Guardian Assessment Private Limited is committed to operating the Guardian SecureApp™ certification scheme in a manner that is impartial, independent, transparent and free from any influence that could compromise the integrity of its certification decisions. This page describes Guardian's governance structure, impartiality commitments, conflict of interest management, and confidentiality policy, in accordance with ISO/IEC 17065 Clauses 4.2, 4.5, 5.1 and 5.2.
Guardian's Impartiality Commitment
Guardian Assessment Private Limited is committed to ensuring that all certification decisions under the Guardian SecureApp™ Scheme are made impartially, objectively and independently, free from commercial, financial, political or other pressures. The integrity of our certification decisions is the foundation of the trust that clients, customers, regulators and the public place in the Guardian SecureApp™ certification mark.
Guardian recognises that impartiality is achieved and maintained by:
- Clearly separating evaluation activities from certification decision-making — the personnel who conduct the evaluation do not make the certification decision;
- Identifying, assessing and managing all risks to impartiality arising from relationships with related bodies, clients, personnel and other interested parties;
- Prohibiting personnel from conducting evaluations for organisations with which they have a conflict of interest;
- Operating an independent impartiality mechanism (committee) that provides oversight of the Scheme's impartiality policies and practices;
- Not providing consultancy services on the same products for which certification is sought;
- Applying a two-year cooling-off period for personnel who have previously been employed by, or provided consultancy to, a client before they may be involved in that client's certification activities.
Guardian Assessment Private Limited is a company incorporated under the laws of India. Its governance structure for the Guardian SecureApp™ Scheme includes:
Overall Responsibility
Overall responsibility for the operation of the Guardian SecureApp™ Scheme, approval of policies and procedures, and ensuring adequate resources.
Day-to-Day Management
Day-to-day management of the Scheme; coordination of evaluations; liaison with clients; document control and compliance with ISO/IEC 17065.
Independent Certification Decisions
Makes or approves certification decisions independently of the evaluation team; must not have been involved in the evaluation being decided upon.
Technical Evaluations
Conduct technical evaluations (vulnerability assessment, penetration testing, architecture review, SDL/SDLC review) in accordance with the Scheme's evaluation procedures.
Independent Oversight
Independent body providing oversight of impartiality, reviewing conflicts of interest and providing input on the Scheme's impartiality policies. Balanced representation of interested parties ensuring no single interest predominates.
Quality & Compliance
Oversees document control, internal audits, corrective actions and management reviews to ensure ongoing compliance with ISO/IEC 17065.
Guardian actively identifies and manages conflicts of interest throughout the certification process. A conflict of interest exists where a relationship between Guardian personnel (or the organisation itself) and a client or applicant could compromise, or appear to compromise, the impartiality of the evaluation or certification decision.
Guardian's approach to conflict of interest management includes:
- Requiring all personnel involved in certification activities to declare any actual or potential conflicts of interest before assignment;
- Maintaining a register of conflicts of interest and reviewing it regularly;
- Reassigning evaluation and decision roles where a conflict is identified;
- Applying a two-year cooling-off period for personnel who have been employed by or provided consultancy to an applicant or client;
- Ensuring that personnel who have performed consultancy for a client may not review or approve the resolution of a complaint or appeal relating to that client within two years;
- Reviewing conflict of interest management effectiveness through internal audits and management reviews.
Guardian does not provide consultancy or advisory services on cybersecurity to organisations seeking certification. No financial incentive (such as commissions or bonuses) is linked to the outcome of certification decisions.
Guardian applies its certification procedures to all applicants and clients consistently and without discrimination. Access to the Guardian SecureApp™ certification scheme is not conditional on membership of any organisation or association. Fees, processes and treatment are applied equally regardless of the applicant's size, nationality, geography or any other characteristic unrelated to the merits of the certification application.
Guardian is committed to protecting the confidentiality of all information obtained from, or about, applicants and certified clients in the course of certification activities.
🔒 What We Keep Confidential
- Technical and architectural information about the applicant's product (e.g. architecture diagrams, source code, configuration details, security assessment reports);
- Evaluation findings, nonconformity reports and corrective action records;
- Business, financial and commercial information about the applicant or client;
- Information about the identity of clients or applicants unless publicly disclosed by the client themselves;
- Complaint and appeal records identifying specific parties.
📢 What We Disclose Publicly
- The name and address of the certified client (legal entity);
- The name and version / release family of the certified product;
- The module(s) and assurance level(s) for which certification has been granted;
- The scope of certification (as stated on the certificate);
- The certificate issue date and validity period;
- The current certification status (Active, Suspended, Withdrawn or Expired).
All Guardian personnel, external evaluators, committee members and any other persons acting on Guardian's behalf are required to sign confidentiality agreements and are bound by confidentiality obligations throughout their engagement and after it ends.
No confidential technical findings, evaluation details or business information are included in the public directory.
Guardian may disclose otherwise confidential information in the following limited circumstances:
- When required by law, regulation or court order;
- To the Accreditation Body (United Accreditation Foundation — UAF) for the purposes of accreditation assessment and oversight;
- To regulators or authorities where legally required;
- To the applicant or client whose information it is, where they have consented or where the disclosure relates to their own certification;
- Where the client has publicly disclosed the information themselves.
Limited Disclosure Principle
In all such cases, Guardian will limit disclosure to what is strictly necessary and will inform the client of the disclosure wherever legally permissible.
United Accreditation Foundation (UAF)
Guardian Assessment Private Limited is pursuing accreditation for the Guardian SecureApp™ Scheme with the United Accreditation Foundation (UAF) under ISO/IEC 17065. Accreditation is currently under process. Once granted, the scope of Guardian's accreditation will be defined in the UAF accreditation certificate, which will be available for verification through the UAF public directory. Guardian's accreditation status will be subject to ongoing oversight by UAF including periodic reassessment.