Purpose
This page describes the operating principles and professional boundaries under which Guardian Core provides security operations and advisory services. It is intended to support transparency for clients, stakeholders, and auditors.
Scope
These principles apply to all Guardian Core engagements and communications, including assessments, advisory work, documentation, and security-related support activities.
References to industry frameworks, certifications, or professional bodies are provided for context only and do not imply endorsement, sponsorship, or certification authority.
Operating Principles
Guardian Core aligns its operating principles with the CIA triad—Confidentiality, Integrity, and Availability— which is widely used within the information security profession to guide risk management and control design.
Confidentiality
Protect information against unauthorized access, disclosure, or misuse.
- Access to information is limited to the minimum necessary to achieve agreed objectives.
- Sensitive information is shared only with authorized stakeholders.
- Secure communication and transfer methods are used where appropriate.
- Client information is treated as confidential unless explicitly agreed otherwise in writing.
Integrity
Preserve the accuracy, completeness, and reliability of systems, data, and security decisions.
- Findings and recommendations are evidence-based and documented.
- Assumptions, constraints, and limitations are stated transparently.
- Recommendations are designed to reduce risk without introducing hidden fragility.
- Deliverables are prepared to support governance review and audit scrutiny.
Availability
Support the reliability and accessibility of systems and services for legitimate business needs.
- Security recommendations consider resilience, continuity, and recoverability.
- Controls are designed to reduce single points of failure where practical.
- Usability and operational impact are considered to reduce unsafe workarounds.
- Security is positioned as an operational enabler, not an obstacle.
Authorization & Engagement Boundaries
Guardian Core performs security activities only within explicitly defined and authorized scope.
- No testing, validation, or assessment is performed without documented authorization.
- All activities are limited to the systems, environments, and objectives agreed in advance.
- No attempt is made to access systems, data, or accounts outside the authorized scope.
- Any requested change to scope requires explicit agreement prior to execution.
Where testing is requested, the method, timing, and constraints are defined in advance to reduce operational risk.
Professional Conduct
Guardian Core conducts work in a manner consistent with applicable laws, contractual obligations, and recognized professional ethics.
- Work is performed responsibly, lawfully, and in good faith.
- Findings are communicated discreetly and shared with appropriate stakeholders.
- Conflicts of interest are avoided or disclosed where applicable.
- Recommendations prioritize practical risk reduction over unnecessary complexity.
Responsible Disclosure
Guardian Core encourages responsible disclosure of security issues related to its public web properties or services. Do not publicly disclose sensitive details. Provide sufficient information to support verification and remediation.
Submit a responsible disclosure report
Please include: affected URL/system, steps to reproduce, impact assessment, and supporting evidence.
Privacy Notice
Guardian Core follows a minimal-data handling approach. Information is collected only where necessary to fulfill an agreed engagement or respond to an inquiry.
- Information collection is limited to defined objectives.
- Retention is minimized and purpose-driven.
- Handling methods are selected based on sensitivity.
- Secure transfer options may be arranged when required.
Do not email sensitive personal information unless it is necessary for the engagement and explicitly requested. If sensitive information is required, an appropriate secure transfer method will be arranged.