Guardian SecureApp™ is an independent, third-party product certification scheme for the cybersecurity of modern digital applications. It is owned and operated by Guardian Assessment Private Limited, a Conformity Assessment Body (CAB) incorporated in India, operating under ISO/IEC 17065 — the internationally recognised standard for bodies certifying products, processes and services.
Certification under this Scheme provides independent, credible and repeatable third-party attestation that a digital product or service has implemented a defined set of cybersecurity controls appropriate to its risk profile, has been evaluated using structured methods, and is subject to ongoing surveillance throughout the certification cycle.
Guardian Assessment Private Limited
The principal objective of the Guardian SecureApp™ Scheme is to:
- Provide independent, credible and repeatable third-party certification that a digital product or service implements a defined set of cybersecurity controls appropriate to its risk profile;
- Ensure evaluation is conducted using structured methods and depth corresponding to the selected module(s) (A/B/C) and assurance level (1–3); and
- Subject certified products to an ongoing surveillance and change-management framework designed to maintain confidence in the certified claim throughout the certification cycle.
| Stakeholder | How the Scheme Supports Them |
|---|---|
| Customers and Regulators | Provides a transparent basis for assessing cybersecurity claims |
| Product Owners and Providers | Offers a recognised framework to demonstrate due diligence in secure design, implementation and operation |
| The Broader Market | Promotes consistent use of publicly available cybersecurity standards and good practices |
What certification means: Guardian SecureApp™ certification represents Guardian's attestation of conformity to the defined Scheme requirements at a point in time and within the scope described on the certificate.
Certification under this Scheme does NOT:
- Guarantee that the certified product or service is free from vulnerabilities, attacks or failures;
- Replace the legal, regulatory or contractual responsibilities of the certified client;
- Imply any acceptance, endorsement or warranty by OWASP, NIST or any other referenced organisation.
The certified client remains fully responsible for:
- The design, operation and maintenance of the certified product or service;
- Compliance with applicable law and regulation;
- Timely reporting of relevant changes, incidents and vulnerabilities as required by the Scheme Rules.
The Scheme is intended for, but not limited to, the following stakeholders:
| Stakeholder | Description | Examples |
|---|---|---|
| Product Owners / Providers | Organisations that develop, own or operate web applications, SaaS / multi-tenant platforms, APIs or microservices | Fintech platforms, SaaS companies, AI services, digital marketplaces |
| Customers and Relying Parties | Organisations procuring or relying on digital products who require evidence of structured cybersecurity evaluation | Enterprise procurement teams, financial institutions, government buyers |
| Regulators and Authorities | Authorities that may refer to independent product certification as part of their supervisory or market-access frameworks | Financial regulators, data protection authorities, sector regulators |
| Other Interested Parties | Insurers, investors, partners and other stakeholders who may use certification in their risk assessment or due-diligence processes | Cyber insurers, investment firms, technology partners |
The Scheme has been designed to be compatible with, but is not a replacement for, other security and compliance requirements such as:
- Information security management standards (e.g. ISO/IEC 27001 and related standards);
- Data protection and privacy regulations;
- Sector-specific cybersecurity or safety regulations;
- Other third-party assurance frameworks (e.g. SOC 2, PCI DSS).
Where applicable, evidence from such frameworks may be used as input to the evaluation process. However, certification under this Scheme is granted solely on the basis of conformity with the Scheme's own technical requirements and evaluation rules.
Governing Standard
This Scheme is designed and operated in accordance with ISO/IEC 17065 — Conformity assessment — Requirements for bodies certifying products, processes and services. The Scheme follows a Type 5 Product Certification Scheme as defined in ISO/IEC 17067, which includes product evaluation, development process assessment, independent certification decision, ongoing surveillance and recertification.