From application to continuous assurance
Certification runs through six stages. The first four take an applicant from registration to a decision, backed by the accredited audit. The last two — Assurance and Renewal — are what keep the certificate meaningful for its full term.
A formal audit is a point-in-time snapshot. It is thorough and it is the basis for the certificate — but between one audit and the next, systems change, people change, and configurations drift. Historically that left a visibility gap of up to a year.
The platform's continuous-assurance layer closes that gap. It watches for drift, scores risk in real time, and feeds what it sees back to DESC and the accredited authorities. It is a layer that supports the BSI and CREST process between cycles — it never replaces the audit or the decision.
Validity & renewal
A three-year term with a surveillance check-in each year, kept live by continuous assurance in between.
Same three-year, annually-surveilled model, tuned to the operational signals of a SOC.
A two-year accreditation term, with continuous assurance tracking competency and conduct throughout.
Renewal is risk-based. A provider whose assurance history stayed clean follows a lighter renewal path; one whose risk climbed during the term gets more scrutiny. The loop closes back to Renewal — assurance feeds directly into how the next term is granted.
See it for a real application
Register to start your own, or verify a certificate that's already been issued.