GUARDIAN ASSESSMENT · TRUST & COMPLIANCE
Public Directory — Search and Verify Guardian SecureApp™ Certified Products
This Public Directory documents and renders Guardian’s authoritative public record of certified products. It is the operational implementation of ISO/IEC 17065:2012 Clause 7.8 (Status of Certification) and Clause 4.6 (Publicly Available Information), against which we are accredited by UAF (accreditation 52605385601, valid until 05 May 2030). The Directory is the single authoritative verification source for any Guardian SecureApp™ certificate — every certified product is listed with its certificate number, certified scope (Module + Level), validity dates, current status, and issuing Guardian entity. Search functionality supports verification by certificate number, certified party, or product. Status changes propagate to the Directory promptly per the timing commitments documented below. The Directory is publicly accessible, free of charge, and free of registration requirement.
Statement of Commitment
Guardian’s Commitment to Public Verification
Guardian Assessment Private Limited (India) and Guardian Assessment UK Ltd, together constituting the Guardian Assessment certification body, operate this Public Directory as the authoritative public record of certified products under the Guardian SecureApp™ certification scheme. The Directory is the operational implementation of ISO/IEC 17065:2012 Clause 7.8 (Status of Certification) and Clause 4.6 (Publicly Available Information), audited annually by UAF during accreditation surveillance and forming the verification authority that the Use of Certification Mark Policy (/marks-policy) depends on for mark-legitimacy verification.
Public-information disclosure of certification status is structural to accredited certification — it is what makes certification publicly verifiable rather than a private claim between Guardian and its certified clients. Procurement teams, regulators, end-users, auditors, and other third parties relying on Guardian SecureApp™ certificates as supplier-security evidence verify those certificates through this Directory. The Directory is publicly accessible, free of charge, free of registration requirement, and continuously updated to reflect current certification status. These access characteristics are not Guardian commercial choices — they are accreditation-required attributes of public-information disclosure under Cl. 4.6.
Scope of This Directory
The Directory contains:
- All currently Active Guardian SecureApp™ certificates — certificates that have been granted by the Decision Authority and have not been suspended, withdrawn, or expired
- All Conditionally Maintained certificates — certificates that are currently maintained subject to specific conditions imposed at the most recent surveillance audit
- All currently Suspended certificates — certificates whose status is temporarily suspended pending corrective action
- All Withdrawn certificates — certificates that have been permanently terminated by Decision Authority decision (historical entries remain visible)
- All Expired certificates — certificates whose validity period has ended without recertification (historical entries remain visible)
Explicitly out of scope: VAPT engagements. The standalone Guardian VAPT service does not produce certification and therefore does not appear in this Directory. Where a product is the subject of a Guardian VAPT engagement, the engagement itself is private to the client per /services/vapt and is not publicly listed. Display of Guardian marks in connection with VAPT engagements (rather than certification) is mark misuse per /marks-policy Section 3.8.
Underlying Standards
This Directory implements:
- ISO/IEC 17065:2012 Clause 7.8 (Status of Certification) — the principal standard provision requiring publicly available certification-status information
- ISO/IEC 17065:2012 Clause 4.6 (Publicly Available Information) — the principal standard provision requiring public accessibility of certain certification body information
- ISO/IEC 17065:2012 Clause 7.7 (Use of Licences, Certificates, and Marks of Conformity) — the standard provision linking mark display to public-information verification
The Directory is the public-information mechanism that makes the entire Guardian SecureApp™ certification framework procurement-grade verifiable. Without it, certificates would be private documents whose authenticity could not be independently confirmed; with it, every Guardian-issued certificate is publicly accountable to operational reality.
Directory Entries
What Each Directory Entry Shows
Each Directory listing presents the same set of structured data fields, ensuring verifiers can consistently confirm certificate substance across the entire Directory. The fields are designed to provide complete verification context without disclosing confidential engagement information — they show what is publicly verifiable, not the substance of the underlying evaluation.
| Field | What It Shows and How to Use It |
|---|---|
Certificate Number | The unique identifier for the certificate. The first verification check for any mark display — the certificate number visible with the mark must match a Directory entry. Numbers are sequential within each issuing entity and are not reused after withdrawal or expiry. |
Certified Party | The legal entity name of the certified client — the party that holds the certificate and is authorised to display the mark. Where the certified party operates under a trading name or brand different from the legal entity, both are typically shown. |
Certified Product | The product (or products) covered by the certificate, including version coverage where applicable. Version coverage may be a specific version, a version range, or ‘current production version’ for products on continuous-release cadences with documented change-management procedures. |
Module | The Module(s) covered: Module A (Web Application Security), Module B (SaaS / Multi-Tenant Platform Security), Module C (API / Microservices Security), or combinations for multi-Module engagements (e.g., ‘A + B’ or ‘A + B + C’). |
Level | The Level of assurance achieved: Level 1 (Basic), Level 2 (Advanced), or Level 3 (High-Risk / Critical). Where different Modules are certified at different Levels in a multi-Module engagement, each Module + Level combination is shown. |
Validity Period | The issue date and expiry date of the certificate. The validity period is typically three years from initial Grant for new certificates and three years from recertification Grant for recertified certificates. |
Current Status | One of five status types — Active, Conditionally Maintained, Suspended, Withdrawn, or Expired — as documented in Section 3.3 below. Status is colour-coded in the Directory display for quick visual scanning. |
Issuing Guardian Entity | Either Guardian Assessment Private Limited (India) or Guardian Assessment UK Ltd, depending on the entity that contracted the engagement. Both entities issue certificates under the single UAF accreditation 52605385601. |
Accreditation Reference | UAF accreditation 52605385601, valid 06 May 2026 to 05 May 2030 — the accreditation under which the certificate is issued. The accreditation reference is the structural condition for the certificate’s procurement-grade weight. |
Information explicitly NOT shown in Directory listings — and therefore not publicly accessible through this mechanism — includes individual evaluation findings, source code or technical implementation details, Risk Treatment Plan contents, evaluator identities, Decision Authority deliberations, fee information, and other engagement-specific substance covered by /confidentiality. The Directory shows what is required to be publicly verifiable; substantive engagement detail remains confidential.
The detail view for each listing (accessible by clicking a Directory row or tapping a card on mobile) shows the full listing data plus historical state changes for the certificate — for example, a certificate that is currently Active but has previously been Conditionally Maintained shows the prior Conditional Maintain period in its history. The historical view supports audit-trail verification by procurement teams and regulators verifying compliance posture over time.
Certificate Status
Five Status Types and What Each Communicates
Every Directory listing carries a current status from a defined set of five status types. Status accurately communicates the certificate’s current standing; status changes propagate to the Directory per the timing commitments documented in Section 3.5 below. Verifiers should not infer status meanings beyond what is documented here — status semantics are operationally meaningful and procurement decisions are reasonably made on the basis of the documented meanings.
| Status | What It Means | Implications for Verifiers |
|---|---|---|
Active | The certificate has been granted by the Decision Authority and is currently valid. The certified product is in compliance with all certification conditions; surveillance audits to date have confirmed continuing compliance. | Standard procurement-grade evidence. The Guardian SecureApp™ mark may be legitimately displayed by the certified client with the scope identifiers visible in the Directory listing. |
Conditionally Maintained | The certificate remains valid but is subject to specific conditions imposed at the most recent surveillance audit. The certified party must satisfy the conditions within a defined timeline to retain Active status; failure to satisfy conditions can result in Suspension. | The certificate is valid but stakeholders should treat the Conditional status as a procurement-relevant signal. Verifiers conducting due diligence may want to inquire about the substance of conditions and progress toward closure. The Detail view for the certificate may indicate the general nature of conditions where Guardian has appropriate consent for that disclosure. |
Suspended | The certificate’s validity is temporarily suspended pending corrective action. The certified party has been notified of specific non-compliance and required corrective action; the certificate may be reinstated to Active upon satisfactory corrective action or may transition to Withdrawal if corrective action is not achieved. | During Suspension, the Guardian SecureApp™ mark may not be displayed (per /marks-policy Section 3.7); Suspension is reflected in the Directory promptly. Stakeholders relying on a Suspended certificate for procurement decisions should understand that the certified status is paused, not active. |
Withdrawn | The certificate has been permanently terminated by Decision Authority decision. Withdrawal may result from unresolved Suspension, fundamental and uncorrectable non-compliance, certified-party request, or Decision Authority determination that withdrawal is appropriate. | Withdrawn certificates remain visible historically. Display of the Guardian SecureApp™ mark in connection with a Withdrawn certificate (other than in clearly-historical framing) is mark misuse per /marks-policy. Mark removal from current materials is required within 30 calendar days of withdrawal. |
Expired | The certificate’s validity period has ended without recertification. Expiry is non-discretionary — the validity date is fixed at issuance and the status transitions automatically on the validity-end date. The certified party may have chosen not to recertify, or recertification was not completed in time. | Expired certificates remain visible historically. Display of the Guardian SecureApp™ mark in connection with an Expired certificate (other than in clearly-historical framing such as ‘Guardian SecureApp™ certified, 2024-2027’) is mark misuse. Where Expiry is followed by recertification with Grant, a new certificate with new number and new validity period appears. |
The status types are not editorial labels — they are operationally distinct certification postures, each with specific implications for what the certified client may publicly claim and what verifiers may reasonably infer. The semantic precision is part of how accredited certification provides procurement-grade attestation.
Search & Verification
How to Find a Specific Certificate
Verification through the Directory should be fast and unambiguous. The search and filter functionality is designed to accommodate the different verification scenarios stakeholders encounter — verifying a specific certificate where the certificate number is known, finding all certificates held by a specific party, browsing certificates within a Module or Level for comparative awareness, and exporting filtered views for procurement workflows.
Primary Search
The primary search field accepts:
- Certificate number — the most precise search; exact match returns the specific certificate
- Certified party legal entity name — partial-match search; returns all certificates held by parties matching the search term
- Certified product name — partial-match search; returns all certificates for products matching the search term
- Trading name or brand — where certified parties operate under trading names different from the legal entity, search by trading name returns the same results as the legal entity match
Search submits on Enter or after a brief typing pause (debounced 300 milliseconds). Results display immediately below the search field; no separate results page is required for typical searches.
Filters
Filter controls allow narrowing the Directory view by:
- Module — A, B, C, or specific multi-Module combinations
- Level — 1 (Basic), 2 (Advanced), or 3 (High-Risk / Critical)
- Status — Active, Conditionally Maintained, Suspended, Withdrawn, Expired, or All (default view shows Active only)
- Issuing Entity — Guardian Assessment Private Limited, Guardian Assessment UK Ltd, or Either
- Date range — validity period start and end dates
Filters can be combined to support specific verification needs. For example: ‘All Level 3 Module B certificates with Active status issued by Guardian Assessment UK Ltd’ is a reasonable query for a UK-domiciled procurement team verifying high-assurance multi-tenant platform certifications under UK-entity contracting.
Direct Certificate URL
Each certificate has a stable, shareable URL that resolves to the certificate’s detail view: https://guardiansecureapp.com/directory/[certificate-number]. The direct URL supports:
- Sharing certificate references in procurement communications, RFP responses, audit documentation, and other contexts where third parties need to verify the certificate
- Bookmarking specific certificates for ongoing verification during the certification cycle
- Linking from certified-client materials directly to authoritative verification — though linking to the Directory entry is not a substitute for the certified client maintaining their own Mark Usage compliance per /marks-policy
Export Functionality
Filtered Directory views can be exported as CSV for offline review. The export contains the same structured data fields visible in the on-page Directory listing, with one row per certificate. Exports include a timestamp and a snapshot reference allowing later verification that the exported view represented the Directory state at a specific point in time. Export is free, requires no registration, and is rate-limited only to prevent automated bulk-scraping that would burden the Directory infrastructure.
Verification authority: The Directory is the AUTHORITATIVE verification source for Guardian SecureApp™ certificates. Where displayed mark information conflicts with the Directory entry — for example, where a certified client’s marketing material shows a Level designation that does not match the Directory record — the Directory is the correct authority and the displayed information requires correction. Verifiers encountering such conflicts may report them via /complaints-appeals; certified clients identifying inconsistencies in their own materials should correct the materials and confirm Directory accuracy through Guardian’s standard contact channels.
Status Updates
How Quickly the Directory Reflects Status Changes
ISO/IEC 17065 Clause 7.8 requires certification status to be publicly available — which operationally means that status changes must propagate to the Directory promptly enough that the public-information mechanism is meaningful. Status changes that take weeks to appear in the Directory would undermine the verification authority the Directory provides; status changes that appear immediately on Decision Authority decision support real-time verification. Guardian’s propagation timing commitments below balance operational practicality with the public-information obligation.
| Status Change | Propagation Timing | Mechanism |
|---|---|---|
New Active certificate (Grant) | Same business day as Decision Authority Grant, or no later than the next business day | Decision Authority decision triggers Directory update workflow; certificate is published on certificate-issuance confirmation |
Conditional Maintain (from Active) | Within 5 business days of Decision Authority decision on the surveillance outcome | Surveillance Decision Authority output triggers Directory update; certified client is notified before public Directory update |
Suspension (from Active or Conditional Maintain) | Within 5 business days of Decision Authority decision on suspension | Suspension Decision Authority output triggers Directory update; the relevant entity’s leadership signs off before public update |
Reinstatement to Active (from Suspended) | Within 5 business days of Decision Authority reinstatement decision | Reinstatement Decision Authority output triggers Directory update; certificate returns to Active with original certificate number and validity period (suspension does not extend validity) |
Withdrawal | Within 5 business days of Decision Authority decision on withdrawal | Withdrawal Decision Authority output triggers Directory update; certified client is notified before public update; historical visibility maintained per Section 3.6 |
Expiry | On the validity-end date itself (automatic), no business-day delay | Expiry is non-discretionary and triggers automatic Directory transition; no Decision Authority decision is required because validity-end is fixed at issuance |
Recertification (new Active from Expiry or pre-Expiry) | Same as new Active certificate (same or next business day) | Recertification Grant produces a new certificate (new number, new validity); the expired certificate transitions to historical Expiry status separately |
Where Timing Is Missed
Where Guardian fails to meet a propagation timing commitment without prior public notification of an exceptional delay, the affected stakeholder (typically a verifier discovering inconsistency between expected and actual Directory state) may:
- Submit a Complaint via /complaints-appeals — the propagation discipline is itself an accreditation-compliance matter and is investigated under the standard procedure
- Contact Guardian directly via /contact — for urgent verification needs where the Directory state may be temporarily out-of-date, direct contact resolves the verification within the same engagement-day timeframe
- Escalate to UAF at uafaccreditation.org — propagation failures affect Guardian’s Cl. 7.8 compliance and are within UAF’s accreditation oversight
Propagation timing is itself reviewed during UAF accreditation surveillance; pattern delays would be a substantive surveillance finding.
Historical Visibility
How Withdrawn and Expired Certificates Remain Visible
The Directory preserves historical entries — Withdrawn and Expired certificates remain searchable and accessible after the active validity period ends. Historical visibility supports several substantive purposes that are themselves part of the procurement-grade trust framework. Verifiers reviewing past procurement decisions, auditors reviewing historical compliance posture, regulators verifying that historical claims were accurate at the time made — all benefit from continuous historical Directory access.
Retention Period for Historical Entries
Default retention: historical entries for Withdrawn certificates remain visible for a minimum of seven years from the date of withdrawal; historical entries for Expired certificates remain visible for a minimum of seven years from the date of expiry. The seven-year baseline aligns with general audit and records-retention conventions and supports verification by stakeholders whose own retention obligations may extend to this duration. Specific entries may be retained longer where their continued visibility supports legitimate stakeholder verification needs.
Status Labelling for Historical Entries
Historical entries retain their final status — Withdrawn or Expired — and display that status prominently. The status label is colour-coded for visual differentiation from currently Active certificates. Detail views for historical entries include:
- The original validity period of the certificate
- The status-change date (withdrawal or expiry date)
- The reason for status change at categorical level — e.g., ‘Withdrawn by Decision Authority’ or ‘Expired without recertification’ — without disclosing engagement-specific substance
- Where applicable, reference to a successor certificate (e.g., where the certified client successfully recertified after expiry, the new certificate is linked from the historical entry for context)
Use of Historical Entries in Mark Verification
Historical entries support verification of historical mark claims. If a certified client’s marketing material references certification ‘from 2024 to 2027’ (a historical claim accurately framed), the historical Directory entry confirms the claim. Display of the Guardian SecureApp™ mark in current materials suggesting current certification — where the certificate is in fact Withdrawn or Expired per the Directory — is mark misuse per /marks-policy, and the historical Directory entry is the authoritative basis for confirming the misuse.
Anonymisation and De-listing
In rare cases, Guardian may anonymise or de-list specific historical entries on legitimate request — for example, where a certified party has dissolved as a legal entity and continued name display would not serve any verification purpose, or where applicable law requires de-listing. Anonymisation and de-listing are exceptional and are documented with the specific justification; the Directory’s default position is continuous historical visibility. Decision-Authority assessment of anonymisation or de-listing requests considers verification utility against any legitimate basis for non-publication.
Mark Verification
The Directory Is the Authority for Mark Legitimacy
The Use of Certification Mark Policy (/marks-policy) establishes that the Public Directory is the authoritative verification source for Guardian SecureApp™ mark legitimacy claims. This Section documents how that verification operates in practice — the specific verification checks that the Marks Policy depends on this Directory to support.
Verification Checks Supported by the Directory
Procurement teams, regulators, end-users, and other verifiers encountering a displayed Guardian SecureApp™ mark perform the following verification checks through the Directory:
- Certificate number match — the certificate number displayed with the mark must match a Directory entry. If no matching entry exists, the displayed mark is not legitimate.
- Certified party match — the certified party identity in the Directory entry must match the party displaying the mark. If a different party is displaying the mark, the display is misuse.
- Certified product match — the product on which the mark is displayed must match the certified product in the Directory entry. Display on a different product, including a related product in the same product family that is not separately certified, is misuse.
- Scope identifier match — the Module designation and Level designation displayed with the mark must match the Directory entry. Display of a higher Level than actually certified, or display of Module coverage broader than actually certified, is scope-creep misuse.
- Status check — the current status of the certificate in the Directory must be Active (or, with appropriate context, Conditionally Maintained). Display in connection with a Suspended, Withdrawn, or Expired certificate is misuse.
- Validity check — the validity period in the Directory must be current at the time of mark display. Display after the validity end date, where the certificate has not been recertified, is misuse.
These checks are the operational test for mark legitimacy. The Directory exists in substantial part to make these checks possible — without it, none of the mark display claims would be independently verifiable, and the mark would carry only as much trust as the displaying party’s reputation could provide. The Directory replaces party-reputation trust with procedural-attestation trust.
Verification UI Enhancements
The Directory page includes UI conveniences supporting common verification workflows:
- Direct certificate-number search field with prominent placement on the Directory landing area
- Quick visual status indicators (colour-coded badges) allowing scan-verification at speed
- Detail-view ‘verification summary’ that produces a one-page printable confirmation suitable for audit-document inclusion — a PDF-generated summary of the Directory entry at a point in time
- Shareable verification URLs that resolve to the specific certificate’s detail view
Machine-Readable Access
Programmatic Verification for Automated Workflows
Manual verification through the web interface is the principal access mechanism for the Directory, supporting the most common verification workflows. Increasingly, however, procurement teams and audit functions operate verification through automated workflows — supplier-risk-management platforms, vendor-due-diligence integrations, continuous compliance monitoring tools. Guardian’s framework anticipates this evolution and documents the principled approach to machine-readable Directory access.
Current Machine-Readable Support
Two mechanisms currently support machine-readable access:
- Structured data markup — the Directory listing pages embed JSON-LD structured data (Dataset and ItemList @types) supporting machine discovery and indexing. Search engines, structured-data aggregators, and other automated agents can extract Directory listings without screen-scraping HTML.
- CSV export — manual or automated CSV export from filtered Directory views supports ingestion into spreadsheet-based or database-based verification workflows. Export rate limits prevent abuse but are generous enough to support legitimate periodic ingestion.
Planned API Access
Guardian’s roadmap includes a public API for the Directory, anticipated to provide:
- Certificate-number lookup — single-certificate verification through API call returning the structured Directory data for the specified certificate
- Filtered listing queries — programmatic equivalents of the on-page filter functionality, supporting integration with supplier-management platforms
- Webhook notifications — status-change notifications subscribable by certified clients and authorised third parties for real-time monitoring of specific certificates
- Bulk verification — single-call verification of multiple certificates supporting RFP-evaluation and audit workflows
API access principles, when implemented, will include: free access for verification queries, registration for usage attribution and rate limiting (registration is not gating — anyone can register), no commercial restrictions on legitimate verification use, and clear documentation supporting third-party-developer integration. API access does not replace the on-page interface; it complements it for automated workflows. The on-page interface remains the most accessible verification route for occasional or unautomated verification needs.
Forward-looking framework note: The Machine-Readable Access section is forward-looking — it documents the principled approach to API and machine-readable access without committing to specific API specifications or launch timelines. The framework documentation supports planning by procurement teams and other automated-verification audiences who legitimately want to know what to expect; the operational implementation follows as Guardian’s certification volume and verification demand support it.
Directory Concerns
Recourse for Directory-Related Concerns
As with every operational system, the Directory may occasionally exhibit issues that warrant stakeholder attention — listings that appear incorrect, status changes that have not propagated as expected, mark displays that conflict with Directory entries. Recourse is available through Guardian’s standard procedural framework and through external escalation.
Reporting Incorrect or Out-of-Date Listings
Concerns about specific Directory listings — fields that appear incorrect, status that has not updated, certificate details that do not match the underlying certificate — should be reported through the Complaints and Appeals procedure at /complaints-appeals. The Complaints route triggers Guardian’s investigation per the standard procedure, including verification of the underlying engagement record and corrective action where the Directory state requires correction. Investigation is conducted by personnel independent of the matter; outcomes are communicated to the complainant within the timelines documented in the Complaints procedure (5 business days acknowledgement; 30 calendar days substantive response).
Reporting Mark Display Inconsistencies
Where a Guardian SecureApp™ mark is displayed in connection with materials that do not match the Directory entry — a different Level claimed, broader Module coverage suggested, display after status transition to Suspended/Withdrawn/Expired — the inconsistency is mark misuse per /marks-policy and is addressed through that Policy’s misuse-handling framework rather than through Directory correction (the Directory is presumed correct in such cases). Reports of suspected mark misuse should reference the specific certificate number in the Directory and identify the inconsistency observed; Guardian’s corrective action on the displaying party follows.
Reporting Apparent Technical Issues
Where the Directory’s technical interface exhibits issues — search not returning expected results, filters behaving unexpectedly, detail views loading incorrectly — reports through /contact reach Guardian’s technical team for resolution. Technical issues are typically resolved within engagement-day timeframes; persistent or systemic issues may warrant temporary on-page advisories while resolution is in progress.
UAF Escalation
Where stakeholders believe Guardian’s handling of Directory-related concerns is inadequate, direct UAF escalation is available at uafaccreditation.org. UAF’s accreditation oversight specifically addresses public-information compliance under Cl. 4.6 and status-of-certification compliance under Cl. 7.8; concerns about how Guardian operates this Directory fall within UAF’s mandate. Pseudonymous escalation is supported through UAF’s own procedures.
Closing commitment: The Public Directory is what makes Guardian’s certification activities publicly verifiable rather than privately attested. Every Guardian SecureApp™ certificate’s authenticity, scope, and current status is accountable here, in this Directory, accessible to anyone, free of charge. Procurement teams making supplier-security decisions, regulators verifying compliance claims, end-users evaluating product security, auditors verifying historical certification posture — all rely on this Directory as the authoritative reference. Guardian’s procedural integrity depends on the Directory being operationally meaningful — accurate, current, accessible, and credible. The framework documented above is how Guardian delivers that operational meaning.
Frequently Asked Questions
Public Directory Questions, Answered
Use the search field at the top of this page. You can search by certificate number (most precise), certified party legal entity name, certified product name, or trading name. Results appear immediately below the search field; click any result to see the full Directory entry with all verification details. For certificates where you have the certificate number, the direct URL https://guardiansecureapp.com/directory/[certificate-number] resolves to the certificate’s detail view and can be shared for verification by others. The Directory is free, requires no registration, and verification can be completed in seconds.
Five status types: Active (currently valid, all conditions met, mark display authorised); Conditionally Maintained (valid but subject to specific conditions imposed at the most recent surveillance); Suspended (temporarily suspended pending corrective action, mark display NOT authorised); Withdrawn (permanently terminated by Decision Authority decision, historical entry remains visible); Expired (validity period ended without recertification, historical entry remains visible). Section 3.3 above details the implications of each status for verifiers.
Per the timing commitments documented in Section 3.5: new Active certificates appear same-day or next-business-day after Decision Authority Grant; Conditional Maintain, Suspension, Reinstatement, and Withdrawal propagate within 5 business days of Decision Authority decision; Expiry transitions automatically on the validity-end date (no delay). Where propagation timing is missed, complaints via /complaints-appeals trigger investigation; pattern delays are reviewed during UAF accreditation surveillance.
Yes. Historical entries for Withdrawn and Expired certificates remain visible for a minimum of seven years from the status-change date. Historical visibility supports verification of historical mark claims, audit trail review, regulatory compliance verification, and procurement decision-review by stakeholders whose records-retention obligations extend to this duration. Historical entries display the final status (Withdrawn or Expired) prominently to distinguish them from currently Active certificates.
Several possibilities: the product is not yet certified (it may be under evaluation but not yet reached Grant decision); the certification status is now Suspended/Withdrawn/Expired and the listing has transitioned status (filter the view to include non-Active status to find it); the certified party is different from the entity name you searched (search by product name or trading name as well); a Directory update is in propagation and will appear within the documented timing window. If none of these explanations applies, the displayed certification claim may not be legitimate — submit a Complaint via /complaints-appeals identifying the specific claim and where you encountered it.
The CSV export functionality supports filtered-view downloads — apply your desired filters (or use no filters to capture all Active certificates), then click Export to download the matching listings as CSV. Bulk export of the entire Directory (all statuses, no filters) is supported through the same mechanism, with reasonable rate limits to prevent abuse. The export includes a timestamp and snapshot reference allowing later verification that the exported view represented the Directory state at a specific point in time.
A public API is planned (Section 3.8 above documents the principled approach). Currently, machine-readable access is supported through: structured data markup (JSON-LD Dataset and ItemList @types) on Directory listing pages, and CSV export for filtered-view ingestion. When the API launches, it will support certificate-number lookup, filtered listing queries, webhook status-change notifications, and bulk verification — accessible free of charge, with simple registration for rate-limit attribution. Updates on API availability are announced through Guardian’s standard communication channels.
Individual evaluation findings, source code or technical implementation details, Risk Treatment Plan contents, evaluator identities, Decision Authority deliberations, fee information, customer data, and other engagement-specific substance covered by /confidentiality. The Directory shows what is required to be publicly verifiable per ISO/IEC 17065 Cl. 4.6 and Cl. 7.8; substantive engagement detail remains confidential to protect certified clients’ commercially sensitive information.
No. Certified clients consent to public Directory disclosure as part of the Certification Agreement; the public-disclosure obligation is structural to accredited certification. Active, Conditionally Maintained, and Suspended listings remain visible while the certificate is in that status. Withdrawn and Expired listings remain visible for the documented historical retention period (minimum seven years). In rare cases, Guardian may anonymise or de-list specific historical entries on legitimate request — for example, where a certified party has dissolved as a legal entity — but anonymisation is exceptional and discretionary.
The Directory is the authoritative source. Where displayed mark information conflicts with the Directory entry (Level designation, Module coverage, certificate number, validity period), the displayed information requires correction — not the Directory entry. Verifiers encountering such conflicts may report them via /complaints-appeals; certified clients identifying inconsistencies in their own materials should correct the materials. The conflict is typically misuse per /marks-policy and may warrant corrective action against the displaying party.
Submit a Complaint via /complaints-appeals identifying the specific certificate (by number from the Directory), the suspected misuse (what mark display you observed and where), and why the display does not match the Directory entry. Guardian investigates third-party-reported misuse through the standard Complaints procedure and takes corrective action against the displaying party where misuse is confirmed. Reporting suspected misuse helps protect mark integrity for all certified clients; we welcome these reports. The Marks Policy (/marks-policy) Section 3.8 details the corrective-action process.
Conditional Maintain status indicates the certificate is valid but subject to specific conditions imposed at the most recent surveillance audit. The certified party must satisfy the conditions within a defined timeline to retain Active status; failure to satisfy conditions can result in Suspension. The Conditional status is a procurement-relevant signal — stakeholders conducting due diligence may want to inquire about the substance of conditions. The detail view for the certificate may indicate the general nature of conditions where Guardian has appropriate consent for that disclosure; otherwise, the Conditional status indicates only that conditions exist, without disclosing substance.
Yes. Both Guardian Assessment Private Limited (India) and Guardian Assessment UK Ltd issue Guardian SecureApp™ certificates under the single UAF accreditation 52605385601, and all certificates from both entities appear in this unified Directory. The ‘Issuing Entity’ field identifies which entity issued each certificate. Verifiers can filter the Directory view by issuing entity if jurisdictional context matters to their verification workflow; the underlying certification quality and accreditation weight are identical regardless of issuing entity.
Guardian’s UAF accreditation is valid 06 May 2026 to 05 May 2030. Reaccreditation will occur before the current expiry to maintain continuous accreditation. In the hypothetical scenario where accreditation lapses, ISO/IEC 17065 Cl. 7.8 obligations applicable to a body whose accreditation has lapsed would govern Directory handling; existing Active certificates would be addressed per the lapse-handling provisions of Guardian’s accreditation agreement and UAF’s accreditation-suspension/withdrawal procedures. Guardian’s accreditation status is verifiable independently at uafaccreditation.org.
Independent verification is available through: UAF’s directory at uafaccreditation.org (which confirms Guardian’s accreditation, the structural condition for Guardian-issued certificates to be valid); Companies House and Ministry of Corporate Affairs (which confirm Guardian’s corporate identity for the issuing entity); and direct contact with Guardian via /contact for verification questions not resolved through the Directory. The Public Directory described on this page is the principal authoritative verification source for the certificates themselves; the other sources verify the framework Guardian operates within.
Submit a Complaint via /complaints-appeals identifying the specific certificate (by number) and the field that appears incorrect, with any supporting evidence. Investigation is conducted by personnel independent of the matter; corrective action follows where investigation confirms the entry requires correction. Where investigation confirms the entry is correct as shown (and the apparent error is the verifier’s expectation rather than a Directory error), the Complaint outcome explains the discrepancy. Either outcome takes the same investigation discipline; we welcome substantive reports because they help us maintain Directory accuracy.
Ready to Get Started?
Apply for Certification
Submit a formal application. Initial response within 5 working days.
Apply NowRequest a Quote
Tell us about your product. Indicative quote within 3 to 5 working days.
Get a QuoteTalk to Our Team
Specific question or regulatory driver to discuss?
Contact Us