Let’s talk

COMPLAINTS & APPEALS PROCEDURE

GUARDIAN ASSESSMENT · TRUST & COMPLIANCE

Complaints & Appeals — Guardian’s Recourse Framework

This Procedure documents how Guardian Assessment Private Limited (India) and Guardian Assessment UK Ltd handle Complaints (concerns about Guardian’s certification activities) and Appeals (formal challenges to specific certification decisions). The Procedure is the operational implementation of ISO/IEC 17065:2012 Clause 7.13 (Complaints and Appeals), against which we are accredited by UAF (accreditation 52605385601, valid until 05 May 2030). Recourse is structured, accessible, fee-free, and not subject to retaliation. Investigation is conducted by personnel independent of the matter, with structured escalation to the Appeals Committee or to senior leadership where investigation reveals concerns warranting action. Where Guardian’s internal handling does not resolve the matter, complainants may escalate to UAF — Guardian’s accreditation body — without prejudice to any prior or future engagement. This Procedure is publicly available per ISO/IEC 17065 Clause 4.6 and is reviewed by UAF during annual surveillance audits.

Read the Impartiality Statement↗
Read the Confidentiality Policy ↓
ISO/IEC 17065 Accredited
UAF Accreditation No. 52605385601
Valid until 05 May 2030

Statement of Commitment

Guardian’s Commitment to Recourse

Guardian Assessment Private Limited (India) and Guardian Assessment UK Ltd, together constituting the Guardian Assessment certification body, operate this Complaints and Appeals Procedure as the documented recourse mechanism for stakeholders affected by Guardian’s certification activities. The Procedure is the operational implementation of ISO/IEC 17065:2012 Clause 7.13 (Complaints and Appeals), embedded in our Certification Agreement and VAPT Engagement Agreement, and audited annually by UAF during accreditation surveillance.

This Procedure is companion to the Impartiality Statement at /impartiality (which implements Cl. 4.2) and the Confidentiality Policy at /confidentiality (which implements Cl. 4.5). Together these three documents form the foundational trust framework that procedurally distinguishes accredited certification from any commercial assessment relationship without comparable structural disciplines. Where Pages 22 and 23 establish the substantive trust commitments Guardian makes, this Procedure establishes how stakeholders verify those commitments and obtain corrective action where they are breached.

Scope of This Procedure

This Procedure applies to:

  • Applicants — entities that have applied for Guardian SecureApp™ certification or for the Guardian VAPT service, including applicants whose applications are under review and applicants whose applications have not yet been accepted
  • Certified clients — entities that hold a current Guardian SecureApp™ certificate, including certified clients whose certificates are subject to surveillance, are conditionally maintained, are suspended, or are subject to withdrawal proceedings
  • Former applicants and certified clients — entities whose engagements have closed but who have residual concerns about how the engagement was conducted or about decisions taken
  • Third parties — competitors of certified clients, end-users of certified products, peer certification bodies, accreditation bodies, regulators, and other parties with legitimate interest in Guardian’s certification activities
  • Members of the public — individuals or organisations not in any of the above categories who nonetheless have concerns about specific Guardian decisions or about Guardian’s Programme generally

There is no requirement to demonstrate standing, contractual relationship, or financial interest in order to submit a Complaint. Guardian’s Programme accountability is a matter of public-information disclosure under Cl. 4.6, and recourse for concerns about that Programme is correspondingly accessible.

Underlying Standards

This Procedure implements:

  • ISO/IEC 17065:2012 Clause 7.13 (Complaints and Appeals) — the principal standard governing certification body recourse mechanisms
  • ISO/IEC 17065:2012 Clause 4.6 (Publicly Available Information) — requiring this Procedure to be publicly accessible
  • ISO/IEC 17065:2012 Clause 4.2 (Impartiality) — providing the structural framework within which complaint investigation independence is maintained
  • ISO/IEC 17065:2012 Clause 4.5 (Confidentiality) — applying confidentiality safeguards to complaint investigations and appeal proceedings

Where complaints raise concerns that fall under other Guardian Trust documents — impartiality complaints under the Impartiality Statement, confidentiality complaints under the Confidentiality Policy, mark-usage complaints under the Marks Policy at /marks-policy — those documents’ specific recourse provisions are read together with this Procedure.

Distinction

Two Distinct Recourse Mechanisms

ISO/IEC 17065 Clause 7.13 distinguishes Complaints from Appeals, and the distinction matters operationally — the two mechanisms have different purposes, different procedural pathways, different decision authorities, and different timelines. Stakeholders submitting recourse should understand which mechanism applies to their concern; submissions in the wrong category are reclassified by Guardian (with notification to the submitter) but the reclassification consumes time that direct submission to the correct mechanism avoids.

DimensionComplaintsAppeals

What It Concerns

Guardian’s conduct: procedural concerns, evaluator behaviour, communication issues, confidentiality concerns, impartiality concerns, mark-usage concerns, fee-handling concerns, timeliness concerns, and conduct of personnel.

A specific certification decision: Grant, Defer, Refuse, Maintain, Conditional Maintain, Suspend, Withdrawal, Reinstatement, or any equivalent decision the Decision Authority has taken.

Who Submits

Any stakeholder: applicant, certified client, third party, or member of the public. No standing requirement.

The applicant or certified client whose product is the subject of the contested decision, or their authorised representative. Third parties may submit Complaints about decisions, but cannot submit formal Appeals.

Submission Time Limit

None. Concerns can be raised at any time, including after engagement closure.

Within 30 calendar days of the contested decision being communicated to the appellant. Late Appeals may be considered at the Appeals Committee’s discretion where good cause is shown.

Investigation Authority

Personnel independent of the matter complained about, typically a senior manager not involved in the engagement, or an external investigator where internal independence is not feasible.

The Appeals Committee, independent of personnel involved in the original certification decision.

Decision Authority

Findings and corrective actions are determined by the investigator, with material findings escalated to senior leadership or the Impartiality Committee where impartiality is implicated.

The Appeals Committee. Decisions are final within Guardian’s procedural framework; further escalation is to UAF.

Timeline Target

Acknowledgement within 5 business days; substantive response within 30 calendar days, extendable to 60 with written justification.

Acknowledgement within 5 business days; hearing within 60 calendar days of formal lodgement, extendable to 90 with written justification; written decision within 14 calendar days of hearing close.

Effect on Certification Status

None. Complaints do not automatically affect certification status; corrective actions arising from complaint investigation may, in rare cases, prompt independent Decision Authority review of the relevant certificate.

None automatic. Status during Appeal is determined by the Decision Authority on a case-by-case basis. Appeals against suspension or withdrawal do not automatically restore the certificate.

Fee

None.

None to Guardian. The appellant pays only their own costs, such as legal counsel or expert witnesses where engaged.

In summary: if your concern is about how Guardian behaved, file a Complaint. If your concern is about a specific decision Guardian’s Decision Authority made — and you want to challenge that decision — file an Appeal. Where uncertainty exists, submit through the Complaints route; Guardian will route correctly internally and notify you of any reclassification.

Complaints Procedure

How Complaints Are Handled

The Complaints procedure is designed to surface and address concerns about Guardian’s certification activities promptly, fairly, and with appropriate independence. The procedure operates as a structured workflow with defined stages, defined decision authorities, and defined timelines.

Submission

Complaints may be submitted through any of the following routes:

  • The dedicated complaints email address — complaints@guardiansecureapp.com (forthcoming; routed by jurisdictional nexus to either Guardian Assessment Private Limited or Guardian Assessment UK Ltd)
  • The /contact form, with ‘Complaint’ selected as the inquiry type — routes to the same handling team as the dedicated email
  • Postal submission to either Guardian entity’s registered address — Guardian Assessment Private Limited (74, Windermere 2C CHS Ltd, Off New Link Road, Andheri (W), Mumbai, Maharashtra, India 400053) or Guardian Assessment UK Ltd (412, Greenford Road, Greenford, Middlesex, England, UB6 9AH). Postal submissions are scanned on receipt and acknowledged through the same workflow as electronic submissions.
  • Through certification engagement correspondence — for applicants and certified clients with active engagements, complaints can be raised through the engagement’s lead evaluator with a clear request that the matter be treated as a Complaint under this Procedure rather than an in-engagement query

Submissions should include: the nature of the concern, the engagement or decision the concern relates to (where applicable), the period the concern covers, any specific evidence or documentation supporting the concern, and contact information for response. Pseudonymous submissions are accepted (Section 3.7 below) with appropriate procedural adjustments.

Acknowledgement

Receipt of a Complaint is acknowledged within 5 business days. The acknowledgement is sent through the submission route used by the complainant (with privacy adjustments for pseudonymous submissions) and includes: a Complaint reference number, confirmation of the entity handling the matter (India entity for India-jurisdiction nexus; UK entity for UK-jurisdiction nexus; cross-border matters coordinated), and the expected substantive-response timeline.

Investigation

Investigation is conducted by personnel independent of the matter complained about. For most Complaints, this means a senior Guardian manager not involved in the engagement that the Complaint relates to. For Complaints concerning impartiality matters, the investigation is escalated to the Impartiality Committee or to the independent chair of that Committee. For Complaints where internal independence is not feasible — for example, complaints concerning Guardian’s leadership itself — investigation is conducted by an external investigator engaged for the specific matter.

Investigation activities typically include: review of the Complaint and supporting evidence; review of Guardian’s records relating to the matter (engagement records, correspondence, internal procedures); interviews with Guardian personnel involved; in some cases, interviews with the complainant or with third parties who may have relevant evidence. The investigation is conducted under confidentiality discipline matching Cl. 4.5 — investigation findings are not disclosed beyond what is necessary for resolution and for any required UAF notification.

Substantive Response

Within 30 calendar days of acknowledgement, Guardian provides a substantive response to the complainant. The response includes: the investigator’s findings of fact relating to the matter; Guardian’s assessment of whether the Complaint is upheld in whole, in part, or not upheld; any corrective actions Guardian is taking in response to the matter; an invitation to provide further submissions if the complainant disagrees with the findings or the corrective actions. Where the 30-day timeline cannot be met — typically because investigation is more substantive than initially anticipated — Guardian provides written justification and a revised timeline (with the extended timeline not exceeding 60 calendar days from acknowledgement).

Closure

A Complaint is closed when: the complainant accepts the substantive response and any corrective actions; or the complainant has been given reasonable opportunity to respond to the substantive response and has not done so within a defined window (typically 30 calendar days); or the complainant has indicated they wish to escalate the matter to UAF, in which case Guardian’s internal Procedure considers the matter closed and Guardian provides reasonable cooperation with UAF’s escalation handling. Closed complaints and their resolutions are recorded in Guardian’s Complaints Register, retained per the retention discipline in /confidentiality Section 3.6, and reviewed during UAF accreditation surveillance.

Complaints Procedure

How Appeals Are Handled

Appeals are formal challenges to specific certification decisions. Because certification decisions carry procurement-grade attestation weight, the procedural integrity of Appeal handling is itself a substantive trust commitment — Appeals must be heard by independent decision-makers, with documented procedure, with fair opportunity for the appellant to present their case, and with reasoned decisions communicated in writing. The procedure operates as a quasi-judicial workflow with corresponding discipline.

Decisions Subject to Appeal

Appellable decisions include:

  • Initial certification decisions — Grant (in unusual cases where the appellant disputes specific scope or conditions of the Grant), Defer (where the appellant disputes the basis for deferral), Refuse
  • Surveillance decisions — Conditional Maintain (where the appellant disputes the conditions imposed), Suspend
  • Withdrawal decisions
  • Reinstatement decisions following suspension
  • Recertification decisions — Grant (in unusual cases), Defer, Refuse
  • Decisions on Risk Treatment Plans submitted under Cl. 7.6 — where the appellant disputes Decision Authority assessment of an RTP

Procedural decisions made during engagement (e.g., scope clarifications, severity classifications of individual findings) are not directly appellable as they are sub-decisions within the engagement; they may form the substance of Complaints, and where Complaint investigation reveals that procedural decisions warrant correction, that correction is the appropriate route. Final certification decisions remain appellable as set out above.

Submission

Appeals are submitted in writing within 30 calendar days of the contested decision being communicated to the appellant. Submission routes:

  • The dedicated appeals email address — appeals@guardiansecureapp.com (forthcoming)
  • Postal submission to either Guardian entity’s registered address with ‘NOTICE OF APPEAL’ clearly marked

Submissions must include: identification of the contested decision (decision date, decision type, certificate or engagement reference); the grounds of Appeal (factual disputes, procedural disputes, evidence-evaluation disputes, severity-classification disputes, scope-determination disputes); the relief sought (reversal of decision, remand for reconsideration, modification of conditions); and any supporting evidence the appellant wishes the Appeals Committee to consider. Late Appeals (filed after the 30-day window) may be considered at the Appeals Committee’s discretion where good cause for delay is demonstrated.

Acknowledgement and Preliminary Review

Receipt of an Appeal is acknowledged within 5 business days. The acknowledgement includes the Appeal reference number, confirmation of the handling entity, and the preliminary-review outcome — confirming that the matter is appellable under this Procedure (i.e., it concerns an appellable decision and is timely or merits late acceptance) and identifying the Appeals Committee that will hear the Appeal.

The Hearing

The Appeals Committee schedules a hearing within 60 calendar days of formal Appeal lodgement. The hearing may be conducted in person, by video conference, or in writing only — the format is determined by the Appeals Committee considering the nature of the matter, the appellant’s preference, and practical considerations including jurisdictional convenience. Both the appellant (with their authorised representatives, including legal counsel and expert witnesses if engaged) and Guardian (with the personnel best placed to address the matter) participate. The hearing is conducted under confidentiality discipline matching Cl. 4.5; hearing records are retained per /confidentiality Section 3.6 retention discipline.

The hearing follows a structured protocol: opening statements by both parties; presentation of evidence by the appellant; presentation of evidence by Guardian; questions from the Appeals Committee to either party; closing statements; reservation of decision. The Committee may, at its discretion, request additional evidence or submissions after the hearing where the matter requires further information; in such cases the timeline for the written decision is extended correspondingly.

The Written Decision

Within 14 calendar days of the hearing closing (or of any post-hearing submissions being received), the Appeals Committee issues a written decision. The decision includes: a summary of the contested decision and the grounds of Appeal; a summary of the evidence presented; the Committee’s findings of fact; the Committee’s reasoning on the disputed points; the Committee’s decision (uphold the original decision, reverse the original decision, modify the original decision, or remand the matter for reconsideration with specific directions); and clear communication of further escalation rights (i.e., the right to escalate to UAF — Section 3.8 below). The written decision is communicated to the appellant and to Guardian’s operational management for implementation.

Timeline Extension

Where the 60-day hearing window or the 14-day decision window cannot be met — typically because the matter is more substantive than initially anticipated, evidence-gathering takes longer than anticipated, or scheduling constraints arise — the Appeals Committee provides written justification and a revised timeline. Total Appeals duration (lodgement to written decision) should not exceed 90 calendar days except in genuinely exceptional circumstances; the Appeals Committee tracks duration as a discipline metric reviewed during UAF surveillance.

Effect on Certification Status

Filing an Appeal does not automatically affect certification status. Where the contested decision is suspension, withdrawal, or refusal, the certificate’s status during the Appeal period is determined by the Decision Authority on a case-by-case basis, considering: the substance of the contested decision; the strength of the Appeal grounds on preliminary review; the public-information disclosure obligations under Cl. 7.8; and the protection of stakeholders relying on the Public Directory listing. Where status during Appeal would otherwise create misleading public information, the Decision Authority’s determination is communicated to the appellant in advance with reasons. In rare cases, the Appeals Committee may issue an interim status determination at the time of acknowledgement.

The Appeals Committee

Independent Authority for Appeal Decisions

ISO/IEC 17065 Cl. 7.13 requires that Appeals be heard by personnel independent of the original certification decision. Guardian’s operational implementation is the Appeals Committee — a structured panel constituted for each Appeal from the standing pool of qualified Appeals Committee members. The Committee’s composition, mandate, and operating discipline are described below.

Composition

Each Appeals Committee panel comprises three roles with stakeholder representation, modelled on the Impartiality Committee structure described in /impartiality Section 3.3:

  • An independent chair — drawn from outside Guardian’s operational management. The chair brings external perspective and the procedural authority to manage the hearing fairly. The chair is appointed for renewable defined terms with appointment criteria documented in Guardian’s governance procedures. For Appeals concerning operational management itself, the independent chair structure is the principal safeguard against insider influence.
  • A technical reviewer not involved in the original engagement — a senior Guardian evaluator with the technical competence to engage substantively with the disputed matter, but who was not involved in the engagement that produced the contested decision. The technical reviewer brings the evaluation-discipline perspective necessary for substantive engagement with technical disputes.
  • A senior management representative not involved in the original decision — a member of Guardian’s leadership accountable for the operational implementation of the Appeals Committee’s decisions, but who was not the Decision Authority for the contested decision. The management representative ensures Committee decisions translate into operational reality.

Names of Appeals Committee members are not published as a matter of practice (consistent with Impartiality Committee practice and with most certification bodies’ treatment of internal-governance appointments). Membership is recorded in Guardian’s internal governance records and reviewed by UAF during accreditation surveillance. Specific panel composition for an individual Appeal — including verification of independence from the original engagement — is communicated to the appellant in the acknowledgement letter.

Mandate

The Appeals Committee’s mandate covers:

  • Hearing and deciding individual Appeals as set out in Section 3.4
  • Determining the format of hearings (in-person, video, written) and the timeline within the parameters set by this Procedure
  • Requesting additional evidence or submissions where the matter requires further information
  • Reaching reasoned written decisions and communicating them as set out in Section 3.4
  • Issuing interim status determinations in rare cases where the certificate’s status during Appeal warrants Committee determination rather than Decision Authority determination
  • Reviewing the Appeals Procedure annually with recommendations for amendment to Guardian’s leadership

Independence Safeguards

Independence is the operational foundation of Appeals integrity. Specific safeguards include:

  • No member of the panel may have been involved in the engagement that produced the contested decision — this includes evaluation team membership, reviewer role, Decision Authority role, or material engagement-management role
  • No member may have personnel, financial, or ownership relationships with the appellant that would compromise independence — verified through impartiality declarations submitted by panel members at the time of panel constitution
  • Panel composition is determined by senior Guardian management not involved in the contested decision — typically Guardian’s leadership in coordination with the Impartiality Committee chair
  • Where independence cannot be assured through internal panel constitution — for example, where the matter implicates a substantial portion of Guardian’s evaluation function — external Appeals Committee members are engaged for the specific Appeal under terms equivalent to internal panel members’ confidentiality and conduct obligations

Timelines and Communications

When You Hear Back, and What You Receive

Predictable timelines are themselves a procedural commitment. Stakeholders raising concerns are entitled to know when they will receive responses, what those responses will contain, and what to do if timelines are missed. This Section consolidates the timeline commitments distributed across Sections 3.3 and 3.4 above.

ActivityComplaint TimelineAppeal TimelineCommunication Mode

Acknowledgement of receipt

Within 5 business days.

Within 5 business days.

Through submission route.

Confirmation of handling entity and reference number

With acknowledgement.

With acknowledgement.

Written.

Substantive response (Complaint)

Within 30 calendar days, extendable to 60 with written justification.

N/A

Written.

Hearing scheduled (Appeal)

N/A

Within 60 calendar days of lodgement, extendable to 90 with written justification.

Written, with hearing details.

Written decision (Appeal)

N/A

Within 14 calendar days of hearing close.

Written, with reasons.

Closure communication

With substantive response or after acceptance window expires.

With written decision.

Written, with escalation rights.

If Timelines Are Missed

Where Guardian fails to meet a timeline commitment in this Procedure without providing written justification and a revised timeline, the affected stakeholder may:

  • Request a status update through the same submission route — Guardian provides a status update within 5 business days of the request
  • Escalate the matter through senior management at the relevant entity — by emailing complaints@guardiansecureapp.com (forthcoming) with ‘TIMELINE ESCALATION’ in the subject
  • Escalate the matter to UAF directly — Guardian’s failure to meet documented procedural commitments is itself a matter of accreditation oversight (Section 3.8 below)

Timeline failures are tracked in Guardian’s Complaints Register and reviewed during UAF surveillance. Repeated failures or pattern failures across complaints are escalated to senior leadership and to the Impartiality Committee for systemic investigation.

Communications During Active Matters

During active Complaints or Appeals, communication is directed through the lead investigator (for Complaints) or the Appeals Committee secretariat (for Appeals). Routing through the operational personnel involved in the original matter — for example, evaluators or Decision Authority members — is avoided to preserve investigation independence. Where a complainant or appellant attempts to discuss an active matter through original-engagement channels, the recipient redirects to the proper channel without engaging on the substance.

Third-Party Submissions

Submissions Where the Submitter Wishes to Remain Anonymous

Some stakeholders raising legitimate concerns may have substantial reasons not to identify themselves — concerns about retaliation despite Guardian’s non-retaliation commitment, concerns about commercial relationships affected by identification, concerns about regulatory or employer relationships. Guardian’s recourse mechanism accommodates pseudonymous submissions with appropriate procedural adjustments.

Pseudonymous Complaints

Pseudonymous Complaints — submissions where the complainant withholds their identity from Guardian — are accepted under the following framework:

  • Substance over identification — Guardian’s investigation focuses on the substance of the concern raised, regardless of whether the complainant is identified. Where the substance can be investigated independently of the complainant’s identification (e.g., review of records, interviews with Guardian personnel, review of correspondence), the investigation proceeds normally.
  • Verification adjustments — where investigation requires verification of factual claims by the complainant, Guardian may require the complainant to provide such evidence as is necessary to verify substance without revealing identity. The complainant determines what they are willing to disclose; Guardian’s investigation is bounded by the available evidence.
  • Communication routing — Guardian communicates with pseudonymous complainants through the submission route used (a privacy-respecting email address, a secure messaging mechanism, or postal correspondence to a designated address). Guardian does not attempt to identify pseudonymous complainants through technical or investigative means.
  • Limitations — pseudonymous complaints have inherent limitations where investigation requires testimony or evidence that only the complainant could provide. Guardian’s substantive response will note any such limitations and the conclusions Guardian was able to reach within them.

Anonymous Submissions

Anonymous submissions — where Guardian receives a complaint with no identification or contact information — are reviewed for substance. Where the substance is sufficient for Guardian to investigate (e.g., the complaint identifies specific engagements, decisions, or personnel and provides factual basis), investigation proceeds and any corrective actions are implemented. Where the substance is insufficient (e.g., generalised allegations without specific reference points), the matter is recorded but cannot be investigated. Anonymous submissions cannot be acknowledged (no contact information) and cannot be communicated about; the only public visibility is the inclusion of the matter in Guardian’s Complaints Register and any corrective actions taken in response.

Third-Party Submissions

Third parties — competitors of certified clients, end-users, regulators, peer certification bodies, members of the public — may submit Complaints (but not Appeals; Appeals are limited to applicants and certified clients). Third-party Complaints are handled under the standard procedure with one specific consideration: where the Complaint concerns the relationship between Guardian and a specific certified client, Guardian’s confidentiality obligations to that certified client may limit what Guardian can share with the third-party complainant about the substantive findings. In such cases, Guardian provides what can be shared without breaching confidentiality and notes the limitations explicitly.

Third parties may also raise concerns directly with UAF (Section 3.8 below) without first raising them with Guardian. Where a stakeholder believes Guardian’s internal handling will be inadequate — for example, where the matter implicates Guardian’s leadership — direct UAF escalation is an appropriate first step.

Escalation

Recourse Beyond Guardian

Guardian’s internal Procedure is one layer of recourse, not the only layer. Stakeholders dissatisfied with Guardian’s internal handling — or who believe Guardian’s internal handling will be inadequate — have explicit escalation paths to UAF (Guardian’s accreditation body) and beyond. The escalation paths are not contingent on Guardian’s permission and do not prejudice any prior or future engagement with Guardian.

Escalation to UAF

UAF — United Accreditation Foundation Inc., 1060 Laskin Road, STE 12B/13B, Virginia Beach VA 23451, United States — is Guardian’s accreditation body. UAF maintains complaints and feedback procedures relating to accredited certification bodies, accessible at uafaccreditation.org. Stakeholders escalating to UAF do so directly; Guardian provides reasonable cooperation with UAF’s escalation handling but is not a gatekeeper to UAF’s procedures.

UAF’s accreditation oversight includes assessing how Guardian handles complaints — meaning that complaints to UAF about Guardian’s complaints handling itself are within UAF’s mandate. Where UAF’s investigation reveals that Guardian’s procedural compliance with Cl. 7.13 is inadequate, UAF can require corrective action including, in serious cases, accreditation suspension or withdrawal. The accountability is real.

Escalation to IAF

IAF — the International Accreditation Forum, accessible at iaf.nu — coordinates accreditation bodies internationally and operates additional escalation paths for accreditation-body-level concerns. Where a stakeholder believes UAF’s handling of escalated concerns is itself inadequate, IAF provides further recourse. IAF’s processes are designed for accreditation-coordination matters rather than first-instance complaints; the appropriate escalation path is typically Guardian → UAF → IAF, not direct to IAF.

Regulatory and Legal Escalation

Stakeholders may have additional recourse through regulatory or legal channels in their respective jurisdictions — data protection authorities for privacy-related concerns, sectoral regulators where Guardian’s certification activities intersect with regulated sectors, courts for matters where contractual or legal rights are implicated. These channels operate independently of the certification-specific procedures described above and are determined by the substance of the concern and the jurisdiction. Guardian’s recourse mechanisms are not in lieu of legal rights; they are alongside them.

Where regulatory or legal escalation involves Guardian, jurisdictional handling follows the principle established in /confidentiality Section 3.7 — Guardian Assessment Private Limited handles matters with India nexus; Guardian Assessment UK Ltd handles UK nexus; cross-border matters are coordinated. Specific contact information for regulatory escalation is determined by the substance and jurisdiction; Guardian’s leadership can provide directional guidance through /contact where helpful.

Commitments

Guardian’s Substantive Commitments to Recourse

The Procedure described above is operationally meaningful only if stakeholders feel safe using it. Several substantive commitments support that safety; they are documented here as the closing structural element of the Procedure.

Non-Retaliation

Guardian commits to non-retaliation against complainants and appellants. Specifically: raising a Complaint or filing an Appeal does not affect any current certification engagement, surveillance audit, recertification, or commercial relationship between Guardian and the complainant or appellant; subsequent applications and engagements are not adversely treated by reason of prior recourse activity; subsequent commercial conversations (scoping, quoting) are not biased by prior recourse activity. The non-retaliation commitment matches the parallel commitments in /impartiality Section 3.9 and /confidentiality Section 3.9, applies through the same procedural framework, and is verified during UAF surveillance through review of complaints handling records.

Where a stakeholder believes retaliation has occurred, that itself is a Complaint that can be raised through this Procedure (with investigation routed to leadership independent of the alleged retaliating personnel), and is also a matter that can be escalated directly to UAF without prior internal handling.

No-Fee Commitment

Submitting a Complaint carries no fee. Filing an Appeal carries no fee to Guardian; the appellant pays only their own costs (legal counsel, expert witnesses where engaged). The no-fee commitment ensures that recourse access is not gated by economic capacity to pay, and that no appellant is dissuaded from legitimate Appeal by Guardian-side fees.

Confidentiality of Recourse Activities

Recourse submissions and the substance of Complaints and Appeals are treated as confidential information of the complainant or appellant under /confidentiality. The fact that a particular stakeholder has raised a Complaint or filed an Appeal is not disclosed by Guardian beyond what is necessary for investigation and resolution. Guardian’s Complaints Register — internal documentation of complaints and their handling — is reviewed by UAF during surveillance but is not publicly disclosed.

Where complainants choose to publicly disclose that they have raised a Complaint with Guardian, that is the complainant’s prerogative and is not constrained by this Procedure. Guardian’s confidentiality obligations run from Guardian to the complainant, not in the reverse direction. Where Guardian’s response to a publicly-discussed complaint becomes a matter requiring public response (rare in practice), the response is made under coordination with the complainant where possible and follows the proportionality discipline of public communication generally.

Annual Review

This Procedure is reviewed at least annually by Guardian’s leadership in coordination with the Impartiality Committee. Material changes — to timelines, to escalation paths, to handling structures — are versioned, dated, communicated to UAF, and communicated to certified clients in accordance with Cl. 8 (Management System Requirements). The Document Header at the top of this page records the current version and issuance date. Stakeholders who have referenced this Procedure in their procurement processes or compliance frameworks can verify the current version and confirm any material changes since their last reference.

Closing commitment: Recourse is the verification mechanism by which the substantive trust commitments in /impartiality and /confidentiality become operationally real. Without accessible, credible, fee-free, non-retaliatory recourse, those substantive commitments would be aspirational. With it, they are commitments stakeholders can hold Guardian accountable to. Guardian’s procedural integrity depends on this Procedure being operationally meaningful — and on stakeholders using it where they have legitimate concerns. We welcome that use.

Frequently Asked Questions

Common Questions, Answered

Complaints concern Guardian’s CONDUCT — procedural concerns, evaluator behaviour, communication issues, confidentiality concerns, impartiality concerns, mark-usage concerns, fee-handling concerns, timeliness. Appeals are formal challenges to specific CERTIFICATION DECISIONS — Grant, Defer, Refuse (initial certification), Maintain, Conditional Maintain, Suspend (surveillance), Withdrawal, Reinstatement. Different mechanisms, different procedural pathways, different decision authorities. Complaints can be submitted by any stakeholder; Appeals are limited to the applicant or certified client whose product is the subject of the contested decision.

Complaints: through complaints@guardiansecureapp.com (forthcoming), through /contact with ‘Complaint’ selected, through postal submission to either Guardian entity, or through certification engagement correspondence with explicit Complaint flagging. Appeals: through appeals@guardiansecureapp.com (forthcoming) or through postal submission with ‘NOTICE OF APPEAL’ clearly marked. Acknowledgement is provided within 5 business days through the submission route.

No fee to Guardian for either Complaints or Appeals. For Appeals, the appellant pays only their own costs (legal counsel, expert witnesses where engaged); Guardian charges no Appeal fee. The fee-free recourse commitment ensures access is not gated by economic capacity and that no stakeholder is dissuaded from legitimate recourse by Guardian-side fees.

30 calendar days from the contested decision being communicated to the appellant. Late Appeals (filed after the 30-day window) may be considered at the Appeals Committee’s discretion where good cause for delay is demonstrated. Complaints have no submission time limit and can be raised at any time, including after engagement closure.

The Appeals Committee — a structured panel of three roles: an independent chair (drawn from outside Guardian’s operational management), a technical reviewer not involved in the original engagement, and a senior management representative not involved in the original decision. None of the panel members may have been involved in the engagement that produced the contested decision. Panel composition for an individual Appeal is communicated to the appellant in the acknowledgement letter, with verification of independence from the original engagement.

Acknowledgement within 5 business days of receipt; hearing within 60 calendar days of formal lodgement (extendable to 90 with written justification); written decision within 14 calendar days of hearing close. Total Appeals duration (lodgement to written decision) should not exceed 90 calendar days except in genuinely exceptional circumstances. Where the timeline is extended, written justification and a revised timeline are provided.

Severity classifications are sub-decisions within an engagement and are not directly appellable. Severity classification disputes can form the substance of a Complaint, and where Complaint investigation reveals that severity classification warrants correction, that correction is the appropriate route. Final certification decisions remain appellable on grounds that include disputed severity classifications where those classifications materially affected the outcome.

No. Filing an Appeal does not automatically affect certification status. Where the contested decision is suspension, withdrawal, or refusal, the certificate’s status during the Appeal period is determined by the Decision Authority on a case-by-case basis, considering the substance of the contested decision, the strength of the Appeal grounds on preliminary review, and the public-information disclosure obligations under Cl. 7.8. In rare cases the Appeals Committee may issue an interim status determination.

Pseudonymous Complaints (where the complainant withholds their identity) are accepted with appropriate procedural adjustments — investigation focuses on substance, communication is routed through privacy-respecting channels, Guardian does not attempt to identify pseudonymous complainants. Anonymous submissions (no identification or contact information) are reviewed for substance; where the substance is sufficient for investigation, investigation proceeds, but Guardian cannot acknowledge or communicate about anonymous submissions.

Third-party Complaints are accepted under the standard procedure. Third parties can raise concerns about specific Guardian decisions, about Guardian’s conduct generally, or about Guardian’s certification of specific products. Guardian’s confidentiality obligations to certified clients may limit what Guardian can share with third-party complainants about substantive findings; in such cases, Guardian provides what can be shared without breaching confidentiality and notes limitations explicitly. Third parties cannot file formal Appeals (Appeals are limited to applicants and certified clients), but their Complaints can prompt corrective actions.

Direct escalation to UAF (Guardian’s accreditation body) is available without first raising the matter with Guardian. UAF’s complaints and feedback procedures are accessible at uafaccreditation.org. UAF’s accreditation oversight includes assessing how Guardian handles complaints — meaning that complaints to UAF about Guardian’s complaints handling itself are within UAF’s mandate. Where UAF’s investigation reveals inadequate procedural compliance, UAF can require corrective action including, in serious cases, accreditation suspension or withdrawal.

IAF (the International Accreditation Forum, accessible at iaf.nu) coordinates accreditation bodies internationally and operates additional escalation paths for accreditation-body-level concerns. The appropriate escalation path is typically Guardian → UAF → IAF, not direct to IAF for first-instance complaints. IAF’s processes are designed for accreditation-coordination matters rather than direct grievance handling.

No. Guardian commits to non-retaliation. Raising a Complaint or filing an Appeal does not affect any current certification engagement, surveillance audit, recertification, or commercial relationship between Guardian and the complainant or appellant. Subsequent applications and engagements are not adversely treated by reason of prior recourse activity. The non-retaliation commitment is verified during UAF surveillance through review of complaints handling records.

Yes. Both the appellant (with their authorised representatives, including legal counsel and expert witnesses if engaged) and Guardian (with the personnel best placed to address the matter) participate in Appeal hearings. The appellant pays their own costs for counsel and witnesses. The hearing follows a structured protocol with opening statements, presentation of evidence, questions from the Committee, and closing statements; both parties have equal procedural opportunity.

The format is determined by the Appeals Committee considering the nature of the matter, the appellant’s preference, and practical considerations including jurisdictional convenience. Hearings may be conducted in person, by video conference, or in writing only. Appellants who would benefit from a specific format can express their preference in the Notice of Appeal; the Committee considers the preference but determines format based on the substantive needs of the matter.

Guardian’s Complaints Register (recording complaints and their resolutions) and Appeals Register (recording Appeals and decisions) are internal documentation reviewed by UAF during accreditation surveillance. They are not publicly disclosed in detail (which would breach confidentiality obligations to complainants and certified clients), but aggregate metrics — number of complaints, average resolution time, number of upheld complaints, number of Appeals, Appeals outcome distribution — may be included in Guardian’s annual reporting where that reporting is itself made available.

Ready to Get Started?

Apply for Certification

Submit a formal application. Initial response within 5 working days.

Apply Now

Request a Quote

Tell us about your product. Indicative quote within 3 to 5 working days.

Get a Quote

Talk to Our Team

Specific question or regulatory driver to discuss?

Contact Us