For the purposes of this Section L10, the “SMKI Recovery Procedure” shall be a SEC Subsidiary
Document of that name which sets out, in relation to any incident in which a Relevant Private Key is (or
is suspected of being) Compromised:
(a) the mechanism by which Parties and RDPs may notify the DCC and the DCC may notify Parties,
RDPs and the SMKI PMA that the Relevant Private Key has been (or is suspected of having been)
Compromised;
(b) procedures relating to the use of the Recovery Private Key and Contingency Private Key (including
the use of the Symmetric Key) where such use has been required in accordance with a decision of
the SMKI PMA;
(c) procedures relating to:
(i) the distribution of new Root OCA Certificates and Organisation Certificates to Devices; and
(ii) the coordination of the submission of Certificate Signing Requests by Eligible Subscribers
following the replacement of any OCA Certificate;
(d) steps to be taken by the DCC, the Parties (or any of them, whether individually or by Party
Category), RDPs, the SMKI PMA (or any SMKI PMA Members) and the Panel (or any Panel
Members), including in particular in respect of:
(i) notification of the Compromise (or suspected Compromise); and
(ii) the process for taking steps to avoid or mitigate the adverse effects of, or to recover from, the
(actual or suspected) Compromise, which steps may differ depending on the Relevant Private
Key that has been (or is suspected of having been) Compromised and the nature and extent of
the (actual or suspected) Compromise and the adverse effects arising from it; and
(e) arrangements to be made preparatory to and for the purpose of ensuring the effective operation of
the matters described in paragraphs (a) to (d), and the associated technical solutions employed by
the DCC, including for their periodic testing.