Skip to content

certs: adopt "Last Reviewed" + "Recommended Reassessment" dates instead of expiry #523

Description

@ipatka

Summary

SEAL certification is a point-in-time assessment. Unlike frameworks such as ISO 27001, there is no surveillance or recertification mechanism built into the model, so a hard "expiry" date is misleading, and a perpetual certification with no date is also misleading. Proposal: show two dates on every certification instead.

Proposal

Display on the attestation and badge:

SEAL Certified
Last Reviewed: June 2026
Recommended Reassessment: June 2027

Default recommended reassessment cadence of 12 months, configurable per engagement.

Rationale

A point-in-time assessment benefits from a visible assessment date plus a recommended review cadence. This gives transparency on when the assessment was performed, encourages ongoing review, and avoids implying that the certification automatically expires on a fixed date. It also fits the framework's broad, evolving scope (operational security, wallet management, governance, incident response, organizational controls), which both a perpetual undated certification and a hard expiry model would serve poorly.

Surfaces to change

  • Attestation (EAS) schema: add lastReviewed and recommendedReassessment fields.
  • Certification badge display.
  • Docs: the overview FAQ ("Can a project lose their certification?" currently implies a time-limited / expiry model) and certification-guidelines.

Raised by @zS-SFC.


TODO (housekeeping): create a certifications label for the repo and apply it to certs issues like this one. The certs contribution guide (#521) directs contributors to open issues with the certifications tag, but that label does not exist yet. This issue currently uses the closest existing labels instead.

Metadata

Metadata

Assignees

Labels

certificationsThis issue or PR relates to the SEAL Certification Initiative: content, process, and tooling.content:updateThis issue or PR updates content or suggests toenhancementUpdates that improve or refine existing features, user experience, or system performance.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions