Skip to main content
ValidatorMobile
UareSAFE

Six dimensions. Four levels.

How does the certification process work?

From application to active seal in less than 72 hours for Basic and Standard tiers

  1. Application and payment

    Start of the certification process.

    • Fill in the form with your company and domain details
    • Select the certification tier
    • Make the annual payment (card or bank transfer)
    • Receive confirmation by email with case number

  2. Legal identity verification

    We verify that the entity is real and legitimate.

    • We check the Commercial Registry (BORME) to verify the company
    • We verify the tax number in the VIES system (for EU companies)
    • We check domain ownership via RDAP
    • If WHOIS privacy is enabled: we generate a DNS token that you must add as a TXT record
    • Result: ✓ Verified | ⚠ Manual review (5% of cases)

  3. Automated technical audit

    Our AI scans your domain across multiple dimensions.

    • TLS/SSL: protocol version, certificate validity, HSTS, weak ciphers
    • Security headers: CSP, X-Frame-Options, HSTS, Referrer-Policy
    • DNS: SPF, DKIM, DMARC, DNSSEC
    • OWASP: HTTPS redirect, cookies, SRI, exposed sensitive files
    • Reputation: Google Safe Browsing, Spamhaus, VirusTotal
    • Surface: dangerous open ports, detected technologies, subdomains

  4. Manual controls questionnaire

    Only for controls that automation cannot verify.

    • Privacy and cookie policy (URL)
    • DPO contact details (if applicable)
    • Internal security policy
    • Incident response plan
    • Optional for Basic — mandatory for Premium and Enterprise

  5. Scoring and tier determination

    We calculate your score across 6 weighted dimensions.

    • We score 6 dimensions with their specific weights
    • If score ≥ 60%: the achieved tier is determined
    • If score < 60%: automatic denial with improvement report
    • We verify blocking conditions (Safe Browsing, expired TLS, etc.)
    • We issue the detailed PDF report with all findings

  6. Seal issuance

    We activate your certification and deliver the widget.

    • We generate the HMAC token for the seal
    • The seal is activated with real-time verification
    • You receive the code snippet to install on your website
    • The public record is available at uaresafe.com/verificar/[yourdomain]

  7. Monitoring and renewal

    Continuous monitoring to keep your certification active.

    • We scan your site periodically (according to tier)
    • If we detect a failure: 15-day grace period to fix it
    • 90 days before renewal: email notification
    • Renewal repeats the full cycle automatically

What happens if I don't pass the audit?

1

You receive a detailed report with all findings and their specific remediations.

2

You can retry in 90 days at no additional cost.

3

Our support team can guide you in remediating each finding.

4

Blocking conditions (e.g., active malware) require immediate resolution before any retry.

How long does it take?

Basic / Standard
24–72 hours
100% automated
Premium
5–7 days
+ manual pentester review
Enterprise
2–3 weeks
red team + exhaustive review
Request my certification

Have questions? Check the frequently asked questions