GUARDIAN SECUREAPP™ · PRICING
Fees & Pricing — Indicative Cost of Accredited Certification
Guardian SecureApp™ pricing is scope-driven — what you pay reflects the depth of evaluation your chosen Module + Level combination requires, calibrated to your product’s scope size. Indicative starting prices for single-Module, small-organisation engagements: USD 2,000 onwards at Level 1 (Basic), USD 4,000 onwards at Level 2 (Advanced), USD 7,000 onwards at Level 3 (High-Risk / Critical). The 3-year cycle that follows includes annual or semi-annual surveillance and ends with recertification typically priced at 60–80% of initial. This page is the consolidation reference; tailored pricing for your specific scope is quoted in writing during scoping conversation.
How Pricing Works
Scope-Driven, Indicative, and Decision-Independent
Three principles govern Guardian SecureApp™ pricing. Understanding them up front makes the rest of this page easier to read and the scoping conversation that produces your tailored quote more productive.
Pricing Is Scope-Driven
What you pay is determined by the scope of evaluation your engagement requires — which is itself determined by your chosen Module + Level combination, the size and complexity of the in-scope product surface, and any context-specific factors (combined-module engagements, multi-environment configurations, regulatory deltas). The figures published on this page are indicative starting prices for single-Module engagements at small organisations with single-environment, single-stack scope. They give you a planning baseline; they are not a published rate card. Engagements outside the baseline are quoted in writing during scoping.
Pricing Is Indicative
Every figure on this page is indicative. Tailored pricing for your specific engagement is provided in the Indicative Quote (no charge, no commitment, valid for 60 days) that follows the initial scoping conversation. The Indicative Quote becomes the binding fee structure on execution of the Certification Agreement. We do not surprise applicants with fees not discussed at scoping; we also do not present the website figures as committed rates that would apply regardless of scope. The scoping conversation is the moment fees are calibrated to your reality.
Pricing Is Decision-Independent
This is the most consequential principle. Per ISO/IEC 17065 Clause 4.2 — the impartiality requirement that governs all accredited certification bodies — fees are payable for the work performed, regardless of certification outcome. If your engagement reaches a Defer or Refuse decision, the engagement fee is still payable for the evaluation work conducted up to that point. Conversely, fees do not influence the certification decision in any direction — Guardian’s Decision Authority cannot grant a certificate because fees are paid promptly, and cannot withhold a certificate because fees are disputed. The work-fee relationship and the certification-decision relationship are structurally separate; this is what makes accredited certification fundamentally different from any commercial assessment where the assessor’s revenue depends on producing the outcome the buyer wanted. Section 3.9 of this page covers the impartiality boundary in more depth.
The boundary in practice: Concretely: an applicant who pays promptly and remediates findings well will move through their cycle smoothly because the engagement is well-managed — not because Guardian gives them favourable treatment. An applicant who disputes fees while the engagement is active does not have their certification decision affected by the dispute — the decision is made on evaluation evidence by an independent Decision Authority who is procedurally insulated from the commercial relationship. This is engineered structural integrity, not aspiration.
Initial Fees
Indicative Pricing for the First-Time Engagement
The table below shows indicative starting fees for initial certification — the first-time engagement that produces your inaugural certificate. Fees are quoted in USD; INR equivalents apply on Indian invoices with applicable GST. Specific scope-sensitive pricing is in your Indicative Quote.
| Module + Level | From (Single-Module) | Typical Mid-Range | Notes on Variation |
|---|---|---|---|
Any Module, Level 1 (Basic) | USD 2,000 onwards | USD 2,500 to USD 4,500 | Variation driven by scope size, environment count, and technology stack diversity. |
Module A, Level 2 (Advanced) | USD 4,000 onwards | USD 5,000 to USD 9,000 | Mid-range typical for medium-complexity web applications. |
Module B, Level 2 (Advanced) | USD 4,500 onwards | USD 6,000 to USD 11,000 | Slightly higher than A and C at Level 2 because multi-tenant isolation testing depth adds engagement effort. |
Module C, Level 2 (Advanced) | USD 4,000 onwards | USD 5,000 to USD 9,500 | Variation driven by API surface size, partner integration count, and GraphQL complexity. |
Any Module, Level 3 (High-Risk / Critical) | USD 7,000 onwards | USD 10,000 to USD 22,000 | Wide variation. Level 3 scope can span small focused engagements to substantial enterprise products. Adversarial testing depth, threat model construction effort, and re-evaluation regime drive variation. |
These figures are for single-Module engagements. Combined-module pricing is covered in Section 3.6 below. Multi-product portfolios are scoped specifically and may benefit from coordinated scoping efficiencies.
What Drives Variation Within Each Level
Within a given Level, the principal variation drivers are:
Product surface size
number of features, endpoints, environments, technology stacks. A small focused product certifies faster (and cheaper) than a large multi-product platform.
Authentication and authorisation complexity
single-role public app vs multi-role enterprise SaaS vs multi-tenant API with partner federation. Authorisation depth scales engagement effort substantially.
Integration count
products with extensive partner integrations or third-party API consumption (especially Module C engagements) require more evaluation effort than self-contained products.
Documentation maturity
applicants with current architecture diagrams, threat models and authentication summaries (per the Page 16 Section 3.2 checklist) typically track to lower fees within the range; applicants whose Stage 3 Documentation Review reveals substantial gaps may extend Stage 3 effort and pricing.
Specific Module B factors
tenant isolation testing depth, tenant onboarding flow complexity, customer-specific data residency configurations.
Specific Module C factors
API inventory size, GraphQL surface complexity, upstream API consumption (API10:2023 testing scope).
Surveillance Fees
Indicative Pricing for Cycle Maintenance
Surveillance fees are payable per audit, at the cadence appropriate to your Level. They cover the surveillance audit work itself — documentation refresh review, targeted technical re-verification, change-notification review, and the Surveillance Report. They do not cover targeted re-evaluations or mandatory re-evaluations triggered by notified product changes; those are billed separately as covered in Section 3.5.
Level 1
Basic
$600
/year*
Annual Total Indicative
Annual Cadence
1 audit / year
USD 600 onwards
Indicative fee per audit
Level 2
Advanced
$1,200
/year*
Annual Total Indicative
Annual Cadence
1 audit / year
USD 1,200 onwards
Indicative fee per audit
Level 3
High-Risk / Critical
$3,600
/year*
Annual Total Indicative
Semi-annual Cadence
2 audits / year
USD 1,800 onwards
Indicative fee per audit
Level 3 carries the highest aggregate annual surveillance investment, reflecting the more substantive ongoing maintenance required to sustain the Level 3 assurance signal. The fee structure is matched to the work — Level 3 audits are 8–12 business days each (vs 3–5 days at Level 1) and occur twice per year (vs once).
What Surveillance Fees Cover
Documentation refresh review and architecture confirmation
Targeted technical re-verification at risk-driven scope
Review of change notifications submitted during the surveillance period
Multi-role authenticated re-verification (Levels 2 and 3)
Adversarial control re-test on highest-priority controls (Level 3)
Mark usage check
Surveillance Report production and Decision Authority maintenance decision
One round of re-verification of any corrective actions arising from the surveillance
Combined Surveillance Bundling
Where you hold multiple Guardian SecureApp™ certificates with different issue dates, surveillance audits can be combined into a single visit by mutual agreement, reducing logistics overhead. Combined visits are priced as the sum of per-certificate surveillance fees minus a logistics-efficiency adjustment (typically 5–10% of the smaller surveillance fee). Combined surveillance does not affect the per-certificate surveillance scope or maintenance decision integrity — each certificate’s surveillance audit is conducted as a distinct procedural activity, with its own Surveillance Report, even when scheduled together.
Recertification Fees
Indicative Pricing for Cycle Renewal
Recertification at cycle end produces the next 3-year certificate. Recertification engagements run through the same five-stage structure as initial certification — Application, Application Review, Stage 1 Documentation Review, Stage 2 Technical Evaluation, and Decision — but typically complete more efficiently because Guardian’s evaluation team retains operational familiarity with the product. The pricing reflects this.
Equivalent scope, no material change
When this applies: Same Module + Level, similar product scope, no major architectural transition during the certification cycle.
60-70% of initial certification fees
Equivalent scope with substantive change
When this applies: Same Module + Level, but the product has substantially evolved during the cycle, for example new modules within scope, major architectural changes, or scope expansions.
70-85% of initial fees
Level upgrade at recertification
When this applies: Where the certified client elects to upgrade Level, for example L2 to L3, at recertification.
Priced as initial certification at the new Level.Not priced as a standard recertification.
Module addition at recertification
When this applies: Where additional Modules are added at recertification, for example adding Module C to an existing Module B certificate.
Existing Module recertification fee
+ new Module initial fee.
In practice, the most common recertification scenario is the first row — equivalent scope with no material change — and most certified clients pay 60–70% of their initial certification fees at first recertification. The operational familiarity discount narrows over multiple cycles (because the product has evolved further from the team’s most recent deep familiarity) but remains substantial through the typical product lifecycle.
Recertification is not automatic discounting: The recertification price reduction is operational — it reflects genuine evaluation efficiency from team familiarity. It is not loyalty discounting, and it is not a fee structure that varies based on commercial considerations. The same percentage range applies to all certified clients in equivalent recertification scenarios. Per ISO/IEC 17065 Cl. 4.2, fee structures cannot be designed in ways that pressure certification decisions, and our recertification pricing reflects that requirement.
Variable Fees
Other Fees You May Encounter
Beyond initial certification, surveillance and recertification, certain transactional fees may apply during the cycle depending on what happens. None of these are surprise fees — every one is documented in the Certification Agreement and quoted before commencement. They are listed here for budget-planning completeness.
| Activity | Indicative Fee | When This Applies |
|---|---|---|
Additional Re-Verification Round | USD 400-USD 1,500 per round | One round of re-verification is included in every engagement. Where the first remediation does not fully resolve a finding and a second corrective-action cycle is required, additional rounds are billed at the engagement’s pre-agreed rate. Levels 2 and 3 carry higher per-round fees due to deeper re-verification scope. |
Targeted Re-Evaluation (Level 2) | USD 800 onwards per re-evaluation | Where the Decision Authority assesses notified product changes during the cycle as warranting focused re-evaluation rather than next-surveillance assessment. Scope-specific; quoted before commencement. |
Mandatory Re-Evaluation (Level 3) | Quoted per release | Mandatory on major releases at Level 3, including releases affecting authentication, authorisation, encryption, data handling boundaries, or material new functionality. Scope and fee depend on the release’s effect on certified state. |
Risk Treatment Plan Review | USD 300-USD 800 per RTP | Where Risk Treatment Plans are submitted for Decision Authority review. Covers the independent review effort. Most engagements have no RTPs; this fee is exceptional. |
Scope Expansion Mid-Cycle | Priced as new engagement for the expansion scope | Where the certified client adds modules, products, or environments to the certified scope mid-cycle. Treated as a new engagement, not a fee adjustment to the existing one. |
Scope Reduction Mid-Cycle | USD 200 administrative | Where the certified client formally reduces certified scope, such as retiring features or removing modules. Public Scope Statement and Public Directory listing are updated. |
Reinstatement After Suspension | USD 500-USD 2,000 | Where a certificate is reinstated after suspension. Covers the focused reinstatement review effort. Fee scales with suspension grounds and review depth required. |
Expedite Fee | 10-20% of base engagement fee | Where genuinely exceptional regulatory or contractual urgency justifies acceleration of available compressible activities, including Stage 3 parallel review streams, prioritised Application Review, and faster kickoff scheduling. Net compression: 1-2 weeks. Not a standard offering. |
Voluntary Withdrawal | No additional fee | Voluntary withdrawal of certification at any cycle point carries no withdrawal fee. Outstanding fees for work performed up to the withdrawal date are payable per Certification Agreement. |
Locked disclosure: Fees do not influence certification decisions, surveillance maintenance decisions, recertification decisions, reinstatement decisions, or any other decisions Guardian’s Decision Authority takes (ISO/IEC 17065 Clause 4.2 — impartiality requirement). Fees are payable for work performed regardless of outcome.
Multi-Product Pricing
When You Are Certifying More Than One Module or Product
Combined-module engagements (multiple Modules certified together for a single product) and multi-product portfolios (separate engagements for separate products) both benefit from coordinated pricing. The structures are different and are described separately below.
Combined-Module Engagements
Where two or three Modules are certified together for a single product (e.g., Module B + C for a SaaS provider with both customer UI and partner API; Module A + C for a web application with public APIs), the combined engagement runs longer than single-Module timing and prices accordingly. The combined fee is typically 1.3–1.7× the longer single-Module fee — reflecting the additional surface to evaluate, not the additional Module’s full standalone cost.
| Combined Configuration | Indicative Multiplier | Example at Level 2 |
|---|---|---|
Module A + C | 1.3-1.5× longer single-Module fee | USD 5,200 to USD 8,000 onwards, where Module A or C single-Module starts at USD 4,000. |
Module B + C | 1.4-1.6× longer single-Module fee | USD 6,300 to USD 10,500 onwards, where Module B single-Module starts at USD 4,500. |
Module A + B + C | 1.5-1.7× longer single-Module fee | USD 6,750 to USD 12,250 onwards, where Module B single-Module starts at USD 4,500. |
These multipliers apply at the start of pricing — the total scope-driven fee is then calibrated to your specific product. Combined-module pricing is always quoted in writing during scoping; do not extrapolate from the website figures alone.
Multi-Product Portfolios
Where multiple distinct products are certified (one product per Certification Agreement; each engagement runs separately), Guardian offers coordinated scoping efficiencies but does not offer cross-product fee discounting. The reasoning: cross-product discounting could create commercial pressure on certification decisions in ways inconsistent with ISO/IEC 17065 Clause 4.2. What is offered:
- Coordinated scoping conversations — bringing all products into a single scoping discussion where appropriate, producing a multi-product engagement plan rather than separate disconnected engagements
- Coordinated kickoff and surveillance scheduling — minimising logistics overhead through combined visits where products are operated by the same engineering team
- Combined surveillance bundling per Section 3.3 — surveillance audits across multiple certificates can be combined into a single visit with logistics-efficiency adjustment
Multi-product portfolio enquiries should be flagged at /quote so we can structure the coordinated scoping conversation.
Scope
Drawing the Line on Scope
To avoid surprise expense after engagement starts, this section names what is included in Guardian’s fees and what falls outside them. The boundary is clear and consistent across engagements.
What Is Included in Guardian SecureApp™ Fees
- All scoping conversation effort prior to Indicative Quote (no charge)
- Application Form GSA-F-01 review and Application Review per ISO/IEC 17065 Cl. 7.3 (no charge)
- Engagement kickoff meeting and ongoing engagement management
- Stage 3 Documentation Review with refined Stage 4 Evaluation Plan
- Stage 4 Technical Evaluation activities at Level-appropriate depth (DAST, manual testing, multi-role authenticated testing where applicable, source code review where applicable, business-logic and abuse-case testing, configuration review)
- Findings reporting throughout Stage 4 with severity classification
- One round of re-verification of corrective actions per finding
- Evaluation Report at end of Stage 4
- Stage 5 Decision Authority review and certification decision per Cl. 7.6
- Certificate, Public Scope Statement, Public Directory listing, Mark Usage License (on Grant)
- Surveillance audits at Level-appropriate cadence (covered by surveillance fees)
- Decision Authority assessment of notified product changes during cycle
- Certificate maintenance, suspension, withdrawal procedures and Public Directory updates
- Complaints and Appeals procedure access (no fee for raising complaints or appeals)
What Is NOT Included
- Applicant-side remediation effort — engineering time spent addressing findings is the applicant’s responsibility, not Guardian’s
- Third-party tooling licenses — if your engagement requires Guardian to use specific applicant-licensed tools (rare), license costs remain with the applicant. Guardian uses our own tooling stack for all standard evaluation activities
- Applicant-side travel — Guardian’s evaluators do not require applicant travel for any standard engagement; engagements are conducted remotely with on-site activities only where specifically scoped (rare and quoted separately)
- Guardian travel for on-site activities — where on-site engagement is specifically scoped (typically only at Level 3 for products with infrastructure not amenable to remote evaluation), travel and accommodation costs are reimbursable per the Certification Agreement; reasonable advance notice and applicant approval applies
- Independent consulting on remediation — Guardian does not provide remediation guidance (Cl. 4.2 impartiality boundary). Where applicants need remediation guidance, that is appropriately engaged with independent consultants and is not a Guardian fee
- Pre-certification VAPT engagements — Guardian’s standalone VAPT service (described at /services/vapt) is priced and scoped separately from certification engagements
- Internal applicant-side activities — board approvals, internal documentation production, internal stakeholder communication, internal training on findings — these are applicant-side responsibilities
- External tooling and infrastructure costs — applicants who need to provision additional environments, test data, integration partners specifically for evaluation activities — these costs remain applicant-side
Payment, Currency, Taxes
Practical Commercial Terms
Guardian’s standard commercial terms are summarised below. Specific terms are confirmed in the Certification Agreement at engagement start and in invoicing thereafter.
Currency
Indicative pricing on this website is in USD. Invoicing currency is calibrated to the applicant’s jurisdiction: USD invoices for international clients; INR invoices for Indian clients (with the USD equivalent referenced). The Certification Agreement specifies the invoicing currency.
Taxes
Indian invoices include applicable GST (currently 18% on services) where the applicant is registered in India. International invoices are issued without GST; applicants are responsible for any local taxes (VAT, withholding tax) applicable in their jurisdictions per their tax obligations. Withholding tax certificates are accepted where applicable to international invoicing.
Payment Milestones
Engagement fees are typically structured as a deposit at engagement start (20–30%), milestones during the engagement (typically 30–40% on Stage 3 completion), and final payment on certification decision (the balance). Surveillance and recertification fees are typically structured as a single payment at audit/engagement start. Exact payment terms are in the Certification Agreement.
Payment Methods
Bank transfer is the standard payment method (NEFT/RTGS for INR; SWIFT for USD). Other payment methods may be supported by mutual agreement; cards and online payments are not standard for accredited certification fee structures.
Payment Terms
Standard invoicing is net 30 days from invoice date. Late payment beyond cure periods defined in the Certification Agreement may be grounds for suspension per Section 3.5 of /process/surveillance. Payment delays do not affect the certification decision (Cl. 4.2 impartiality boundary) — Guardian’s recourse to non-payment is suspension and ultimately withdrawal procedures, not fee-driven decision pressure.
The Impartiality Boundary
Why Pricing Cannot Be a Lever
This page has stated the impartiality boundary three times because it is the most consequential structural feature of accredited certification pricing. ISO/IEC 17065 Clause 4.2 — the impartiality requirement — explicitly addresses fee handling. The clause requires that fee structures must not influence certification decisions; this means several specific things in operational practice.
Decision-Independent Outcome
Guardian’s Certification Decision Authority cannot be influenced by fee considerations. The Authority does not see fee status during decision review; the Authority’s procedural insulation from the commercial relationship is an audited part of our 17065-accredited operation, verified by UAF during annual surveillance and witness audits. Decisions are taken on evaluation evidence — full stop.
Standardised Pricing Structure
Pricing is standardised across applicants for equivalent scope at equivalent Level. We do not offer discounting for repeat business beyond the operational-familiarity recertification pricing covered in Section 3.4 (which is itself work-driven, not commercial). We do not offer favourable pricing in exchange for case studies, references, or marketing rights. Consistent pricing across applicants is itself an impartiality safeguard.
Fee-for-Work, Not Fee-for-Outcome
All fees are payable for work performed regardless of outcome. Engagement fees are payable for the evaluation work conducted, whether the decision is Grant, Defer or Refuse. Surveillance fees are payable for the surveillance audit work, whether the maintenance decision is Maintain, Conditional Maintain, or Suspend. There is no refund mechanism for unfavourable outcomes; there is no premium for favourable outcomes. Fees compensate Guardian’s evaluator capacity and procedural infrastructure; outcomes are determined separately by evaluation evidence.
Transparent Disclosure
This page exists in the form it does — explicit pricing reference, explicit impartiality disclosure, explicit fee-for-work statement — because transparency is itself part of the procedural integrity that 17065-accredited certification provides. We do not hide pricing behind opaque quote-only models; we do not market discounting that would create commercial pressure on decisions. Mature applicants and their procurement teams recognise this transparency as a feature of accredited certification, not a marketing weakness.
Closing thought on the boundary: The impartiality boundary is what distinguishes accredited certification from any commercial assessment relationship where the assessor’s revenue depends on producing the outcome the buyer wanted. Guardian’s revenue depends on diligently conducted evaluation work — not on certificates issued. The certificates we issue carry procurement-grade weight precisely because the structure prevents fee-driven decision pressure. Procurement teams reading our certificates know this; mature applicants know this; the structure is engineered, audited, and deliberately maintained.
Frequently Asked Questions
Common Questions, Answered
Indicative starting prices for single-Module engagements at small organisations: USD 2,000 onwards at Level 1, USD 4,000 onwards at Level 2 (USD 4,500 onwards for Module B), USD 7,000 onwards at Level 3. Tailored pricing for your specific scope is provided in the Indicative Quote (no charge, no commitment, valid for 60 days) following scoping conversation. The Indicative Quote becomes the binding fee structure on Certification Agreement execution.
Surveillance fees: USD 600 onwards per year at Level 1 (annual cadence), USD 1,200 onwards per year at Level 2 (annual cadence), USD 1,800 onwards per audit at Level 3 (semi-annual cadence — annual total USD 3,600 onwards). Recertification at cycle end is typically 60–80% of initial certification fees for equivalent scope, reflecting Guardian’s operational familiarity discount.
Pricing is scope-driven and is calibrated during scoping conversation to your specific engagement. We do not offer discretionary discounting beyond operational efficiency adjustments — combined surveillance bundling, multi-product coordinated scoping, recertification operational-familiarity discounts. The reasoning: discretionary commercial discounting could create pressure on certification decisions inconsistent with ISO/IEC 17065 Cl. 4.2 (impartiality requirement). Pricing transparency and consistency are themselves impartiality safeguards.
Yes. Engagement fees are payable for work performed regardless of certification outcome (per ISO/IEC 17065 Cl. 4.2). If your engagement reaches a Defer or Refuse decision, the engagement fee is still payable for the evaluation work conducted. Conversely, fees do not influence decisions in any direction — Guardian’s Decision Authority cannot grant a certificate because fees are paid promptly, and cannot withhold a certificate because fees are disputed. The fee-for-work and decision-on-evidence relationships are structurally separate.
Yes for Indian clients. Indicative pricing on this website is in USD; invoicing currency is calibrated to applicant jurisdiction (USD for international clients, INR for Indian clients with USD equivalent referenced). The Certification Agreement specifies the invoicing currency. Indian invoices include applicable GST (currently 18% on services).
Level 1 (Basic), single-Module, small-organisation, single-environment, single-stack — starting from USD 2,000 onwards for the engagement plus USD 600 onwards/year surveillance plus 60–70% of initial at recertification. 3-year cycle total indicative around USD 4,000–USD 6,000 minimum. Level 1 produces a genuine accredited certificate — but at narrower assurance signal than Level 2 or 3. Choose Level by procurement driver, not by minimum cost.
Level 3 (High-Risk / Critical), Module A + B + C combined, large enterprise scope, multi-environment, with mandatory re-evaluations on each major release. Initial engagement could exceed USD 30,000 onwards; annual surveillance at Level 3 USD 3,600+ onwards; mandatory re-evaluations during cycle additional. 3-year cycle total at the upper end could approach or exceed USD 60,000–USD 80,000. This level of investment reflects Level 3’s procurement-grade adversarial assurance — appropriate for products in regulated, high-stakes contexts where the certificate carries substantial commercial weight.
Surveillance fees are charged per audit, not pro-rated. The first surveillance audit occurs at the appropriate cadence anniversary (annual or semi-annual depending on Level); subsequent audits track the same cadence. There is no mid-year pro-ration; if you certify in March, your first annual surveillance is the following March (or six months later for Level 3 semi-annual).
Voluntary withdrawal carries no withdrawal fee. Outstanding fees for work performed up to the withdrawal date are payable per the Certification Agreement. Already-paid fees for work performed are non-refundable; deposits or milestone payments for work not yet conducted at withdrawal date are refunded per the Agreement’s specific provisions. Withdrawal during active surveillance: surveillance fee for the in-progress audit is payable; future surveillance audits are not.
No fee discounting for multi-product scenarios — discretionary cross-product discounting could create pressure on certification decisions inconsistent with Cl. 4.2. What’s offered is operational efficiency: coordinated scoping, combined kickoff scheduling, combined surveillance bundling (per Section 3.3 — typically 5–10% logistics-efficiency adjustment on the smaller surveillance fee). Per-engagement pricing remains standardised.
Limited expedite options are available where genuinely exceptional regulatory or contractual urgency justifies acceleration. Compressible activities: Application Review prioritisation, faster engagement kickoff scheduling, parallel reviewer streams in Stage 3. Net compression: 1–2 weeks off typical end-to-end at Levels 1 and 2; less at Level 3. Expedite fee: 10–20% of base engagement fee. Stage 4 technical evaluation is not generally compressible — testing depth is what makes the certificate procurement-grade.
Tax deductibility depends on your jurisdiction’s tax rules and your specific situation. In most jurisdictions, accredited certification fees are deductible business expenses; specific treatment is for your tax advisor to confirm. Guardian provides standard invoicing with appropriate tax documentation; we do not provide tax advice.
The Mark Usage License is included with the certification fee — there is no separate fee for mark usage during the certificate’s validity period. Misuse of the mark (display in misleading contexts, on uncertified products, with broader-scope claims than the certificate covers) can result in suspension or withdrawal of certification. The Use of Mark Policy at /marks-policy details authorised use.
Engagement fees are payable for work performed, not for outcomes. Dissatisfaction with the certification decision (where evaluation evidence does not support certification) is not grounds for refund — that would create exactly the fee-driven pressure on decisions that Cl. 4.2 prohibits. Where you have concerns about how Guardian conducted the engagement (procedural concerns, evaluator conduct, communication issues), the Complaints and Appeals procedure at /complaints-appeals provides the structured recourse — which is independent of fees and which can produce corrective actions where warranted.
Non-accredited security assessments (private penetration tests, internal security reviews) are typically priced lower than accredited certification — but they produce different evidence. Private assessments are point-in-time, not publicly verifiable, not subject to ongoing surveillance, not anchored in independent decision-making. Accredited certification carries higher fees because the procedural infrastructure is more substantial — the independent decision authority, the public directory, the surveillance regime, the complaints procedure, the accreditation oversight by UAF. The difference in fees reflects the difference in evidence quality.
Through the scoping conversation. Initial Enquiry to Indicative Quote typically runs 3–5 business days, and the Indicative Quote includes scope-specific pricing for your engagement — factoring in your Module + Level configuration, scope size, environment count, technology stack diversity, and any context-specific factors. The scoping conversation is no-charge and no-commitment. Initiate at /quote.
Ready to Get Started?
Apply for Certification
Submit a formal application. Initial response within 5 working days.
Apply NowRequest a Quote
Tell us about your product. Indicative quote within 3 to 5 working days.
Get a QuoteTalk to Our Team
Specific question or regulatory driver to discuss?
Contact Us