ATU-CPAC Digital Verification and Registry Standards
Standards for Credential Registration, Digital Verification, Certificate Numbering, Registry Controls, Data Protection, Status Management, and Public Trust
Summary
The ATU-CPAC Digital Verification and Registry Standards provide a comprehensive framework for ensuring that ATU-issued credentials are recorded, verified, protected, updated, and monitored through reliable registry and digital verification systems.
These standards help confirm the authenticity, validity, scope, category, and current status of professional certifications, assessed certificates, certificates of achievement, accreditation certificates, approved providers, authorized assessment centers, approved programs, and digital badges.
Through unique credential numbering, controlled registry entries, secure digital verification, privacy protection, status management, registry audits, misuse prevention, and continuous improvement, ATU-CPAC strengthens public trust in ATU-issued credentials and protects learners, certified professionals, providers, employers, partners, and stakeholders from false or misleading claims.
1. Purpose of the Standards
The ATU-CPAC Digital Verification and Registry Standards define the requirements for creating, managing, updating, protecting, verifying, and monitoring official registries and digital verification systems for ATU-issued credentials.
These standards are intended to ensure that professional certifications, assessed certificates, certificates of achievement, accreditation certificates, approved provider statuses, authorized assessment center statuses, approved program records, and related credential information can be verified accurately, securely, transparently, and reliably.
Digital verification and registry controls are essential to protect the credibility of ATU-issued credentials, prevent certificate misuse, support employers and stakeholders, and provide clear confirmation of credential authenticity, validity, scope, and current status.
ATU-CPAC regulates and governs registry and verification requirements, while all certificates, professional certifications, assessed certificates, and accreditation certificates remain issued in the name and under the authority of the Arab Trainers Union.
Standard 1: Registry Governance and Authority
1.1 Registry Governance Requirement
ATU-CPAC must maintain or oversee official registry and verification systems for credentials issued under the authority of the Arab Trainers Union.
1.2 Registry Authority
Only ATU, ATU-CPAC, or authorized registry administrators may create, update, approve, suspend, withdraw, revoke, or verify registry records.
1.3 Scope of Registry
The registry may include records relating to:
- Professional certifications
- Assessed training certificates
- Certificates of achievement
- Provider accreditation certificates
- Approved provider status
- Accredited provider status
- Premier accredited provider status
- Authorized assessment center status
- Accredited training programs
- Accredited professional programs
- Authorized delivery partners
- Digital badges where applicable
- Renewal status
- Suspension, withdrawal, or revocation status where applicable
1.4 Official Source of Verification
The official registry or approved verification system must serve as the trusted source for confirming credential authenticity and current status.
1.5 Final Authority
Registry information must reflect the official decisions approved under ATU-CPAC procedures and issued under the authority of the Arab Trainers Union.
Compliance Evidence
ATU-CPAC should maintain:
- Registry governance policy
- Registry responsibility matrix
- Authorized registry administrator list
- Registry approval procedure
- Certificate issuance procedure
- Registry update procedure
- Verification policy
- Registry access control records
- Registry audit logs
- Version control records
Standard 2: Registry Scope and Credential Categories
2.1 Credential Categories
Each registry record must be linked to an approved credential category.
Credential categories may include:
- ATU Professional Certification
- ATU Assessed Certificate
- Certificate of Achievement
- ATU Certificate of Accreditation
- Approved Provider
- Accredited Provider
- Premier Accredited Provider
- Authorized Assessment Center
- Accredited Training Program
- Accredited Professional Program
- Authorized Delivery Partner
- Digital Badge where applicable
2.2 Clear Category Distinction
The registry must clearly distinguish between professional certification, assessed certificate, attendance-based evidence where applicable, accreditation, program approval, provider approval, and partner authorization.
2.3 No Misleading Classification
A credential must not be listed in a way that misrepresents its category, level, scope, validity, or authority.
For example, an assessed training certificate must not be presented as a full professional certification unless the person has met all requirements of an approved professional certification scheme.
2.4 Registry Scope Statement
Each registry category should have a clear scope statement explaining what the record confirms and what it does not confirm.
Compliance Evidence
ATU-CPAC should maintain:
- Credential category list
- Registry category definitions
- Certificate type policy
- Professional certification registry rules
- Accreditation registry rules
- Program registry rules
- Digital badge registry rules where applicable
- Scope statements
- Public verification wording
- Registry classification review records
Standard 3: Unique Certificate and Credential Identification
3.1 Unique Identification Requirement
Every ATU-issued credential listed in the registry must have a unique certificate number, credential number, digital verification code, QR code, or approved identifier.
3.2 Numbering Control
Certificate and credential numbering must be controlled to prevent duplication, alteration, misuse, or unauthorized issuance.
3.3 Identification Structure
The credential identifier may include elements such as:
- Issuing authority code
- Credential category code
- Program or certification code
- Year of issue
- Serial number
- Country or provider code where applicable
- Verification code
- Renewal or version indicator where applicable
3.4 No Duplicate Records
The registry must prevent duplicate credential records unless a replacement certificate, reissued certificate, renewal, or corrected record is properly documented.
3.5 Replacement Certificate Control
Replacement certificates must retain traceability to the original record and must not create misleading duplicate credential status.
Compliance Evidence
ATU-CPAC should maintain:
- Certificate numbering policy
- Credential identifier structure
- Certificate numbering log
- Registry unique ID records
- QR code or verification code records
- Duplicate record checks
- Replacement certificate records
- Reissued certificate records
- Certificate cancellation records
- Audit trail records
Standard 4: Registry Data Fields
4.1 Minimum Registry Data
Each registry record must include sufficient information to verify the credential accurately.
4.2 Individual Credential Data Fields
For individual learners or certified professionals, registry data may include:
- Full name
- Certificate or certification title
- Credential category
- Certification level where applicable
- Specialization or scope where applicable
- Certificate number
- Issue date
- Expiry date where applicable
- Renewal status where applicable
- Current status
- Provider or program name where applicable
- Country where applicable
- Verification code or QR code
- Registry entry date
- Last update date
4.3 Provider and Center Registry Data Fields
For providers, centers, or partners, registry data may include:
- Legal name of provider or center
- Accreditation or authorization category
- Approved scope
- Country
- Accreditation number
- Issue date
- Expiry date
- Current status
- Approved programs where applicable
- Authorized locations or branches where applicable
- Verification code
- Last update date
4.4 Program Registry Data Fields
For approved programs, registry data may include:
- Program title
- Program category
- Program approval number
- Approved provider where applicable
- Program level where applicable
- Approved delivery mode
- Issue or approval date
- Expiry or review date where applicable
- Current status
- Scope or specialization
- Verification code
4.5 Data Accuracy
Registry data must match the approved certificate, decision record, provider scope, program approval, or certification decision.
Compliance Evidence
ATU-CPAC should maintain:
- Registry data field policy
- Data entry templates
- Certificate data forms
- Provider registry forms
- Program registry forms
- Data verification checklists
- Registry approval records
- Data correction records
- Registry audit logs
- Updated registry data reports
Standard 5: Credential Status Categories
5.1 Status Requirement
Each registry record must show a clear current status.
5.2 Individual Credential Status Categories
Individual credential status may include:
- Active
- Valid
- Expired
- Pending renewal
- Suspended
- Withdrawn
- Revoked
- Replaced
- Cancelled
- Under review
- Invalid
5.3 Provider or Center Status Categories
Provider, center, or partner status may include:
- Approved
- Accredited
- Active
- Conditional
- Under monitoring
- Suspended
- Withdrawn
- Expired
- Not renewed
- Revoked
- Under review
5.4 Program Status Categories
Program status may include:
- Approved
- Active
- Under review
- Suspended
- Withdrawn
- Expired
- Replaced by new version
- Not approved
5.5 Status Clarity
The registry must clearly explain the meaning of each status to avoid misunderstanding by employers, candidates, providers, or the public.
Compliance Evidence
ATU-CPAC should maintain:
- Status category policy
- Registry status definitions
- Status update procedure
- Suspension records
- Withdrawal records
- Revocation records
- Expiry records
- Renewal records
- Status change logs
- Public status wording
Standard 6: Digital Verification System
6.1 Digital Verification Requirement
ATU-CPAC must maintain or approve a digital verification method that allows authorized stakeholders to confirm the authenticity and current status of ATU-issued credentials.
6.2 Verification Methods
Digital verification may include:
- Online verification page
- Certificate number search
- QR code verification
- Digital badge verification
- Registry lookup
- Secure verification link
- Authorized institutional verification request
- API or system integration where approved
6.3 Verification Output
The verification system should display or confirm:
- Credential holder or provider name
- Credential title
- Credential category
- Certificate or accreditation number
- Issue date
- Expiry date where applicable
- Current status
- Scope or specialization where applicable
- Issuing authority
- Verification date
- Disclaimer or limitations where applicable
6.4 Verification Reliability
Verification results must be accurate, current, secure, and protected against unauthorized alteration.
6.5 Failed Verification
Where a certificate number or verification code cannot be verified, the system should provide clear guidance without exposing confidential data.
Compliance Evidence
ATU-CPAC should maintain:
- Digital verification policy
- Verification system records
- QR code records
- Digital badge verification records
- Verification output templates
- Verification test records
- Failed verification records
- System update logs
- Access control records
- Security audit records
Standard 7: Registry Entry Approval and Data Validation
7.1 Registry Entry Approval
No credential may be added to the registry unless the credential has been approved according to ATU-CPAC procedures.
7.2 Required Validation
Before a registry entry is created, the following must be validated where applicable:
- Candidate identity
- Candidate eligibility
- Assessment result
- IQA approval
- EQA approval where required
- Certificate issuance approval
- Provider scope
- Program approval
- Certificate title
- Certificate number
- Issue date
- Expiry date
- Registry consent where required
7.3 Provider Submission Validation
Where providers submit data for certificate issuance or registry entry, ATU-CPAC must verify that the submission is complete, accurate, and supported by required evidence.
7.4 Error Prevention
Registry data entry must include checks to reduce spelling errors, wrong certificate numbers, incorrect dates, duplicate records, and incorrect status classification.
7.5 Approval Sign-Off
Registry entry must be approved or authorized by a designated person before publication or verification activation.
Compliance Evidence
ATU-CPAC should maintain:
- Registry entry checklist
- Certificate approval record
- Candidate data verification record
- Provider submission records
- IQA and EQA approval records
- Data validation records
- Registry entry approval forms
- Data entry logs
- Error correction records
- Registry activation records
Standard 8: Provider and Partner Data Submission
8.1 Submission Requirement
Approved providers, accredited institutes, authorized assessment centers, and approved partners must submit accurate and complete data for certificate requests, registry records, and verification purposes.
8.2 Required Submission Data
Provider submissions may include:
- Learner or candidate name
- Identity number or approved identifier where applicable
- Program or certification title
- Assessment result
- Completion status
- Certificate category
- Issue request date
- Provider name
- Approved program code
- Attendance or participation confirmation where required
- IQA sign-off
- EQA approval where required
- Candidate consent where required
8.3 Submission Accuracy
The provider is responsible for ensuring that all submitted data is accurate, complete, and supported by evidence.
8.4 Submission Timeline
Providers must submit data within the required timeline and must respond promptly to ATU-CPAC requests for clarification or correction.
8.5 False or Misleading Submissions
False, misleading, incomplete, or unsupported submissions may result in certificate request refusal, corrective action, increased monitoring, suspension, or withdrawal of approval.
Compliance Evidence
Providers should maintain:
- Certificate request forms
- Candidate data forms
- Result records
- IQA sign-off records
- EQA approval records where applicable
- Attendance or participation records
- Candidate consent records
- Submission logs
- Data correction records
- ATU-CPAC correspondence
Standard 9: Public Registry and Privacy Controls
9.1 Public Registry Requirement
Where registry information is made public, it must be limited to information necessary for verification and public trust.
9.2 Privacy Protection
The registry must not disclose unnecessary personal data, sensitive information, assessment marks, private documents, identification numbers, contact details, or confidential records unless legally required or explicitly authorized.
9.3 Candidate Consent
Where required, candidates or credential holders must be informed of registry publication and verification use.
9.4 Public Verification Limitations
Public verification should confirm the credential, status, and scope without exposing confidential assessment evidence or personal documents.
9.5 Data Minimization
Only the minimum necessary data should be displayed publicly for verification purposes.
Compliance Evidence
ATU-CPAC should maintain:
- Public registry policy
- Privacy notice
- Candidate consent forms
- Data minimization policy
- Public data field list
- Verification output settings
- Data protection review records
- Registry access logs
- Data disclosure records
- Data correction request records
Standard 10: Data Protection and Confidentiality
10.1 Data Protection Requirement
All registry and verification data must be processed according to applicable data protection laws and ATU-CPAC policies.
10.2 Confidential Data
Confidential registry-related data may include:
- Personal identity records
- Candidate applications
- Assessment evidence
- Results
- Complaints and appeals
- Malpractice records
- Provider audit records
- Suspension or investigation details
- Internal decision records
- Registry administrator credentials
- System access logs
10.3 Access Control
Only authorized persons may access registry administration systems, credential records, certificate logs, verification databases, and status update functions.
10.4 Secure Storage
Registry data must be stored securely using appropriate technical and administrative controls.
10.5 Data Breach Response
Any suspected or confirmed data breach must be reported, investigated, documented, corrected, and escalated where required.
Compliance Evidence
ATU-CPAC should maintain:
- Data protection policy
- Registry confidentiality policy
- Access control records
- Administrator authorization records
- Data storage records
- Security logs
- Data breach reports
- Investigation records
- Corrective action records
- Staff confidentiality declarations
Standard 11: Digital Badge Standards
11.1 Digital Badge Governance
Where digital badges are issued, they must be controlled, verifiable, traceable, and linked to an approved credential record.
11.2 Badge Information
A digital badge should include or link to:
- Badge holder name
- Credential title
- Credential category
- Issuing authority
- Issue date
- Expiry date where applicable
- Criteria achieved
- Verification link
- Credential status
- Scope or specialization where applicable
11.3 Badge Validity
Digital badges must reflect the current status of the credential. If the credential expires, is suspended, withdrawn, or revoked, the badge status must be updated.
11.4 Badge Misuse
Digital badges must not be copied, altered, used by another person, used after expiry, or used to claim a credential outside its approved scope.
11.5 Badge Platform Control
Digital badge platforms must be secure, reliable, and capable of supporting verification and status updates.
Compliance Evidence
ATU-CPAC should maintain:
- Digital badge policy
- Badge template approvals
- Badge issuance records
- Badge metadata records
- Badge verification links
- Badge status update records
- Badge misuse reports
- Badge revocation records
- Platform security records
- Candidate badge consent records
Standard 12: QR Code and Secure Verification Link Controls
12.1 QR Code Requirement
Where QR codes are used, they must link to an official verification record or approved verification page.
12.2 Secure Verification Link
Verification links must be secure, stable, controlled, and protected against unauthorized redirection or manipulation.
12.3 QR Code Accuracy
QR codes must be tested before certificate issuance to ensure that they display the correct credential record.
12.4 QR Code Misuse
QR codes must not be reused, copied to false certificates, altered, or linked to unofficial verification pages.
12.5 Deactivation and Status Updates
If a certificate is cancelled, replaced, suspended, withdrawn, or revoked, the QR code or verification link must display the correct updated status.
Compliance Evidence
ATU-CPAC should maintain:
- QR code policy
- QR code generation records
- Verification link records
- QR code test records
- Certificate template records
- QR code misuse reports
- Deactivation records
- Status update records
- Security review records
Standard 13: Registry Status Change Controls
13.1 Status Change Requirement
Any change to registry status must be authorized, documented, justified, and traceable.
13.2 Status Change Events
Registry status may change due to:
- Certificate expiry
- Renewal
- Suspension
- Withdrawal
- Revocation
- Replacement certificate
- Data correction
- Appeal outcome
- Investigation outcome
- Provider accreditation change
- Program approval change
- Certification scope change
13.3 Authorization of Changes
Only authorized persons may update registry status.
13.4 Status Change Notification
Where appropriate, the credential holder, provider, or relevant stakeholder should be informed of status changes.
13.5 Appeal Linkage
Where a status change is linked to a sanction, suspension, withdrawal, or revocation, the appeal process must be available according to approved policy.
Compliance Evidence
ATU-CPAC should maintain:
- Status change policy
- Status change request forms
- Authorization records
- Reason for change records
- Decision letters
- Appeal records
- Registry update logs
- Notification records
- Audit trail records
- Corrected public verification records
Standard 14: Renewal, Expiry, and Continuing Validity Controls
14.1 Expiry Tracking
Registry systems must track expiry dates for credentials that have a defined validity period.
14.2 Renewal Status
Where renewal is required, the registry should distinguish between active, pending renewal, expired, renewed, suspended, withdrawn, or revoked status.
14.3 Renewal Evidence
Renewal may require evidence such as:
- CPD records
- Professional practice evidence
- Updated ethics declaration
- Renewal fee where applicable
- Refresher assessment where applicable
- Updated portfolio where applicable
- Compliance with certification requirements
14.4 Renewal Approval
Registry status must not be updated to renewed unless renewal has been approved according to ATU-CPAC procedures.
14.5 Expired Credential Use
Credential holders must not present expired credentials as active.
Compliance Evidence
ATU-CPAC should maintain:
- Renewal policy
- Expiry tracking records
- Renewal application records
- CPD records
- Renewal approval records
- Registry renewal logs
- Expiry notification records
- Reinstatement records
- Expired status records
- Credential holder communication records
Standard 15: Suspension, Withdrawal, and Revocation in the Registry
15.1 Status Protection
Where a credential, provider approval, program approval, or assessment center authorization is suspended, withdrawn, or revoked, the registry must be updated according to approved procedures.
15.2 Grounds for Status Change
Suspension, withdrawal, or revocation may result from:
- Misuse of certificate or certification title
- False or misleading information
- Assessment malpractice
- Ethical breach
- Failure to meet renewal requirements
- Provider non-compliance
- Unauthorized certificate activity
- Misleading public claims
- Serious quality assurance failure
- Registry misuse
- Investigation outcome
15.3 Public Display
The registry may display status as suspended, withdrawn, revoked, expired, or invalid where permitted by policy and data protection requirements.
15.4 Due Process
Status changes based on misconduct or sanction must follow approved decision-making and appeal procedures.
15.5 Reinstatement
Where reinstatement is permitted, the registry must record the reinstatement decision and update status only after all required conditions are met.
Compliance Evidence
ATU-CPAC should maintain:
- Suspension policy
- Withdrawal policy
- Revocation policy
- Decision records
- Investigation records
- Appeal records
- Registry update records
- Public status records
- Reinstatement records
- Notification records
Standard 16: Data Correction, Amendment, and Replacement Records
16.1 Correction Requirement
Registry data must be corrected where an approved error is identified.
16.2 Correction Requests
Correction requests may relate to:
- Spelling of name
- Certificate title
- Certificate number
- Issue date
- Expiry date
- Provider name
- Program title
- Status category
- Scope or specialization
- Registry display error
16.3 Evidence for Correction
Corrections must be supported by evidence and must not be used to alter credential decisions improperly.
16.4 Amendment Approval
Corrections and amendments must be approved by authorized personnel before registry update.
16.5 Audit Trail
All corrections must be traceable and must preserve the original record history where appropriate.
Compliance Evidence
ATU-CPAC should maintain:
- Data correction policy
- Correction request forms
- Supporting evidence
- Approval records
- Original data record
- Corrected data record
- Audit trail logs
- Candidate or provider notification records
- Replacement certificate records
- Registry update logs
Standard 17: Registry Security and System Integrity
17.1 System Security Requirement
Registry and verification systems must be protected from unauthorized access, data loss, alteration, duplication, cyber risk, or misuse.
17.2 Security Controls
Security controls may include:
- User authentication
- Role-based access
- Strong password controls
- Administrative approval levels
- Activity logs
- Backup procedures
- Data encryption where applicable
- Secure hosting
- Malware protection
- System monitoring
- Incident response procedure
17.3 Administrator Access
Registry administrator access must be limited to authorized personnel and reviewed periodically.
17.4 Backup and Recovery
Registry data must be backed up and recoverable in case of system failure, data loss, or technical incident.
17.5 Security Incident Response
Any security incident affecting registry integrity must be reported, investigated, corrected, and documented.
Compliance Evidence
ATU-CPAC should maintain:
- Registry security policy
- Access control list
- Administrator approval records
- Login and activity logs
- Backup records
- Recovery test records
- Security incident reports
- System monitoring records
- Corrective action records
- Periodic access review records
Standard 18: Verification Requests from Employers and Stakeholders
18.1 Verification Request Process
ATU-CPAC may provide verification services to employers, institutions, government bodies, partners, or other stakeholders according to approved procedures.
18.2 Request Requirements
Verification requests may require:
- Certificate number
- Credential holder name
- Authorization or consent where required
- Requesting organization details
- Purpose of verification
- Contact information
- Supporting document copy where appropriate
18.3 Verification Response
The verification response should confirm only appropriate information, such as:
- Whether the credential is authentic
- Credential title
- Issue date
- Current status
- Expiry date where applicable
- Scope or specialization where applicable
- Whether the certificate is active, expired, suspended, withdrawn, revoked, or invalid
18.4 Confidentiality
Verification responses must not disclose unnecessary personal data, assessment scores, private evidence, complaints, appeals, or investigation details.
18.5 Verification Recordkeeping
All formal verification requests and responses should be recorded.
Compliance Evidence
ATU-CPAC should maintain:
- Verification request policy
- Verification request forms
- Consent records where required
- Verification response records
- Employer communication logs
- Disclosure records
- Verification register
- Data protection review records
- Failed verification records
Standard 19: Registry and Verification Audit
19.1 Audit Requirement
Registry and verification systems must be subject to periodic audit to confirm accuracy, reliability, security, and compliance.
19.2 Audit Areas
Registry audits may review:
- Certificate number accuracy
- Duplicate record prevention
- Status accuracy
- Expiry and renewal tracking
- Provider scope accuracy
- Program approval accuracy
- QR code function
- Digital badge function
- Data protection compliance
- Access control
- Audit logs
- Correction records
- Suspended or revoked records
- Public verification output
19.3 Sampling
Audits may include sampling of issued certificates, registry entries, provider records, candidate records, verification requests, and status changes.
19.4 Corrective Action
Any registry or verification error identified during audit must be corrected and documented.
Compliance Evidence
ATU-CPAC should maintain:
- Registry audit plan
- Registry audit reports
- Sampled records
- Data accuracy reports
- QR code test records
- Access review reports
- Error logs
- Corrective action records
- Audit closure records
- Management review records
Standard 20: Integration with Provider Systems and Partner Platforms
20.1 Integration Control
Where ATU-CPAC registry or verification systems integrate with provider systems, partner platforms, digital badge platforms, learning management systems, or assessment platforms, the integration must be approved and controlled.
20.2 Data Transfer Requirements
Data transfer must be:
- Accurate
- Secure
- Authorized
- Traceable
- Limited to required fields
- Protected from unauthorized access
- Supported by consent where required
- Compliant with data protection requirements
20.3 Provider System Limitations
Providers and partners must not operate unofficial registries that appear to replace the official ATU-CPAC registry unless expressly authorized.
20.4 Integration Testing
System integrations must be tested before use to confirm correct data transfer, status display, and verification function.
20.5 Integration Monitoring
Integrated systems must be monitored periodically for accuracy, security, and compliance.
Compliance Evidence
ATU-CPAC and providers should maintain:
- Integration approval records
- Data sharing agreement
- Technical specifications
- Data transfer logs
- Integration test records
- Access control records
- Data protection review records
- Error reports
- Corrective action records
- Periodic integration review records
Standard 21: Registry Misuse and Fraud Prevention
21.1 Fraud Prevention Requirement
ATU-CPAC must maintain controls to prevent and detect misuse of registry systems, certificate numbers, verification links, QR codes, digital badges, and credential records.
21.2 Examples of Registry Misuse
Misuse may include:
- Fake certificate number
- Altered certificate
- Unauthorized QR code
- False digital badge
- Use of another person’s certificate
- Claiming active status after expiry
- Claiming certification not recorded in the registry
- Creating unofficial verification pages
- Misrepresenting provider accreditation status
- Manipulating registry data
- Unauthorized access to registry systems
21.3 Detection Controls
Detection controls may include:
- Public verification search
- Certificate number validation
- Duplicate number checks
- QR code scanning
- Digital badge status check
- Registry audit
- Employer verification requests
- Misuse reporting channel
- Monitoring of public claims
- Investigation of suspicious records
21.4 Response to Misuse
Confirmed misuse may result in correction, public clarification, certificate cancellation, registry status update, suspension, withdrawal, revocation, provider sanction, or referral to competent authority where applicable.
Compliance Evidence
ATU-CPAC should maintain:
- Registry misuse policy
- Fraud prevention procedure
- Misuse reports
- Investigation records
- Public claim review records
- Certificate cancellation records
- Registry status update records
- Corrective action records
- Sanction records
- Referral records where applicable
Standard 22: Public Information and Registry Disclaimer
22.1 Public Information Requirement
The registry and verification page must provide clear public information explaining how verification works and what registry status means.
22.2 Required Public Information
Public information may include:
- Purpose of verification
- Types of credentials listed
- Meaning of status categories
- Limits of verification
- How to report suspected misuse
- How to request data correction
- How employers may verify credentials
- Data protection statement
- Contact point for registry inquiries
- Disclaimer for regulated sectors where applicable
22.3 Regulated Sector Disclaimer
Where a credential relates to a regulated sector, public wording must clarify that ATU certification or certificate does not replace statutory licensing, governmental registration, or competent authority approval unless formally recognized.
22.4 No Overstatement
The registry must not overstate the legal or professional effect of any credential.
Compliance Evidence
ATU-CPAC should maintain:
- Registry public information page
- Status explanation page
- Verification disclaimer
- Regulated sector disclaimer
- Misuse reporting guidance
- Data correction guidance
- Employer verification guidance
- Public wording approval records
- Review records
Standard 23: Registry Reporting and Management Review
23.1 Registry Reporting Requirement
ATU-CPAC should produce periodic registry reports to support governance, monitoring, quality assurance, and continuous improvement.
23.2 Registry Reports May Include
Registry reports may cover:
- Number of credentials issued
- Number of active credentials
- Expired credentials
- Renewed credentials
- Suspended credentials
- Withdrawn or revoked credentials
- Provider accreditation status
- Program approval status
- Verification request volume
- Failed verification attempts
- Data correction requests
- Misuse reports
- Registry errors
- System incidents
23.3 Management Review
Registry reports should be reviewed by ATU-CPAC management or the relevant committee to identify risks, trends, and improvement actions.
23.4 Improvement Actions
Registry reporting should support improvement in:
- Certificate controls
- Verification process
- Data accuracy
- Provider submissions
- Renewal reminders
- Misuse prevention
- Public guidance
- Digital security
- Registry user experience
Compliance Evidence
ATU-CPAC should maintain:
- Registry performance reports
- Verification activity reports
- Credential status reports
- Misuse trend reports
- Data correction reports
- Management review minutes
- Improvement action plans
- Follow-up records
- Updated registry procedures
Standard 24: Business Continuity and Registry Availability
24.1 Availability Requirement
The digital verification and registry system should be available and reliable so that stakeholders can verify credentials when needed.
24.2 Business Continuity
ATU-CPAC must maintain continuity arrangements for registry and verification services in case of technical failure, cyber incident, hosting issue, system upgrade, or data loss.
24.3 Backup Verification Method
Where the digital system is unavailable, ATU-CPAC should provide an approved alternative verification process.
24.4 System Maintenance
System maintenance should be planned, documented, and communicated where it affects public verification access.
24.5 Recovery Testing
Backup and recovery procedures should be tested periodically.
Compliance Evidence
ATU-CPAC should maintain:
- Business continuity plan
- Registry backup records
- Recovery procedure
- Recovery test records
- System maintenance logs
- Downtime records
- Alternative verification procedure
- Incident communication records
- System restoration records
Digital Verification and Registry Methodology Framework
ATU-CPAC digital verification and registry controls may use a combination of the following methodologies according to credential type, risk level, registry platform, and verification purpose.
1. Certificate Number Verification
Each certificate is checked using a unique certificate number or approved credential identifier.
2. QR Code Verification
Certificates may include QR codes linking to an official verification page or registry record.
3. Public Registry Search
Stakeholders may search approved public registry fields to confirm credential authenticity and status.
4. Digital Badge Verification
Digital badges may link to verified metadata showing achievement criteria, issue date, expiry date, and current status.
5. Provider Status Verification
Approved providers, accredited providers, assessment centers, and partners may be verified through official registry records.
6. Program Approval Verification
Approved programs may be verified by title, approval number, provider, scope, status, and validity period.
7. Employer Verification Request
Employers or institutions may request formal verification according to approved procedures and privacy controls.
8. Registry Audit
Registry records are periodically audited to confirm accuracy, status, certificate numbering, security, and compliance.
9. Status Management
Credential records are updated when credentials are renewed, expired, suspended, withdrawn, revoked, corrected, or replaced.
10. Misuse Investigation
Suspected fake, altered, expired, or misrepresented credentials are investigated and corrected according to approved procedures.
Compliance Rating System
ATU-CPAC may classify digital verification and registry compliance findings as follows:
Compliant
The registry, verification system, provider submission, certificate record, or digital badge meets the standard and maintains sufficient evidence.
Minor Non-Compliance
The requirement is generally met, but documentation, data entry, status wording, correction process, access review, or recordkeeping requires improvement.
Major Non-Compliance
A key registry or verification requirement is not met, creating risk to credential authenticity, data accuracy, public trust, certificate control, provider verification, or status reliability.
Critical Non-Compliance
There is serious failure, unauthorized registry access, false certificate entry, certificate number duplication, data misuse, registry manipulation, fake verification page, unauthorized badge issuance, or conduct that threatens the credibility of ATU-issued credentials.
Registry and Verification Decisions
Based on registry review, verification findings, audit outcomes, or investigation results, ATU-CPAC may issue or recommend one or more of the following decisions:
- Registry entry approved
- Registry entry approved with correction
- Registry entry withheld pending evidence
- Registry entry refused
- Certificate verification activated
- Certificate verification suspended
- Certificate record corrected
- Certificate record replaced
- Credential status changed to active
- Credential status changed to expired
- Credential status changed to suspended
- Credential status changed to withdrawn
- Credential status changed to revoked
- Provider status updated
- Program status updated
- Digital badge issued
- Digital badge suspended or revoked
- Public verification wording corrected
- Misuse investigation opened
- Corrective action required
- Registry access restricted
- Matter escalated to ATU-CPAC committee
- Matter referred to competent authority where applicable
Obligations of ATU-CPAC
ATU-CPAC must:
- Maintain official registry and verification standards
- Control credential numbering and verification codes
- Approve registry entries before publication
- Protect registry data and confidential records
- Maintain accurate status categories
- Update registry records when status changes
- Provide secure digital verification methods
- Prevent misuse of certificate numbers and digital badges
- Conduct registry audits
- Respond to correction requests
- Support employer and stakeholder verification
- Maintain registry records securely
- Use registry data for continuous improvement
- Protect public trust in ATU-issued credentials
Obligations of Approved Providers and Centers
Approved providers and authorized centers must:
- Submit accurate candidate and certificate data
- Submit data only for approved programs and candidates
- Verify learner or candidate identity
- Confirm assessment completion and result accuracy
- Maintain IQA evidence before certificate request
- Submit certificate requests within approved scope
- Correct data errors promptly
- Protect learner and candidate personal data
- Avoid issuing unofficial certificates
- Avoid creating unofficial registries that mislead the public
- Report suspected certificate misuse
- Cooperate with registry audits and verification reviews
Obligations of Certified Professionals and Credential Holders
Certified professionals and credential holders must:
- Use certificates and digital badges accurately
- Avoid altering certificates or verification codes
- Use certification titles only within approved scope
- Stop using expired, suspended, withdrawn, or revoked credentials
- Report incorrect registry data promptly
- Avoid sharing credentials in misleading ways
- Comply with renewal requirements where applicable
- Cooperate with verification or investigation requests
- Protect the credibility of ATU-issued credentials
Obligations of Employers and Verification Users
Employers, institutions, and verification users should:
- Use official verification channels
- Check certificate number, title, status, and validity
- Avoid relying on screenshots or altered documents alone
- Request formal verification where necessary
- Respect data protection and confidentiality requirements
- Report suspected fake or altered certificates
- Understand the limits of the credential scope
- Avoid misusing registry information
Minimum Digital Verification and Registry File Requirements
Each ATU-CPAC registry and verification file should include:
- Registry governance policy
- Verification policy
- Credential category definitions
- Certificate numbering policy
- Certificate numbering log
- Registry data field list
- Registry entry approval records
- Candidate or provider data validation records
- Certificate issuance approval records
- Registry publication records
- Verification code or QR code records
- Digital badge records where applicable
- Provider submission records
- Candidate consent records where required
- Data protection policy
- Access control records
- Administrator authorization records
- Status change records
- Renewal and expiry records
- Suspension, withdrawal, and revocation records
- Data correction records
- Registry audit reports
- Verification request records
- Failed verification records
- Misuse investigation records
- Security incident records
- Backup and recovery records
- Management review records
- Continuous improvement records
- Version control records



