About Guardian Secure App

Guardian is exclusively a third-party certification body, accredited under ISO/IEC 17065:2012 by United Accreditation Foundation (UAF). We do not provide consulting, design, development, training-to-pass, or remediation services of any kind. This separation is required by Clause 4.2 of ISO/IEC 17065 to preserve impartiality, and a body that breaches this requirement loses its accreditation and the validity of its certificates.

Guardian is headquartered in Mumbai, India, at 812 B Wing, CTS NO. 1/222A, Samartha Aishwarya, High Land, Oshiwara, Opp. Samartha Vaibhav, Mumbai 400053. We operate as Guardian Assessment Pvt. Ltd. under Indian company law.

Guardian is accredited by United Accreditation Foundation Inc. (UAF) — an internationally operating accreditation body headquartered in Virginia Beach, Virginia, USA — under ISO/IEC 17065:2012, accreditation number 52605385601, valid from 06 May 2026 to 05 May 2030. The accreditation can be independently verified at www.uafaccreditation.org.

Guardian is accredited by UAF, which is an internationally operating accreditation body. UAF is a member of the IAF and a signatory to the IAF Multilateral Recognition Arrangement (MLA). The IAF MLA recognises accreditations across borders, but the MLA scope varies by accreditation type — the current scope of UAF’s IAF MLA recognition by accreditation type can be verified at www.iaf.nu. International recognition of any specific certificate depends on the accepting party’s requirements; in regulated procurement, recognition typically follows from the underlying accreditation registry status.

Under our current accreditation scope (IAF Scope Code 33 — Information Technology), Guardian certifies web applications, SaaS / multi-tenant platforms, and APIs / microservices, through the Guardian SecureApp™ scheme. The scheme has three modules — Module A (Web), Module B (SaaS), Module C (API) — and three assurance levels — Level 1 (Basic), Level 2 (Advanced), Level 3 (High-Risk / Critical). Each certificate is issued for a named product and version, against the named module(s) and level.

Yes. Guardian conducts independent VAPT (Vulnerability Assessment and Penetration Testing) as a technical assessment activity, either as a stand-alone engagement or as part of a certification evaluation. Our VAPT engagements deliver a findings report; Guardian does not provide remediation, fix-support, or post-VAPT advisory — these are outside the scope of our service offering, and providing them would compromise our impartiality as a certification body.

No. Pre-certification preparation, advisory, gap assessments and ‘how to pass’ assistance are all forms of consultancy, and Clause 4.2 of ISO/IEC 17065 prohibits a certification body from providing these services in respect of a product it later certifies. Applicants are responsible for their own preparation, with their own resources or any third party they engage. We evaluate the product as it is presented at application.

An independent Impartiality Committee, comprising representatives drawn from a balance of stakeholder interests (industry, applicants, technical experts, public-interest representation), oversees Guardian’s impartiality. The Committee has unrestricted access to certification records, financial information and conflict-of-interest declarations, meets at defined intervals and on request, and has authority to take independent action — including escalation to UAF — where it identifies threats to impartiality that have not been adequately addressed.

Visit www.uafaccreditation.org and search by accreditation number 52605385601, or download the Certificate of Accreditation and Schedule of Accreditation from /accreditation. Both routes confirm the same facts: accreditation status, scope (IAF Scope Code 33), validity dates, and any conditions or limitations.

Our Public Directory of Certified Products is at /directory, searchable by certificate number, product name or applicant name. The directory lists currently valid certificates as well as suspended and withdrawn certificates, with the date and reason for status changes (where applicable). Public listing of certificate facts is required by ISO/IEC 17065 Clause 4.6.

Application review is conducted under ISO/IEC 17065 Clause 7.3, against four criteria: scope (does the product fit our accredited certification scope?), feasibility (can we resource the engagement competently and to the required timeline?), impartiality (are there any conflicts of interest, including consultancy involvement within the last two years, that we cannot mitigate?), and completeness (is the submitted documentation sufficient to begin scoping?). Outcome is acceptance, a request for clarification, or rejection with documented reasons.

UAF is our accreditation body. UAF audits Guardian’s compliance with ISO/IEC 17065 and supporting mandatory documents annually, conducts witness assessments of selected certification engagements, and maintains the public accreditation register on which our status is published. UAF does not direct or participate in Guardian’s individual certification decisions; that would compromise the independence of certification from accreditation, which is itself a core principle of the international conformity assessment infrastructure.

Guardian works with organisations of all sizes. Our indicative starting fees for small organisations (USD 2,000 / 4,000 / 7,000 for Levels 1 / 2 / 3) are designed to make accredited certification accessible to start-ups and growth-stage companies. Final fees depend on scope, technology and complexity; quotation is on request.

Guardian is funded through certification fees paid by applicants and certified clients. We do not receive grants, government funding, or other revenue streams that would create dependency on third parties. Our financial structure is monitored quarterly by the Impartiality Committee to ensure no single applicant or sector creates a financial dependence threat to impartiality.

Any change of control or material change in business activities is a notifiable event under our accreditation, requiring prior or concurrent notification to UAF and a fresh impartiality risk assessment. A merger with a consultancy that creates a structural impartiality conflict — particularly one that would mix certification with advisory in respect of certifiable products — is incompatible with continued accreditation. The Impartiality Committee and Top Management are accountable for maintaining a structure that preserves accreditation status.