[contact-form-7 id="3224" title="Events Join Form"]

Email Us: guardianassessment@gmail.com

guardain logo
Get In Touch

Guardian SecureApp™ Product Certification Scheme Rules

Guardian Certification > Guardian SecureApp™ Product Certification Scheme Rules
Guardian SecureApp™ Product Certification Scheme Rules – Guardian PrCB

Abstract

The GUARDIAN SECURE-APP™ Product Certification Scheme Rules define how Guardian Assessment Pvt. Ltd. evaluates and certifies digital products, web applications, SaaS platforms, and APIs/microservices against structured cybersecurity requirements. Based on ISO/IEC 17065 and using public, non-proprietary frameworks such as OWASP ASVS, OWASP API Security and selected NIST practices, the Scheme applies risk-based assurance levels (1–3) and clear rules for evaluation, decision, surveillance, incidents, and changes. It also sets out the conditions for using the Guardian SecureApp™ certificate and mark, the operation of the public directory, and the governance, impartiality and continual review of the Scheme to ensure that certifications remain credible, transparent and technically robust.

Guardian Secure-App™ Product Certification Scheme Rules
Document Reference GSA-PR-01 — Annex A
Standard ISO/IEC 17065 — Conformity assessment — Requirements for bodies certifying products, processes and services
Scheme Owner Guardian Assessment Private Limited (CIN: U74999MH2018PTC307933)
Accreditation Body United Accreditation Foundation (UAF) — Accreditation Under Process
Geographical Scope International — subject to applicable legal and regulatory requirements
⬇ Download Document
What This Document Covers

The Scheme Rules (Annex A to GSA-PR-01) is the normative document that defines all rules, requirements and procedures for the Guardian SecureApp™ Product Certification Scheme. It is structured into 14 sections:

A.0

Scheme Identification and Ownership

  • Scheme name and short description
  • Scheme Owner — legal entity, address, legal status
  • Conformity assessment activity and applicable standard
  • Geographical area of acceptance
  • Links to other schemes / standards
  • Reference to UAF Scheme Suitability / IAF MD 25
A.1

Objective and Scheme Overview

  • Objective of the Guardian SecureApp™ Scheme
  • Nature and limitations of certification
  • Target users and stakeholders
  • Relationship with other standards, regulations and certifications
  • Cross-reference to GSA-PR-01
A.2

Scope of Certification

  • Products and services covered
  • Exclusions and limitations
  • Scope statement for certificates (mandatory elements)
  • Cross-reference to GSA-PR-07 (application & contract)
A.3

Scheme Options — Modules and Assurance Levels

  • Description of modules (A / B / C)
  • Assurance levels (1 – Basic, 2 – Enhanced, 3 – High)
  • Allowed module–level combinations
  • Rules for upgrading or downgrading assurance level
A.4

Normative and Informative References

  • Normative references
  • Technical normative criteria (OWASP ASVS, OWASP API Security Top 10, OWASP Top 10, NIST)
  • Informative references
  • Cross-reference to technical annexes / checklists
A.5

Terms and Definitions

  • General reference
  • Scheme-specific definitions (Applicant, Certified Client, Product, Module, Assurance Level, Evaluation, Nonconformity, Incident, Major Change, Guardian SecureApp™ Mark, Scheme Rules)
  • Cross-reference to GSA-MN-01
A.6

Eligibility and Application Requirements

  • Eligibility criteria for applicants
  • Minimum documentation required with application
  • Use of existing certifications as supporting evidence
  • Application form and required declarations
  • Conditions for refusal or deferral of applications
A.7

Technical Requirements and Evaluation Criteria

  • Object of conformity assessment
  • Requirements against which conformity is assessed
  • Module–level mapping of technical requirements
  • Reference to technical evaluation checklists and working documents
A.8

Evaluation Methods and Use of ICT

  • Evaluation stages
  • Types of evaluation activities
  • Use of ICT in evaluations (remote / hybrid)
  • Sampling rules
A.9

Nonconformities, Grading and Corrective Actions

  • Types of findings (Major, Minor, Observation)
  • Nonconformity grading
  • Timeframes for corrective action and evidence submission
  • Treatment of open nonconformities
A.10

Certification Decision Rules

  • Inputs to certification decision
  • Conditions to grant certification
  • Conditions to refuse or withdraw an application
  • Statement of Conformity — wording and rules
  • Certificate content and separation of evaluation and decision
A.11

Certification Cycle, Validity and Surveillance

  • Certification cycle and validity period
  • Surveillance strategy and frequency
  • Recertification strategy and conditions
  • Monitoring of ongoing compliance — client obligations
A.12

Changes, Incidents and Special Evaluations

  • Client obligations to report changes and incidents
  • Change classification (minor / major / critical)
  • Treatment of reported incidents, vulnerabilities and breaches
  • Conditions for special evaluations
A.13

Use of Certificate, Mark and Claims

  • Conditions of use of the certificate
  • Guardian SecureApp™ mark — description and protection
  • Rules for mark usage (media, websites, product pages)
  • Prohibited uses and misleading claims
  • Monitoring of mark and claim usage

This Annex A is a normative component of GSA-PR-01 and shall be applied together with the Guardian SecureApp™ Policy Manual (GSA-MN-01) and all referenced procedures (GSA-PR-01 to GSA-PR-15). Where any inconsistency exists between this document and referenced procedures, the Scheme Rules take precedence.

Download the Scheme Rules Document

The full Guardian SecureApp™ Product Certification Scheme Rules (GSA-PR-01 Annex A) is available for download.

⬇ Download Scheme Rules
error: Content is protected !!
Call Now Button