Statement of Care


Website owners must provide a clear statement their website expressing care about security and are receptive to receiving security reports. Displaying the badge shows all visitors that the website has passed our security checks and that the business cares about applying good security practices. This declaration must meet the following criteria:

  • It must state that the business believes it is important to apply good cyber security practices to protect the website's users and the website itself.
  • It must provide at least one messaging contact option for the public to report security vulnerabilities affecting the website. e.g. email

This communication can be in the form of the following (but not limited to):

  • A dedicated web page (e.g. a security policy page)
  • A section of a page

Note to applicants:Mitigate-5 Certifications expire at the end of each calendar year. Renewal is automatic and does not require a new application. Re-verification checks are done between November and December of each year

Note to applicants: If any aspect of this requirement is unclear, please contact us.

What should be in the statement

The statement should express at least the following items to help users understand what is being done to protect them while using the website:

  • At least a sentence which states that the business values the security of users on its website and have implemented responsible security controls.
  • An easy contact option, such as an email address for users to report their security concerns.
  • Listing that they have implemented the five (5) requirements of the Mitigate-5 requirements (a reference to Mitigate-5 is optional).

An example of a security statement can be found here:

Before creating a Statement of Care

  • Consider creating a dedicated contact option for security reports. e.g. a company group address like [email protected]
  • Assign a suitable person or include the task in a role to respond to web security reports from the public.

After creating a Statement of Care

  • Ensure it is easy to find on the website and does not give the perception of being hidden.
  • Ensure it is understood by the staff member (s) who would act on any security issues.
  • Ensure it is error-free.
Ready to apply for certification? Apply Now
Interested in proactive Cyber Security services?Visit G5