP). The exception itself must not be secret or confidential. All secrets and confidentials are reviewable under Arbitration, and may be reversed. All should strive to reduce or remove any such restriction." Principles: "x. Openness and Transparency We strive to open up as many of our processes as possible. ... " Principles: "x. Security ... Where we come into contact with security breaches, we disclose these." This criteria can be seen as conformance and/or policy. §C.2 should have a conformance criteria.