Follow us:
CREDIBLE™ Registrar
What the Registrar Governs?
.png)
-
Certification criteria by level (Foundation, Growth, Guardian)
-
Evidence requirements and verification steps
-
Issuance, renewal, suspension, and withdrawal rules
-
Complaints, appeals, and misuse of certification marks
-
Public register listing (certification level + validity period)
How Certification Is Awarded?
Application & Scoping
Step 1 — Confirm business profile, scope of personal data processing, key vendors and core processes
Verification Interview
Step 3 — Short interviews with the DPO and process owners to confirm controls are operational and understood
Evidence Review
Step 2 — Review accidents such as DPO accountability, policies / SOPs, inventory artefacts, training records, risk artefacts, incident readiness (level-dependent)
Certification Decision
Step 4 — Certification is granted when required controls and evidence for selected level are met
Listing on the Registrar
Step 5 — Certified organisations may be listed with certification level and validity period
Validity, Renewal & Surveillance
Validity period
Set your rule, e.g., 12 months
Optional Surveillance
Spot checks for higher tiers / sensitive sectors
Renewal
Evidence refresh + review of changes (vendors, processes, incidents)
Upgrade Path
Foundation → Growth → Guardian (dependency enforced)
Complaints, Suspension & Appeals
Stakeholders can report misuse of the certification mark
Certification may be suspended/withdrawn for material non-conformance
Registrar investigates and may require corrective actions
Appeals process available to ensure fairness