Public Registry Disclosure Thresholds
This policy defines what information GAFAIG may publish in the public certification registry, when it may be published, and what may be withheld or delayed. The goal is proportional transparency without publishing unverified claims, sensitive details, or information under active review.
1. Core registry fields
Unless otherwise restricted by this policy or program terms, GAFAIG may publish:
- Organization name
- Certification status (e.g., certified, suspended, revoked, expired)
- Certification tier (where applicable)
- Certified scope description
- Applicable standards (e.g., S-001, S-002)
- Effective date and renewal/expiry indicators
2. Conditional disclosures
GAFAIG may publish limited status history, decision summaries, or corrective action indicators when doing so improves clarity and reduces risk of deception, provided that the information is verified and publication does not violate confidentiality or fairness requirements.
3. Withheld or delayed disclosures
- Unverified allegations or incomplete investigative findings
- Confidential security details, exploit information, or sensitive operational data
- Personal data or information identifying individual complainants
- Proprietary applicant materials not required for public understanding
- Information subject to legal restriction or credible safety risk
4. Accuracy and corrections
GAFAIG may correct registry entries if errors are discovered or if new verified information materially changes the record. Corrections may include status updates, scope refinements, and clarifying notes. GAFAIG does not guarantee continuous uptime, but aims for timely updates consistent with program procedures.
5. Relationship to program terms
This policy is governed by GAFAIG program terms and may be updated with versioning. Applicants agree that GAFAIG may publish registry information consistent with this policy and controlling agreements.