Accreditation Directory
Who is OPDA-accredited and how mature each member firm's data-management capabilities are. Two axes per firm: Assurance Level coverage (per-claim, AL1–AL4 from the existing Conformance Scheme) and Capability scores (per-firm, three dimensions: Engagement / Process / Evidence). Quarterly publication, on-demand re-scoring on request.
Full artefact spec in ADR 0004. Once
the parallel Wave 2 workstreams (DQ framework, Security framework, Overlay
attachments) ship their capability bundles, the Directory's first quarterly
publish kicks off. This page is the destination; the build-time aggregator
(scripts/build-accreditation-directory.mjs) consumes signed
VCs from member firms and produces the public render.
This page expands ADR 0004 into a public-facing description of the Accreditation Directory. The spec decisions (hosting, scoring granularity, visibility tiers, schema, evidence requirements, naming) are settled in the ADR. Rubric wording, capability catalogue contents, weighting, and dispute-resolution mechanics are flagged as WG decisions below — joint Compliance & Risk WG + Technical WG ownership per ADR 0001.
Overview & scope
The Accreditation Directory is the public, quarterly-refreshed list of OPDA member firms with their Assurance Level coverage (per-claim) and capability scores (per-firm, three dimensions). It replaces the binary "is OPDA-accredited" signal that the Conformance Scheme emits today with a maturity-rich detail view that consumers, regulators, and member firms can read at the level of granularity they need (ADR 0004 §"Context" and §"Decision drivers"; the orthogonal-axes design is set in ADR 0001 §"Wave 2 — Maturity-based accreditation").
The Directory sits beside, not on top of, the Conformance Scheme. The Scheme defines the rules; the Directory shows who meets them and at what maturity. The two are designed to be read together — see Conformance Scheme § Directory integration for how an Assurance Level (per-claim) and a capability score (per-firm) compose into one legible picture.
Who it serves
- Consumers (buyers, sellers, lenders, conveyancers) — read a firm's overall posture without specialist knowledge before relying on its claims.
- Regulators (FCA, ICO, MHCLG) — see how the regulated population is distributed across maturity levels, with audit-grade evidence for higher-tier claims.
- Member firms — understand how they compare to peers without OPDA having to publish a league table (ADR 0004 Decision driver 3).
- OPDA itself — track the population's maturity over time and identify framework gaps that no firm is scoring against.
How it works — the public surface
Per ADR 0004 §"Visibility — tiered", the Directory ships three visibility tiers. Only the first two are part of the initial public surface; the third is deferred until first request (see Lifecycle).
| Tier | Audience | What's shown |
|---|---|---|
| Public card | Anyone | Firm name, AL coverage badges (AL1–AL4), per-section average scores across the eight sections (radar or bar chart), last-refresh date, stale flag if applicable. |
| Drill-down (public) | Anyone who clicks through | Per-capability scores within each section across the three dimensions, evidence-tier indicator per capability, links to evidence artefacts where the firm has published them, audit-trail entries for any OPDA-spot-checked corrections. |
| Member-firm portal (deferred) | Firm + OPDA only | Full capability scores, evidence artefacts (including any redacted from public view), audit history, change log. Triggers on first member request — see ADR 0005 item F3. |
Anatomy of a Directory card
Each member firm gets one card. The card contains:
- Firm name + DID — the
did:webidentifier the firm signs its credentials with. - AL coverage badges — one badge per Assurance Level the firm is accredited to issue claims at. AL1 self-asserted · AL2 accredited issuer · AL3 accredited issuer with extra controls or proxy authority · AL4 official primary authority (per ADR 0001 Wave 2).
- Capability scores summary — per-section averages (~8 sections) for each of the three dimensions, shown as a radar chart or horizontal bars. Section averages are simple unweighted means of capability scores within the section, rounded to one decimal place (ADR 0004 §"Scoring granularity").
- Evidence tier indicator — for each section average, the dominant evidence tier (1–4 self-evidenced; 5–6 audit-corroborated). A single section can mix tiers across its capabilities.
- Last-refresh date — the quarter the underlying VC was submitted (e.g. "Last refreshed: 2026-Q2").
- Stale flag — visible when the firm has missed two quarters in a row (data > 9 months old). Set per ADR 0004 §"Update cadence".
- Drill-down link — to the per-capability detail page.
Aggregation rule — and what is deliberately absent
Section averages roll up capability scores. The Directory deliberately does not publish an overall "firm maturity score" (ADR 0004 §"Scoring granularity — hybrid", bullet 4). Overall scores invite gaming and obscure trade-offs between dimensions; per-section + per-capability is the deepest aggregation the Directory will offer.
ADR 0004 specifies "simple unweighted mean" for section averages. Whether to keep that as final policy, or to allow per-capability weighting within a section (e.g. weight "DID key management" higher than "Audit log retention" in the Security section), is a Compliance & Risk WG decision at first publish. The default below is unweighted; alternatives should be considered explicitly rather than allowed to creep in via implementation.
Where the Directory lives
- Public URL:
/governance/accreditation-directory(this page) — rendered as a normal Astro page in the Governance section's "OPDA's own rules" group, sibling to Conformance Scheme (ADR 0004 §"Hosting"). - Machine-readable JSON:
src/data/accreditation/current.json— flat file consumed by this page at build time. Produced quarterly by the aggregator script (see Lifecycle; ADR 0005 item C1 tracks the build pipeline). - Source of truth:
source/04-governance-bodies/accreditation/credentials/{firm-did}/{YYYY-Qn}.json— one signed Verifiable Credential per firm per quarter.
Phased rollout
Per ADR 0004 §"Resolving the parallel-execution cross-dependency", the Directory ships first with a skeleton schema; the Data Quality and Data Security workstreams each contribute a "capability bundle" PR as their frameworks ratify. The Overlay attachments workstream feeds the evidence-handling rules referenced from the Directory's evidence requirements. The first quarterly publish (ADR 0005 item C3) waits on all four Wave 2 ADRs being ratified.
Scoring — three dimensions, six levels each
Each capability a firm claims compliance against is scored across three dimensions, on a 1–6 scale per dimension. The dimensions come from ADR 0001 Wave 2 (DCAM v3's scoring discipline, named as inspiration without verbatim adoption); the 1–6 range is set in ADR 0004 §"Evidence requirements per score level".
- Engagement — has the firm's governance authority engaged with this capability? (Sponsorship, charter, named owner, board visibility.)
- Process — is the process for this capability established and repeatable? (Documented, used, measured, improved.)
- Evidence — do auditable artefacts exist for this capability? (Policy docs, audit logs, third-party attestations.)
A firm can score high on one dimension and low on another for the same capability — for instance, strong Engagement and Evidence but weak Process when the leadership and audit trail are in place but the operational practice is still maturing. The Directory shows the three numbers separately rather than collapsing them into one (ADR 0001 Wave 2 §"Worked example").
Proposed rubric per level (1–6)
ADR 0004 sets the structure (three dimensions, 1–6 per dimension) and the evidence-tier mapping (1–2 self-asserted, 3–4 self + artefact, 5–6 self + artefact + audit attestation). It does not author the per-level rubric wording. The text in the tables below is a proposed starting point for joint Compliance & Risk WG + Technical WG review. Final wording is a WG output.
Engagement dimension (1–6)
| Level | Proposed rubric |
|---|---|
| 1 | No governance authority engaged. Capability is ad-hoc; no named owner; no charter or mandate. |
| 2 | Informal engagement. A named individual takes responsibility but without a charter, escalation path, or board visibility. |
| 3 | Governance authority has acknowledged the capability and assigned a steward. A charter exists in draft. |
| 4 | Capability has a published charter, named accountable executive, and regular reporting to a governance forum (e.g. Data Council, Risk Committee). |
| 5 | As 4, plus board-level visibility (annual review at executive committee or equivalent) and independent attestation that engagement is substantive, not nominal. |
| 6 | As 5, plus integration into firm-wide strategy (capability outcomes feed into KPIs, OKRs, or regulatory submissions). Independent attestation renewed annually. |
Process dimension (1–6)
| Level | Proposed rubric |
|---|---|
| 1 | No defined process. Outcomes are achieved (or not) by individual effort and informal practice. |
| 2 | Process exists in practice but is undocumented. Outcomes are consistent within a single team but not transferable. |
| 3 | Process is documented (runbook, SOP, procedure manual) and used by the relevant team. Not yet measured or improved systematically. |
| 4 | Process is documented, repeatable across teams, and has defined inputs / outputs / SLAs. Measurement against SLAs occurs but improvement loop is informal. |
| 5 | As 4, plus a measured improvement loop (metrics tracked, retrospectives, changes applied) and independent attestation that the process is in substantive operation. |
| 6 | As 5, plus continuous improvement is institutionalised — the process evolves on a defined cadence, with documented version history and cross-firm benchmark comparison where applicable. Independent attestation renewed annually. |
Evidence dimension (1–6)
| Level | Proposed rubric |
|---|---|
| 1 | Self-asserted only. No artefact referenced. Score reflects the firm's own statement; OPDA does not verify. |
| 2 | Self-asserted with internal reference (a named policy or wiki page the firm points to internally; not necessarily published). |
| 3 | Self-asserted plus a published artefact (policy doc, process diagram, runbook) the firm links to from the Verifiable Credential. |
| 4 | Self-asserted plus published artefact plus internal audit evidence (audit log, sample reviews, control-test results) the firm can produce on request. |
| 5 | As 4, plus an independent audit attestation signed by an OPDA-listed audit partner. Attestation is itself a Verifiable Credential. Required per ADR 0004 §"Evidence requirements" for any claim at this band. |
| 6 | As 5, plus the audit attestation is renewed annually with explicit continuity findings (no material regression since prior period). Same audit-partner-VC requirement. |
The Directory currently has no composite formula combining the three dimensions into a single per-capability number. ADR 0004 §"Scoring granularity" actively resists this for the firm level; whether the same principle should apply at capability level (i.e. the drill-down view always shows three numbers, never one) is a Compliance & Risk WG decision. The recommendation in this draft is to keep the three-number form throughout.
Evidence tiers and the audit-partner role
ADR 0004 §"Evidence requirements per score level" splits the six-level scale into three evidence bands. Tiers 1–4 are self-evidenced — the firm publishes the artefacts it relies on, and OPDA spot-checks. Tiers 5–6 require independent corroboration by an OPDA-listed audit partner (ADR 0005 items C4 and F1).
| Evidence tier | What the firm provides | How OPDA verifies |
|---|---|---|
| 1–2 (self-asserted) | The signed Verifiable Credential, with optional internal reference. | Signature validated against the Trust Registry. No artefact check. Spot-checked sample. |
| 3–4 (self + artefact) | Signed VC plus published artefact link (policy doc, runbook, process diagram). Tier 4 additionally requires internal audit evidence available on request. | Signature validated; artefact URL reachability checked at build time; spot-check may request the audit evidence behind tier-4 claims. |
| 5–6 (audit-corroborated) | Signed VC plus published artefact plus a separate Verifiable Credential issued by an OPDA-listed audit partner attesting to the capability score. | Both VCs validated against the Trust Registry. Audit-partner VC must reference the same capability key and quarter as the firm's submission. |
OPDA-listed audit partners
An OPDA-listed audit partner is a firm whose audit reports OPDA recognises as
sufficient corroboration of a member's capability claims at tiers 5–6. The
candidate roster lives in
docs/recruitment/opda-listed-audit-partners.md
— currently scaffolded with Big 4 firms (KPMG, Deloitte, BDO, optionally PwC
and EY) plus property-data specialists (Hometrack, Land Insight). Partner
selection is owned by the Engagement WG; ADR 0005 item C4 makes the
list a hard prerequisite before any firm can claim a tier-5-or-6 score.
Selection criteria, per the recruitment document and ADR 0004 §"Open questions" Q1: audit credibility (ICAEW or equivalent), property-data domain understanding, no structural conflict with the audited firm, capacity to act at OPDA's quarterly cadence, willingness to publish methodology.
Spot-checks and rating corrections
ADR 0004 §"Evidence requirements per score level" (final paragraph) commits OPDA to a spot-check process: a sampled review of firm submissions to validate that the claimed evidence supports the claimed score. A spot-check finding an inflated rating (e.g. no artefact backing a score-4 claim, or no audit-partner VC backing a score-6 claim) drops the score and adds an audit-trail entry visible in the drill-down view.
ADR 0004 specifies that spot-check corrections appear in the audit trail but does not detail the firm's right to contest a correction. The dispute path — who reviews an appeal, on what timeline, with what evidence — is a Compliance & Risk WG decision at first publish. The 12-step Non-Compliance Policy (referenced from Conformance Scheme) is a candidate basis; alignment is a WG call.
AL × Capability worked example
The worked example below — drawn directly from ADR 0001 §"Wave 2 — Maturity-based accreditation" — shows why the two axes are kept separate. Collapsing them loses signal that consumers and regulators genuinely need.
| Firm X | Firm Y | |
|---|---|---|
| Assurance Level coverage | AL3 — accredited issuer with extra controls or proxy authority | AL2 — accredited issuer (medium trust) |
| Capability — Process | 4 / 6 — documented, repeatable across teams, measured against SLAs | 5 / 6 — measured improvement loop, independent attestation |
| Capability — Evidence | 3 / 6 — self-asserted plus published artefact | 5 / 6 — audit-corroborated by an OPDA-listed audit partner |
| Reading | High-assurance claims with mid-maturity operations. Firm can issue AL3-level credentials, but its underlying operating practice is still maturing. | Medium-assurance claims with mature operations. Firm cannot issue at AL3, but the operations behind its AL2 claims are battle-tested. |
| Useful to whom? | A consumer relying on a regulated source of truth (an AL3 claim about a statutory record) might pick Firm X for the higher claim authority even with mid-maturity operations. | A counterparty doing high-volume verifications might pick Firm Y for the operational reliability even though the claim authority is lower. |
Collapsing this into a single number — say, "Firm X scores 7.0 overall, Firm Y scores 7.5" — strips out exactly the signal the consumer and the regulator need. The Directory keeps both axes visible at every level of detail (ADR 0001 Wave 2 §"Worked example"; ADR 0004 §"Scoring granularity").
The capability catalogue
A capability is a named area of practice (e.g. "Data Quality — Accuracy", "Data Security — Key Management", "Issuer Onboarding", "Document Retention"). The Directory scores firms against capabilities; the catalogue is the canonical list of which capabilities exist and which section each one rolls up into.
Per ADR 0004 §"Scoring granularity" the catalogue is expected to land at ~30–50 capabilities once the Wave 2 frameworks ship, organised across ~8 sections. The catalogue is built from the Wave 2 framework outputs rather than authored in advance:
| Section | Source | Expected capability bundle |
|---|---|---|
| Governance | Existing — Data Stewardship, Meetings & Feedback | EC composition, RACI, decision rights, voting, SLAs — already mappable from current pages (ADR 0004 Phase 1) |
| Architecture | Existing — PDTF schemas, bounded contexts, ontology | Schema versioning, overlay registration, bounded-context boundaries — already mappable |
| Business Data Knowledge | Existing — data dictionary, business glossary, SKOS taxonomy | Dictionary completeness, taxonomy coverage, ontology alignment — already mappable |
| Operating Model | Existing — Data Stewardship, Stakeholder Engagement | Engagement modes, dispute resolution, change management — already mappable |
| Data Quality | Wave 2 — Data Quality framework | Six DQ dimensions (accuracy, completeness, consistency, timeliness, uniqueness, validity) per ADR 0001 Wave 2. Ships as a capability bundle PR when the DQ framework ratifies. |
| Data Security | Wave 2 — Data Security framework | ~5–8 capabilities expected (KYC/KYB, key management, signature verification, revocation, audit logging) per ADR 0004 Phase 2. Ships as a capability bundle PR when the Security framework ratifies. |
| Overlay Attachments | Wave 2 — Overlay Attachments policy | Per-attachment-type capabilities (file format, signing, retention, consent) across the 11 v3 overlay attachment types. Ships as a capability bundle PR when the Overlay Attachments policy ratifies. |
| (TBD — to be named) | WG decision — see below | ADR 0004 §"Scoring granularity" references "~8 sections" but does not enumerate the final eighth. Candidates: Conformance & Certification, Trust Registry Operations, Funding & Sustainability. |
The canonical capability catalogue — sections, capability keys within each section, and the final mapping of capabilities to sections — is to be ratified by the Compliance & Risk WG at first publish. Until then, the section list above is indicative. ADR 0004 commits to ~8 sections and ~30–50 capabilities; the exact membership is a WG output.
Lifecycle and operations
Quarterly publish cadence
Per ADR 0004 §"Update cadence — quarterly, with on-demand re-scoring":
- Submission deadline — firms submit their self-attested VC by the 15th of the quarter-end month (15 March, 15 June, 15 September, 15 December).
- Publish date — OPDA refreshes the Directory by the 1st of the following quarter (1 April, 1 July, 1 October, 1 January).
- On-demand re-scoring — a firm can request mid-quarter re-publication when it passes a meaningful milestone (e.g. achieving AL3 status, passing an audit). The Compliance & Risk WG approves the off-cycle publish.
- Stale flag — firms whose data is > 9 months old (two missed quarters in a row) get a "stale" badge until they resubmit.
Build pipeline
The Directory is rendered by this Astro page at build time from a flat JSON
consumed at src/data/accreditation/current.json. That JSON is
produced by scripts/build-accreditation-directory.mjs
(ADR 0005
item C1 — currently a stub) which:
- Reads all current-quarter VCs from
source/04-governance-bodies/accreditation/credentials/{firm-did}/{YYYY-Qn}.json. - Validates each signature against the Trust Registry.
- Validates that tier-5-or-6 claims have a matching audit-partner VC.
- Computes per-section averages from the per-capability scores.
- Emits the flat JSON consumed by this page.
- On Trust Registry downtime, falls back to the last good build state (ADR 0004 §"Consequences — Negative / risk").
Member-firm submission
Firms submit a W3C Verifiable Credential signed by their accredited issuer DID, with payload as specified in ADR 0004 §"Data schema — VC-backed self-attestation, JSON for the render". The submission tooling itself (CLI helper, web form, or signed-PR workflow) is deferred — see ADR 0005 item C2.
The credential format gives firms cryptographic skin-in-the-game: published scores cannot diverge from what the firm actually signed, and anyone can independently verify a score by checking the VC against the Trust Registry (ADR 0004 §"Data schema", bullets after the JSON sketch).
First quarterly publish
The first publish target is end of the quarter following ratification of all four Wave 2 ADRs (Data Quality, Data Security, Overlay Attachments, this Directory). Ownership is joint Compliance & Risk WG + Technical WG per ADR 0005 item C3. Until that point this page renders the explanatory structure (this draft) without firm data.
Ex-member handling
Handling of firms that leave OPDA membership mid-quarter — whether they remain in the Directory as "Former member, last data YYYY-Qn" or drop out immediately — is deferred to a future Membership ADR (ADR 0004 §"Open questions" Q5; cross-listed in ADR 0005 item F5).
Member-firm portal (deferred tier)
The private detailed view for member firms + OPDA — full capability scores, evidence artefacts including redacted content, audit history, change log — is deferred to first member-firm request (ADR 0005 item F3). This page only renders the two public tiers.
Open questions for the WG kick-off
These are the questions joint Compliance & Risk WG + Technical WG review should settle at kick-off. Each maps to an in-page WG-decision callout.
- Rubric wording. Confirm or rewrite the per-level rubric for each of Engagement / Process / Evidence (see § Proposed rubric). The 1–6 scale is set in ADR 0004; the wording is not.
- Capability catalogue contents. Ratify the eight sections and the ~30–50 capabilities within them. Confirm or replace the placeholder eighth section (see § Capability catalogue).
- Section weighting. Confirm "simple unweighted mean" as final policy, or define a weighting scheme per section (see § Aggregation rule).
- Composite formula. Decide whether per-capability detail continues to show three numbers or collapses into one (see § Proposed rubric — composite formula callout).
- Dispute resolution. Define the appeal path for a spot-check correction — reviewer, timeline, evidence (see § Spot-checks).
Related
- Conformance & certification scheme — the existing accreditation regime; the Directory's Assurance Level axis sits in the Conformance Scheme, the Capability axis sits here. See in particular the § Directory integration section.
- Data Quality framework — Wave 2 workstream that contributes the DQ capability bundle.
- Data Security framework — Wave 2 workstream that contributes the Security capability bundle.
- Overlay Attachments policy — Wave 2 workstream that contributes the Attachment capability bundle and the evidence-handling rules referenced from § Evidence tiers.
- ADR 0004 — full spec this page expands.
- ADR 0001 — Wave 2 commitment to maturity-based accreditation; source of the worked example.
- ADR 0005 — items A3 (this page's content), C1–C4 (build pipeline), F1–F5 (Directory open items).
-
opda-listed-audit-partners.md— candidate roster for the tier-5-or-6 audit-partner list.
DAMA KA rubric — Wave 1 alignment
Per ADR 0001 Wave 1, KA-tagged pages follow a consistent rubric: Purpose · Activities · Deliverables · Roles · Metrics · Maturity. Sections below may be filled incrementally by Compliance & Risk WG + Technical WG — content authored above already maps to several of these; this scaffold is for the gaps.
Purpose
Content pending — see lead paragraph for current statement.
Activities
Content pending — Compliance & Risk WG + Technical WG to author.
Deliverables
Content pending — Compliance & Risk WG + Technical WG to author.
Roles
Content pending — see ADR 0004 for current statement.
Metrics
Content pending — Compliance & Risk WG + Technical WG to author.
Maturity
Content pending — Compliance & Risk WG + Technical WG to author.
Comments