ATU-CPAC Digital Verification and Registry Standards

ATU-CPAC Digital Verification and Registry Standards

Standards for Credential Registration, Digital Verification, Certificate Numbering, Registry Controls, Data Protection, Status Management, and Public Trust

Summary

The ATU-CPAC Digital Verification and Registry Standards provide a comprehensive framework for ensuring that ATU-issued credentials are recorded, verified, protected, updated, and monitored through reliable registry and digital verification systems.

These standards help confirm the authenticity, validity, scope, category, and current status of professional certifications, assessed certificates, certificates of achievement, accreditation certificates, approved providers, authorized assessment centers, approved programs, and digital badges.

Through unique credential numbering, controlled registry entries, secure digital verification, privacy protection, status management, registry audits, misuse prevention, and continuous improvement, ATU-CPAC strengthens public trust in ATU-issued credentials and protects learners, certified professionals, providers, employers, partners, and stakeholders from false or misleading claims.

1. Purpose of the Standards

The ATU-CPAC Digital Verification and Registry Standards define the requirements for creating, managing, updating, protecting, verifying, and monitoring official registries and digital verification systems for ATU-issued credentials.

These standards are intended to ensure that professional certifications, assessed certificates, certificates of achievement, accreditation certificates, approved provider statuses, authorized assessment center statuses, approved program records, and related credential information can be verified accurately, securely, transparently, and reliably.

Digital verification and registry controls are essential to protect the credibility of ATU-issued credentials, prevent certificate misuse, support employers and stakeholders, and provide clear confirmation of credential authenticity, validity, scope, and current status.

ATU-CPAC regulates and governs registry and verification requirements, while all certificates, professional certifications, assessed certificates, and accreditation certificates remain issued in the name and under the authority of the Arab Trainers Union.

Standard 1: Registry Governance and Authority

1.1 Registry Governance Requirement

ATU-CPAC must maintain or oversee official registry and verification systems for credentials issued under the authority of the Arab Trainers Union.

1.2 Registry Authority

Only ATU, ATU-CPAC, or authorized registry administrators may create, update, approve, suspend, withdraw, revoke, or verify registry records.

1.3 Scope of Registry

The registry may include records relating to:

  • Professional certifications
  • Assessed training certificates
  • Certificates of achievement
  • Provider accreditation certificates
  • Approved provider status
  • Accredited provider status
  • Premier accredited provider status
  • Authorized assessment center status
  • Accredited training programs
  • Accredited professional programs
  • Authorized delivery partners
  • Digital badges where applicable
  • Renewal status
  • Suspension, withdrawal, or revocation status where applicable

1.4 Official Source of Verification

The official registry or approved verification system must serve as the trusted source for confirming credential authenticity and current status.

1.5 Final Authority

Registry information must reflect the official decisions approved under ATU-CPAC procedures and issued under the authority of the Arab Trainers Union.

Compliance Evidence

ATU-CPAC should maintain:

  • Registry governance policy
  • Registry responsibility matrix
  • Authorized registry administrator list
  • Registry approval procedure
  • Certificate issuance procedure
  • Registry update procedure
  • Verification policy
  • Registry access control records
  • Registry audit logs
  • Version control records

Standard 2: Registry Scope and Credential Categories

2.1 Credential Categories

Each registry record must be linked to an approved credential category.

Credential categories may include:

  • ATU Professional Certification
  • ATU Assessed Certificate
  • Certificate of Achievement
  • ATU Certificate of Accreditation
  • Approved Provider
  • Accredited Provider
  • Premier Accredited Provider
  • Authorized Assessment Center
  • Accredited Training Program
  • Accredited Professional Program
  • Authorized Delivery Partner
  • Digital Badge where applicable

2.2 Clear Category Distinction

The registry must clearly distinguish between professional certification, assessed certificate, attendance-based evidence where applicable, accreditation, program approval, provider approval, and partner authorization.

2.3 No Misleading Classification

A credential must not be listed in a way that misrepresents its category, level, scope, validity, or authority.

For example, an assessed training certificate must not be presented as a full professional certification unless the person has met all requirements of an approved professional certification scheme.

2.4 Registry Scope Statement

Each registry category should have a clear scope statement explaining what the record confirms and what it does not confirm.

Compliance Evidence

ATU-CPAC should maintain:

  • Credential category list
  • Registry category definitions
  • Certificate type policy
  • Professional certification registry rules
  • Accreditation registry rules
  • Program registry rules
  • Digital badge registry rules where applicable
  • Scope statements
  • Public verification wording
  • Registry classification review records

Standard 3: Unique Certificate and Credential Identification

3.1 Unique Identification Requirement

Every ATU-issued credential listed in the registry must have a unique certificate number, credential number, digital verification code, QR code, or approved identifier.

3.2 Numbering Control

Certificate and credential numbering must be controlled to prevent duplication, alteration, misuse, or unauthorized issuance.

3.3 Identification Structure

The credential identifier may include elements such as:

  • Issuing authority code
  • Credential category code
  • Program or certification code
  • Year of issue
  • Serial number
  • Country or provider code where applicable
  • Verification code
  • Renewal or version indicator where applicable

3.4 No Duplicate Records

The registry must prevent duplicate credential records unless a replacement certificate, reissued certificate, renewal, or corrected record is properly documented.

3.5 Replacement Certificate Control

Replacement certificates must retain traceability to the original record and must not create misleading duplicate credential status.

Compliance Evidence

ATU-CPAC should maintain:

  • Certificate numbering policy
  • Credential identifier structure
  • Certificate numbering log
  • Registry unique ID records
  • QR code or verification code records
  • Duplicate record checks
  • Replacement certificate records
  • Reissued certificate records
  • Certificate cancellation records
  • Audit trail records

Standard 4: Registry Data Fields

4.1 Minimum Registry Data

Each registry record must include sufficient information to verify the credential accurately.

4.2 Individual Credential Data Fields

For individual learners or certified professionals, registry data may include:

  • Full name
  • Certificate or certification title
  • Credential category
  • Certification level where applicable
  • Specialization or scope where applicable
  • Certificate number
  • Issue date
  • Expiry date where applicable
  • Renewal status where applicable
  • Current status
  • Provider or program name where applicable
  • Country where applicable
  • Verification code or QR code
  • Registry entry date
  • Last update date

4.3 Provider and Center Registry Data Fields

For providers, centers, or partners, registry data may include:

  • Legal name of provider or center
  • Accreditation or authorization category
  • Approved scope
  • Country
  • Accreditation number
  • Issue date
  • Expiry date
  • Current status
  • Approved programs where applicable
  • Authorized locations or branches where applicable
  • Verification code
  • Last update date

4.4 Program Registry Data Fields

For approved programs, registry data may include:

  • Program title
  • Program category
  • Program approval number
  • Approved provider where applicable
  • Program level where applicable
  • Approved delivery mode
  • Issue or approval date
  • Expiry or review date where applicable
  • Current status
  • Scope or specialization
  • Verification code

4.5 Data Accuracy

Registry data must match the approved certificate, decision record, provider scope, program approval, or certification decision.

Compliance Evidence

ATU-CPAC should maintain:

  • Registry data field policy
  • Data entry templates
  • Certificate data forms
  • Provider registry forms
  • Program registry forms
  • Data verification checklists
  • Registry approval records
  • Data correction records
  • Registry audit logs
  • Updated registry data reports

Standard 5: Credential Status Categories

5.1 Status Requirement

Each registry record must show a clear current status.

5.2 Individual Credential Status Categories

Individual credential status may include:

  • Active
  • Valid
  • Expired
  • Pending renewal
  • Suspended
  • Withdrawn
  • Revoked
  • Replaced
  • Cancelled
  • Under review
  • Invalid

5.3 Provider or Center Status Categories

Provider, center, or partner status may include:

  • Approved
  • Accredited
  • Active
  • Conditional
  • Under monitoring
  • Suspended
  • Withdrawn
  • Expired
  • Not renewed
  • Revoked
  • Under review

5.4 Program Status Categories

Program status may include:

  • Approved
  • Active
  • Under review
  • Suspended
  • Withdrawn
  • Expired
  • Replaced by new version
  • Not approved

5.5 Status Clarity

The registry must clearly explain the meaning of each status to avoid misunderstanding by employers, candidates, providers, or the public.

Compliance Evidence

ATU-CPAC should maintain:

  • Status category policy
  • Registry status definitions
  • Status update procedure
  • Suspension records
  • Withdrawal records
  • Revocation records
  • Expiry records
  • Renewal records
  • Status change logs
  • Public status wording

Standard 6: Digital Verification System

6.1 Digital Verification Requirement

ATU-CPAC must maintain or approve a digital verification method that allows authorized stakeholders to confirm the authenticity and current status of ATU-issued credentials.

6.2 Verification Methods

Digital verification may include:

  • Online verification page
  • Certificate number search
  • QR code verification
  • Digital badge verification
  • Registry lookup
  • Secure verification link
  • Authorized institutional verification request
  • API or system integration where approved

6.3 Verification Output

The verification system should display or confirm:

  • Credential holder or provider name
  • Credential title
  • Credential category
  • Certificate or accreditation number
  • Issue date
  • Expiry date where applicable
  • Current status
  • Scope or specialization where applicable
  • Issuing authority
  • Verification date
  • Disclaimer or limitations where applicable

6.4 Verification Reliability

Verification results must be accurate, current, secure, and protected against unauthorized alteration.

6.5 Failed Verification

Where a certificate number or verification code cannot be verified, the system should provide clear guidance without exposing confidential data.

Compliance Evidence

ATU-CPAC should maintain:

  • Digital verification policy
  • Verification system records
  • QR code records
  • Digital badge verification records
  • Verification output templates
  • Verification test records
  • Failed verification records
  • System update logs
  • Access control records
  • Security audit records

Standard 7: Registry Entry Approval and Data Validation

7.1 Registry Entry Approval

No credential may be added to the registry unless the credential has been approved according to ATU-CPAC procedures.

7.2 Required Validation

Before a registry entry is created, the following must be validated where applicable:

  • Candidate identity
  • Candidate eligibility
  • Assessment result
  • IQA approval
  • EQA approval where required
  • Certificate issuance approval
  • Provider scope
  • Program approval
  • Certificate title
  • Certificate number
  • Issue date
  • Expiry date
  • Registry consent where required

7.3 Provider Submission Validation

Where providers submit data for certificate issuance or registry entry, ATU-CPAC must verify that the submission is complete, accurate, and supported by required evidence.

7.4 Error Prevention

Registry data entry must include checks to reduce spelling errors, wrong certificate numbers, incorrect dates, duplicate records, and incorrect status classification.

7.5 Approval Sign-Off

Registry entry must be approved or authorized by a designated person before publication or verification activation.

Compliance Evidence

ATU-CPAC should maintain:

  • Registry entry checklist
  • Certificate approval record
  • Candidate data verification record
  • Provider submission records
  • IQA and EQA approval records
  • Data validation records
  • Registry entry approval forms
  • Data entry logs
  • Error correction records
  • Registry activation records

Standard 8: Provider and Partner Data Submission

8.1 Submission Requirement

Approved providers, accredited institutes, authorized assessment centers, and approved partners must submit accurate and complete data for certificate requests, registry records, and verification purposes.

8.2 Required Submission Data

Provider submissions may include:

  • Learner or candidate name
  • Identity number or approved identifier where applicable
  • Program or certification title
  • Assessment result
  • Completion status
  • Certificate category
  • Issue request date
  • Provider name
  • Approved program code
  • Attendance or participation confirmation where required
  • IQA sign-off
  • EQA approval where required
  • Candidate consent where required

8.3 Submission Accuracy

The provider is responsible for ensuring that all submitted data is accurate, complete, and supported by evidence.

8.4 Submission Timeline

Providers must submit data within the required timeline and must respond promptly to ATU-CPAC requests for clarification or correction.

8.5 False or Misleading Submissions

False, misleading, incomplete, or unsupported submissions may result in certificate request refusal, corrective action, increased monitoring, suspension, or withdrawal of approval.

Compliance Evidence

Providers should maintain:

  • Certificate request forms
  • Candidate data forms
  • Result records
  • IQA sign-off records
  • EQA approval records where applicable
  • Attendance or participation records
  • Candidate consent records
  • Submission logs
  • Data correction records
  • ATU-CPAC correspondence

Standard 9: Public Registry and Privacy Controls

9.1 Public Registry Requirement

Where registry information is made public, it must be limited to information necessary for verification and public trust.

9.2 Privacy Protection

The registry must not disclose unnecessary personal data, sensitive information, assessment marks, private documents, identification numbers, contact details, or confidential records unless legally required or explicitly authorized.

9.3 Candidate Consent

Where required, candidates or credential holders must be informed of registry publication and verification use.

9.4 Public Verification Limitations

Public verification should confirm the credential, status, and scope without exposing confidential assessment evidence or personal documents.

9.5 Data Minimization

Only the minimum necessary data should be displayed publicly for verification purposes.

Compliance Evidence

ATU-CPAC should maintain:

  • Public registry policy
  • Privacy notice
  • Candidate consent forms
  • Data minimization policy
  • Public data field list
  • Verification output settings
  • Data protection review records
  • Registry access logs
  • Data disclosure records
  • Data correction request records

Standard 10: Data Protection and Confidentiality

10.1 Data Protection Requirement

All registry and verification data must be processed according to applicable data protection laws and ATU-CPAC policies.

10.2 Confidential Data

Confidential registry-related data may include:

  • Personal identity records
  • Candidate applications
  • Assessment evidence
  • Results
  • Complaints and appeals
  • Malpractice records
  • Provider audit records
  • Suspension or investigation details
  • Internal decision records
  • Registry administrator credentials
  • System access logs

10.3 Access Control

Only authorized persons may access registry administration systems, credential records, certificate logs, verification databases, and status update functions.

10.4 Secure Storage

Registry data must be stored securely using appropriate technical and administrative controls.

10.5 Data Breach Response

Any suspected or confirmed data breach must be reported, investigated, documented, corrected, and escalated where required.

Compliance Evidence

ATU-CPAC should maintain:

  • Data protection policy
  • Registry confidentiality policy
  • Access control records
  • Administrator authorization records
  • Data storage records
  • Security logs
  • Data breach reports
  • Investigation records
  • Corrective action records
  • Staff confidentiality declarations

Standard 11: Digital Badge Standards

11.1 Digital Badge Governance

Where digital badges are issued, they must be controlled, verifiable, traceable, and linked to an approved credential record.

11.2 Badge Information

A digital badge should include or link to:

  • Badge holder name
  • Credential title
  • Credential category
  • Issuing authority
  • Issue date
  • Expiry date where applicable
  • Criteria achieved
  • Verification link
  • Credential status
  • Scope or specialization where applicable

11.3 Badge Validity

Digital badges must reflect the current status of the credential. If the credential expires, is suspended, withdrawn, or revoked, the badge status must be updated.

11.4 Badge Misuse

Digital badges must not be copied, altered, used by another person, used after expiry, or used to claim a credential outside its approved scope.

11.5 Badge Platform Control

Digital badge platforms must be secure, reliable, and capable of supporting verification and status updates.

Compliance Evidence

ATU-CPAC should maintain:

  • Digital badge policy
  • Badge template approvals
  • Badge issuance records
  • Badge metadata records
  • Badge verification links
  • Badge status update records
  • Badge misuse reports
  • Badge revocation records
  • Platform security records
  • Candidate badge consent records

Standard 12: QR Code and Secure Verification Link Controls

12.1 QR Code Requirement

Where QR codes are used, they must link to an official verification record or approved verification page.

12.2 Secure Verification Link

Verification links must be secure, stable, controlled, and protected against unauthorized redirection or manipulation.

12.3 QR Code Accuracy

QR codes must be tested before certificate issuance to ensure that they display the correct credential record.

12.4 QR Code Misuse

QR codes must not be reused, copied to false certificates, altered, or linked to unofficial verification pages.

12.5 Deactivation and Status Updates

If a certificate is cancelled, replaced, suspended, withdrawn, or revoked, the QR code or verification link must display the correct updated status.

Compliance Evidence

ATU-CPAC should maintain:

  • QR code policy
  • QR code generation records
  • Verification link records
  • QR code test records
  • Certificate template records
  • QR code misuse reports
  • Deactivation records
  • Status update records
  • Security review records

Standard 13: Registry Status Change Controls

13.1 Status Change Requirement

Any change to registry status must be authorized, documented, justified, and traceable.

13.2 Status Change Events

Registry status may change due to:

  • Certificate expiry
  • Renewal
  • Suspension
  • Withdrawal
  • Revocation
  • Replacement certificate
  • Data correction
  • Appeal outcome
  • Investigation outcome
  • Provider accreditation change
  • Program approval change
  • Certification scope change

13.3 Authorization of Changes

Only authorized persons may update registry status.

13.4 Status Change Notification

Where appropriate, the credential holder, provider, or relevant stakeholder should be informed of status changes.

13.5 Appeal Linkage

Where a status change is linked to a sanction, suspension, withdrawal, or revocation, the appeal process must be available according to approved policy.

Compliance Evidence

ATU-CPAC should maintain:

  • Status change policy
  • Status change request forms
  • Authorization records
  • Reason for change records
  • Decision letters
  • Appeal records
  • Registry update logs
  • Notification records
  • Audit trail records
  • Corrected public verification records

Standard 14: Renewal, Expiry, and Continuing Validity Controls

14.1 Expiry Tracking

Registry systems must track expiry dates for credentials that have a defined validity period.

14.2 Renewal Status

Where renewal is required, the registry should distinguish between active, pending renewal, expired, renewed, suspended, withdrawn, or revoked status.

14.3 Renewal Evidence

Renewal may require evidence such as:

  • CPD records
  • Professional practice evidence
  • Updated ethics declaration
  • Renewal fee where applicable
  • Refresher assessment where applicable
  • Updated portfolio where applicable
  • Compliance with certification requirements

14.4 Renewal Approval

Registry status must not be updated to renewed unless renewal has been approved according to ATU-CPAC procedures.

14.5 Expired Credential Use

Credential holders must not present expired credentials as active.

Compliance Evidence

ATU-CPAC should maintain:

  • Renewal policy
  • Expiry tracking records
  • Renewal application records
  • CPD records
  • Renewal approval records
  • Registry renewal logs
  • Expiry notification records
  • Reinstatement records
  • Expired status records
  • Credential holder communication records

Standard 15: Suspension, Withdrawal, and Revocation in the Registry

15.1 Status Protection

Where a credential, provider approval, program approval, or assessment center authorization is suspended, withdrawn, or revoked, the registry must be updated according to approved procedures.

15.2 Grounds for Status Change

Suspension, withdrawal, or revocation may result from:

  • Misuse of certificate or certification title
  • False or misleading information
  • Assessment malpractice
  • Ethical breach
  • Failure to meet renewal requirements
  • Provider non-compliance
  • Unauthorized certificate activity
  • Misleading public claims
  • Serious quality assurance failure
  • Registry misuse
  • Investigation outcome

15.3 Public Display

The registry may display status as suspended, withdrawn, revoked, expired, or invalid where permitted by policy and data protection requirements.

15.4 Due Process

Status changes based on misconduct or sanction must follow approved decision-making and appeal procedures.

15.5 Reinstatement

Where reinstatement is permitted, the registry must record the reinstatement decision and update status only after all required conditions are met.

Compliance Evidence

ATU-CPAC should maintain:

  • Suspension policy
  • Withdrawal policy
  • Revocation policy
  • Decision records
  • Investigation records
  • Appeal records
  • Registry update records
  • Public status records
  • Reinstatement records
  • Notification records

Standard 16: Data Correction, Amendment, and Replacement Records

16.1 Correction Requirement

Registry data must be corrected where an approved error is identified.

16.2 Correction Requests

Correction requests may relate to:

  • Spelling of name
  • Certificate title
  • Certificate number
  • Issue date
  • Expiry date
  • Provider name
  • Program title
  • Status category
  • Scope or specialization
  • Registry display error

16.3 Evidence for Correction

Corrections must be supported by evidence and must not be used to alter credential decisions improperly.

16.4 Amendment Approval

Corrections and amendments must be approved by authorized personnel before registry update.

16.5 Audit Trail

All corrections must be traceable and must preserve the original record history where appropriate.

Compliance Evidence

ATU-CPAC should maintain:

  • Data correction policy
  • Correction request forms
  • Supporting evidence
  • Approval records
  • Original data record
  • Corrected data record
  • Audit trail logs
  • Candidate or provider notification records
  • Replacement certificate records
  • Registry update logs

Standard 17: Registry Security and System Integrity

17.1 System Security Requirement

Registry and verification systems must be protected from unauthorized access, data loss, alteration, duplication, cyber risk, or misuse.

17.2 Security Controls

Security controls may include:

  • User authentication
  • Role-based access
  • Strong password controls
  • Administrative approval levels
  • Activity logs
  • Backup procedures
  • Data encryption where applicable
  • Secure hosting
  • Malware protection
  • System monitoring
  • Incident response procedure

17.3 Administrator Access

Registry administrator access must be limited to authorized personnel and reviewed periodically.

17.4 Backup and Recovery

Registry data must be backed up and recoverable in case of system failure, data loss, or technical incident.

17.5 Security Incident Response

Any security incident affecting registry integrity must be reported, investigated, corrected, and documented.

Compliance Evidence

ATU-CPAC should maintain:

  • Registry security policy
  • Access control list
  • Administrator approval records
  • Login and activity logs
  • Backup records
  • Recovery test records
  • Security incident reports
  • System monitoring records
  • Corrective action records
  • Periodic access review records

Standard 18: Verification Requests from Employers and Stakeholders

18.1 Verification Request Process

ATU-CPAC may provide verification services to employers, institutions, government bodies, partners, or other stakeholders according to approved procedures.

18.2 Request Requirements

Verification requests may require:

  • Certificate number
  • Credential holder name
  • Authorization or consent where required
  • Requesting organization details
  • Purpose of verification
  • Contact information
  • Supporting document copy where appropriate

18.3 Verification Response

The verification response should confirm only appropriate information, such as:

  • Whether the credential is authentic
  • Credential title
  • Issue date
  • Current status
  • Expiry date where applicable
  • Scope or specialization where applicable
  • Whether the certificate is active, expired, suspended, withdrawn, revoked, or invalid

18.4 Confidentiality

Verification responses must not disclose unnecessary personal data, assessment scores, private evidence, complaints, appeals, or investigation details.

18.5 Verification Recordkeeping

All formal verification requests and responses should be recorded.

Compliance Evidence

ATU-CPAC should maintain:

  • Verification request policy
  • Verification request forms
  • Consent records where required
  • Verification response records
  • Employer communication logs
  • Disclosure records
  • Verification register
  • Data protection review records
  • Failed verification records

Standard 19: Registry and Verification Audit

19.1 Audit Requirement

Registry and verification systems must be subject to periodic audit to confirm accuracy, reliability, security, and compliance.

19.2 Audit Areas

Registry audits may review:

  • Certificate number accuracy
  • Duplicate record prevention
  • Status accuracy
  • Expiry and renewal tracking
  • Provider scope accuracy
  • Program approval accuracy
  • QR code function
  • Digital badge function
  • Data protection compliance
  • Access control
  • Audit logs
  • Correction records
  • Suspended or revoked records
  • Public verification output

19.3 Sampling

Audits may include sampling of issued certificates, registry entries, provider records, candidate records, verification requests, and status changes.

19.4 Corrective Action

Any registry or verification error identified during audit must be corrected and documented.

Compliance Evidence

ATU-CPAC should maintain:

  • Registry audit plan
  • Registry audit reports
  • Sampled records
  • Data accuracy reports
  • QR code test records
  • Access review reports
  • Error logs
  • Corrective action records
  • Audit closure records
  • Management review records

Standard 20: Integration with Provider Systems and Partner Platforms

20.1 Integration Control

Where ATU-CPAC registry or verification systems integrate with provider systems, partner platforms, digital badge platforms, learning management systems, or assessment platforms, the integration must be approved and controlled.

20.2 Data Transfer Requirements

Data transfer must be:

  • Accurate
  • Secure
  • Authorized
  • Traceable
  • Limited to required fields
  • Protected from unauthorized access
  • Supported by consent where required
  • Compliant with data protection requirements

20.3 Provider System Limitations

Providers and partners must not operate unofficial registries that appear to replace the official ATU-CPAC registry unless expressly authorized.

20.4 Integration Testing

System integrations must be tested before use to confirm correct data transfer, status display, and verification function.

20.5 Integration Monitoring

Integrated systems must be monitored periodically for accuracy, security, and compliance.

Compliance Evidence

ATU-CPAC and providers should maintain:

  • Integration approval records
  • Data sharing agreement
  • Technical specifications
  • Data transfer logs
  • Integration test records
  • Access control records
  • Data protection review records
  • Error reports
  • Corrective action records
  • Periodic integration review records

Standard 21: Registry Misuse and Fraud Prevention

21.1 Fraud Prevention Requirement

ATU-CPAC must maintain controls to prevent and detect misuse of registry systems, certificate numbers, verification links, QR codes, digital badges, and credential records.

21.2 Examples of Registry Misuse

Misuse may include:

  • Fake certificate number
  • Altered certificate
  • Unauthorized QR code
  • False digital badge
  • Use of another person’s certificate
  • Claiming active status after expiry
  • Claiming certification not recorded in the registry
  • Creating unofficial verification pages
  • Misrepresenting provider accreditation status
  • Manipulating registry data
  • Unauthorized access to registry systems

21.3 Detection Controls

Detection controls may include:

  • Public verification search
  • Certificate number validation
  • Duplicate number checks
  • QR code scanning
  • Digital badge status check
  • Registry audit
  • Employer verification requests
  • Misuse reporting channel
  • Monitoring of public claims
  • Investigation of suspicious records

21.4 Response to Misuse

Confirmed misuse may result in correction, public clarification, certificate cancellation, registry status update, suspension, withdrawal, revocation, provider sanction, or referral to competent authority where applicable.

Compliance Evidence

ATU-CPAC should maintain:

  • Registry misuse policy
  • Fraud prevention procedure
  • Misuse reports
  • Investigation records
  • Public claim review records
  • Certificate cancellation records
  • Registry status update records
  • Corrective action records
  • Sanction records
  • Referral records where applicable

Standard 22: Public Information and Registry Disclaimer

22.1 Public Information Requirement

The registry and verification page must provide clear public information explaining how verification works and what registry status means.

22.2 Required Public Information

Public information may include:

  • Purpose of verification
  • Types of credentials listed
  • Meaning of status categories
  • Limits of verification
  • How to report suspected misuse
  • How to request data correction
  • How employers may verify credentials
  • Data protection statement
  • Contact point for registry inquiries
  • Disclaimer for regulated sectors where applicable

22.3 Regulated Sector Disclaimer

Where a credential relates to a regulated sector, public wording must clarify that ATU certification or certificate does not replace statutory licensing, governmental registration, or competent authority approval unless formally recognized.

22.4 No Overstatement

The registry must not overstate the legal or professional effect of any credential.

Compliance Evidence

ATU-CPAC should maintain:

  • Registry public information page
  • Status explanation page
  • Verification disclaimer
  • Regulated sector disclaimer
  • Misuse reporting guidance
  • Data correction guidance
  • Employer verification guidance
  • Public wording approval records
  • Review records

Standard 23: Registry Reporting and Management Review

23.1 Registry Reporting Requirement

ATU-CPAC should produce periodic registry reports to support governance, monitoring, quality assurance, and continuous improvement.

23.2 Registry Reports May Include

Registry reports may cover:

  • Number of credentials issued
  • Number of active credentials
  • Expired credentials
  • Renewed credentials
  • Suspended credentials
  • Withdrawn or revoked credentials
  • Provider accreditation status
  • Program approval status
  • Verification request volume
  • Failed verification attempts
  • Data correction requests
  • Misuse reports
  • Registry errors
  • System incidents

23.3 Management Review

Registry reports should be reviewed by ATU-CPAC management or the relevant committee to identify risks, trends, and improvement actions.

23.4 Improvement Actions

Registry reporting should support improvement in:

  • Certificate controls
  • Verification process
  • Data accuracy
  • Provider submissions
  • Renewal reminders
  • Misuse prevention
  • Public guidance
  • Digital security
  • Registry user experience

Compliance Evidence

ATU-CPAC should maintain:

  • Registry performance reports
  • Verification activity reports
  • Credential status reports
  • Misuse trend reports
  • Data correction reports
  • Management review minutes
  • Improvement action plans
  • Follow-up records
  • Updated registry procedures

Standard 24: Business Continuity and Registry Availability

24.1 Availability Requirement

The digital verification and registry system should be available and reliable so that stakeholders can verify credentials when needed.

24.2 Business Continuity

ATU-CPAC must maintain continuity arrangements for registry and verification services in case of technical failure, cyber incident, hosting issue, system upgrade, or data loss.

24.3 Backup Verification Method

Where the digital system is unavailable, ATU-CPAC should provide an approved alternative verification process.

24.4 System Maintenance

System maintenance should be planned, documented, and communicated where it affects public verification access.

24.5 Recovery Testing

Backup and recovery procedures should be tested periodically.

Compliance Evidence

ATU-CPAC should maintain:

  • Business continuity plan
  • Registry backup records
  • Recovery procedure
  • Recovery test records
  • System maintenance logs
  • Downtime records
  • Alternative verification procedure
  • Incident communication records
  • System restoration records

Digital Verification and Registry Methodology Framework

ATU-CPAC digital verification and registry controls may use a combination of the following methodologies according to credential type, risk level, registry platform, and verification purpose.

1. Certificate Number Verification

Each certificate is checked using a unique certificate number or approved credential identifier.

2. QR Code Verification

Certificates may include QR codes linking to an official verification page or registry record.

3. Public Registry Search

Stakeholders may search approved public registry fields to confirm credential authenticity and status.

4. Digital Badge Verification

Digital badges may link to verified metadata showing achievement criteria, issue date, expiry date, and current status.

5. Provider Status Verification

Approved providers, accredited providers, assessment centers, and partners may be verified through official registry records.

6. Program Approval Verification

Approved programs may be verified by title, approval number, provider, scope, status, and validity period.

7. Employer Verification Request

Employers or institutions may request formal verification according to approved procedures and privacy controls.

8. Registry Audit

Registry records are periodically audited to confirm accuracy, status, certificate numbering, security, and compliance.

9. Status Management

Credential records are updated when credentials are renewed, expired, suspended, withdrawn, revoked, corrected, or replaced.

10. Misuse Investigation

Suspected fake, altered, expired, or misrepresented credentials are investigated and corrected according to approved procedures.

Compliance Rating System

ATU-CPAC may classify digital verification and registry compliance findings as follows:

Compliant

The registry, verification system, provider submission, certificate record, or digital badge meets the standard and maintains sufficient evidence.

Minor Non-Compliance

The requirement is generally met, but documentation, data entry, status wording, correction process, access review, or recordkeeping requires improvement.

Major Non-Compliance

A key registry or verification requirement is not met, creating risk to credential authenticity, data accuracy, public trust, certificate control, provider verification, or status reliability.

Critical Non-Compliance

There is serious failure, unauthorized registry access, false certificate entry, certificate number duplication, data misuse, registry manipulation, fake verification page, unauthorized badge issuance, or conduct that threatens the credibility of ATU-issued credentials.

Registry and Verification Decisions

Based on registry review, verification findings, audit outcomes, or investigation results, ATU-CPAC may issue or recommend one or more of the following decisions:

  1. Registry entry approved
  2. Registry entry approved with correction
  3. Registry entry withheld pending evidence
  4. Registry entry refused
  5. Certificate verification activated
  6. Certificate verification suspended
  7. Certificate record corrected
  8. Certificate record replaced
  9. Credential status changed to active
  10. Credential status changed to expired
  11. Credential status changed to suspended
  12. Credential status changed to withdrawn
  13. Credential status changed to revoked
  14. Provider status updated
  15. Program status updated
  16. Digital badge issued
  17. Digital badge suspended or revoked
  18. Public verification wording corrected
  19. Misuse investigation opened
  20. Corrective action required
  21. Registry access restricted
  22. Matter escalated to ATU-CPAC committee
  23. Matter referred to competent authority where applicable

Obligations of ATU-CPAC

ATU-CPAC must:

  • Maintain official registry and verification standards
  • Control credential numbering and verification codes
  • Approve registry entries before publication
  • Protect registry data and confidential records
  • Maintain accurate status categories
  • Update registry records when status changes
  • Provide secure digital verification methods
  • Prevent misuse of certificate numbers and digital badges
  • Conduct registry audits
  • Respond to correction requests
  • Support employer and stakeholder verification
  • Maintain registry records securely
  • Use registry data for continuous improvement
  • Protect public trust in ATU-issued credentials

Obligations of Approved Providers and Centers

Approved providers and authorized centers must:

  • Submit accurate candidate and certificate data
  • Submit data only for approved programs and candidates
  • Verify learner or candidate identity
  • Confirm assessment completion and result accuracy
  • Maintain IQA evidence before certificate request
  • Submit certificate requests within approved scope
  • Correct data errors promptly
  • Protect learner and candidate personal data
  • Avoid issuing unofficial certificates
  • Avoid creating unofficial registries that mislead the public
  • Report suspected certificate misuse
  • Cooperate with registry audits and verification reviews

Obligations of Certified Professionals and Credential Holders

Certified professionals and credential holders must:

  • Use certificates and digital badges accurately
  • Avoid altering certificates or verification codes
  • Use certification titles only within approved scope
  • Stop using expired, suspended, withdrawn, or revoked credentials
  • Report incorrect registry data promptly
  • Avoid sharing credentials in misleading ways
  • Comply with renewal requirements where applicable
  • Cooperate with verification or investigation requests
  • Protect the credibility of ATU-issued credentials

Obligations of Employers and Verification Users

Employers, institutions, and verification users should:

  • Use official verification channels
  • Check certificate number, title, status, and validity
  • Avoid relying on screenshots or altered documents alone
  • Request formal verification where necessary
  • Respect data protection and confidentiality requirements
  • Report suspected fake or altered certificates
  • Understand the limits of the credential scope
  • Avoid misusing registry information

Minimum Digital Verification and Registry File Requirements

Each ATU-CPAC registry and verification file should include:

  1. Registry governance policy
  2. Verification policy
  3. Credential category definitions
  4. Certificate numbering policy
  5. Certificate numbering log
  6. Registry data field list
  7. Registry entry approval records
  8. Candidate or provider data validation records
  9. Certificate issuance approval records
  10. Registry publication records
  11. Verification code or QR code records
  12. Digital badge records where applicable
  13. Provider submission records
  14. Candidate consent records where required
  15. Data protection policy
  16. Access control records
  17. Administrator authorization records
  18. Status change records
  19. Renewal and expiry records
  20. Suspension, withdrawal, and revocation records
  21. Data correction records
  22. Registry audit reports
  23. Verification request records
  24. Failed verification records
  25. Misuse investigation records
  26. Security incident records
  27. Backup and recovery records
  28. Management review records
  29. Continuous improvement records
  30. Version control records