Assurance & verification

How a BDAC credential is authenticated

What the credential means, how anyone can confirm it in under a minute, and why it holds weight without a government stamp — on the same footing as SOC 2.

Verify in under a minute

1

Scan or read the ID

Every badge carries a unique credential ID and a QR that resolves to its entry in this registry.

2

Read the live entry

The registry is the single source of truth. A copied badge image or PDF proves nothing on its own.

3

Confirm status & tier

See real-time state — valid, expired, suspended, or revoked — plus the assurance tier and validity.

Verify a credential →

Three assurance tiers

TierAssuranceHow it's assessedSigned by
1 · Self-AttestedBasicOrganisation completes the 12-domain questionnaire; declaration by an accountable officer.The organisation
2 · Facilitator-AssistedReviewedCompleted with a certified BDAC Facilitator; key evidence sighted and sampled.A named facilitator
3 · Independently AuditedIndependentFull evidence review by a BDAC lead assessor; verification report issued.A named lead assessor

What it is — and what it is not

✓ What it attests

  • DPDP Act readiness against a published control set, at a stated tier.
  • A supply-chain trust signal a data fiduciary can rely on when onboarding a vendor.
  • Evidence independently reviewed at Tiers 2 and 3, valid for a defined period.

✕ What it is not

  • Not a government licence, registration, or endorsement.
  • Not a substitute for the statutory independent audit required of Significant Data Fiduciaries.
  • Not a legal opinion or a guarantee against a breach — it attests readiness at the assessment date.

Why it holds weight without accreditation

For enterprises — require it in one line

Add this to vendor onboarding or your DPDP processor agreement:

"Vendors processing personal data on our behalf shall hold a current BDAC DPDPA credential at Tier 2 or above, and maintain a valid registry status for the term of this agreement."

Participating enterprises receive a free vendor-compliance dashboard showing which vendors hold a current credential, and at which tier.