NVI-004 Vulnerability Verification Standards™

SAFECHAIN™ | NATIONAL VULNERABILITY VERIFICATION INFRASTRUCTURE™

NVI™ — Publication No. NVI-004

VULNERABILITY VERIFICATION

STANDARDS™

The ISO-Equivalent Specification for SAFECHAIN™ Safeguarding Intelligence Governance

Document Reference: NVI-004

Series: National Vulnerability Verification Infrastructure™ (NVI™)

Series Position: Standards Specification Paper — ISO-Equivalent Governance Standard

Author: Samantha Avril-Andreassen FRSA

Status: Published

Version: 1.0

Date: June 2026

Classification: Public — Institutional Distribution

Publisher: SAFECHAINN Ltd (Company No. 12038453)

Executive Summary

Vulnerability Verification Standards™ (VVS™) is the standards specification paper of the National Vulnerability Verification Infrastructure™ (NVI™). It establishes the national standards against which safeguarding intelligence is verified before it enters the NVI™ exchange network — covering verification quality, recognition integrity, continuity assurance, audit standards, and governance compliance. In function, the VVS™ operates as the ISO-equivalent specification for SAFECHAIN™ verification: the defined, auditable, consistently applied standard that distinguishes verified NVI™ intelligence from the unverified document sharing that characterises existing multi-agency safeguarding practice.

Standards specifications exist because without them, quality is inconsistent, accountability is impossible, and continuous improvement is unachievable. The NHS operates clinical standards that define what constitutes acceptable medical practice. The legal profession operates conduct standards that define what constitutes professional behaviour. Financial services operate conduct of business standards that define what constitutes acceptable treatment of customers. UK safeguarding has never had an equivalent: a defined, nationally applicable standard against which the quality of safeguarding intelligence can be consistently assessed.

Vulnerability Verification Standards™ fills that gap. It defines, for the first time in UK safeguarding governance, the specific standards that safeguarding intelligence must meet to be considered verified — and therefore reliable, exchangeable, and capable of supporting the protective decisions that depend on it. It does so across five domains: verification quality, recognition integrity, continuity assurance, audit standards, and governance compliance.

The paper is structured across nine sections covering: the case for national standards; the VVS™ framework architecture; each of the five standard domains in detail; the verification assessment process; the certification and quality rating system; non-compliance and remediation; the relationship to other NVI™ papers; and the governance of standards development and maintenance.

1. The Case for National Verification Standards

1.1 The Quality Vacuum in Current Safeguarding

UK safeguarding systems currently operate without any agreed national standard for the quality of safeguarding intelligence. A risk assessment conducted by a specialist IDVA with 10 years of experience and specific training in recognition intelligence is governed by the same — effectively nonexistent — quality standards as an assessment conducted by a newly qualified housing officer with no safeguarding specialism. Both produce documents that can be transmitted to other institutions. Both may influence significant safeguarding decisions. Neither is subject to any external quality verification.

The consequences of this quality vacuum are documented throughout the SAFECHAIN™ governance series: the receiving institution that cannot distinguish a reliable risk assessment from an unreliable one; the court that receives contradictory vulnerability evidence from different institutions, each presented with equal authority; the multi-agency meeting that makes decisions on the basis of intelligence nobody has been able to verify; and the accountability review that cannot determine whether a failure resulted from poor intelligence quality or poor intelligence use — because there was never a quality standard against which to assess either.

1.2 What National Standards Enable

National verification standards enable four governance capabilities that are impossible without them. First, they enable consistent quality: when all participating institutions generate intelligence against the same standard, the intelligence within the NVI™ network is consistently reliable — not reliable in some institutions and unreliable in others. Second, they enable accountability: when a defined standard exists, institutions and practitioners can be held accountable against it. Third, they enable continuous improvement: standards create a measurable baseline from which improvement can be tracked. And fourth, they enable trust: institutions receiving NVI™ intelligence can trust it because they know it has been assessed against a defined, transparent standard.

2. The VVS™ Framework Architecture

The Vulnerability Verification Standards™ framework is structured around five standard domains, each addressing a distinct dimension of safeguarding intelligence quality. The domains are not independent — they address different layers of the same quality requirement and must all be met for intelligence to receive verification. Intelligence that meets four of the five domains but fails the fifth does not receive verification: quality is indivisible.

Standard Domain

What It Governs

Domain 1: Verification Quality Standards™

The overall quality of the intelligence submission — its completeness, accuracy, internal consistency, methodological rigour, and fitness for the safeguarding purposes it will support.

Domain 2: Recognition Integrity Standards™

The quality of the recognition process that generated the intelligence — the practitioner's training, the recognition methodology, the completeness of indicator identification, and the accuracy of the recognition record.

Domain 3: Continuity Assurance Standards™

The quality of the continuity governance applied to the intelligence — whether it has been appropriately placed within the longitudinal record, whether transitions have been managed correctly, and whether the continuity chain is intact.

Domain 4: Audit Standards™

The quality of the accountability documentation attached to the intelligence — whether all required accountability records are complete, accurate, and auditable.

Domain 5: Governance Compliance Standards™

The institutional governance framework within which the intelligence was generated — whether the generating institution operates within an NVI™-compliant governance framework.

3. Domain 1: Verification Quality Standards™

3.1 Completeness Standard

VVS Domain 1.1 requires that intelligence submissions address all vulnerability dimensions relevant to the safeguarding purpose. Completeness is assessed against the eight-dimension Vulnerability Intelligence™ framework (SIS-004): an intelligence submission that addresses only one or two dimensions without documenting the others as not applicable is assessed as incomplete unless the omitted dimensions have been specifically assessed and determined to be irrelevant to the individual's current situation. Relevance determination must be documented and attributed.

3.2 Accuracy Standard

VVS Domain 1.2 requires that intelligence submissions are factually accurate — that the facts recorded correspond to the evidence, that inferences are clearly distinguished from observations, and that assessments are clearly distinguished from conclusions. Accuracy verification draws on the accountability metadata attached to each submission: verifiers assess whether the evidence cited in the submission supports the intelligence conclusions drawn. Where cited evidence is absent, inadequate, or contradicted by other available intelligence, the submission fails the accuracy standard.

3.3 Internal Consistency Standard

VVS Domain 1.3 requires that intelligence submissions are internally consistent — that the recognition findings, vulnerability assessment, risk conclusions, and protective recommendations form a coherent whole without contradictions or unexplained gaps. An intelligence submission that identifies high psychological vulnerability but makes no reference to the implications for participation capacity in legal proceedings is internally inconsistent. A submission that identifies acute physical safety risk but records a low overall risk rating without explanation fails the consistency standard.

3.4 Methodological Rigour Standard

VVS Domain 1.4 requires that the assessment methodology documented in the intelligence submission meets defined methodological standards. For risk assessments, this includes the application of a recognised, validated risk assessment tool. For vulnerability assessments, it includes compliance with the SIS-004 eight-dimension framework. For continuity records, it includes compliance with SIS-003 continuity protocols. Intelligence generated through ad hoc methods without reference to recognised assessment frameworks fails the methodological rigour standard unless the submitting institution can demonstrate that the ad hoc methodology meets the substantive requirements of the relevant standard.

3.5 Fitness for Purpose Standard

VVS Domain 1.5 requires that the intelligence submission is fit for the safeguarding purposes for which it will be used. Fitness for purpose assessment is contextual: intelligence that meets the quality standard for awareness purposes may not meet the standard for use as the primary basis for a high-stakes safeguarding decision. The quality rating system (Q1-Q5, defined in NVI-003) operationalises the fitness for purpose assessment — each rating level maps to defined appropriate uses within the NVI™ governance framework.

4. Domain 2: Recognition Integrity Standards™

4.1 Practitioner Qualification Standard

VVS Domain 2.1 requires that the practitioner who conducted the recognition assessment has documented training that meets the Recognition Intelligence™ capability requirements of SIS-001/002. Documentation of practitioner qualification is a mandatory field in the NVI™ Common Intelligence Format™. Submissions made by practitioners who cannot demonstrate appropriate qualification are assessed against the Supervised Assessment Pathway: where a qualified supervisor has reviewed and endorsed the assessment, it may be verified with a notation indicating supervised generation.

4.2 Recognition Methodology Standard

VVS Domain 2.2 requires that the recognition methodology applied in the assessment is documented and meets defined standards. Recognised methodologies include: the SAFECHAIN™ Recognition Intelligence™ framework (SIS-001/002); the DASH risk assessment tool; validated trauma screening tools; the CIPID™ cognitive and interpretive participation integrity framework; and sector-specific validated assessment tools approved by the NVI™ Standards Board. The use of an approved methodology is a necessary but not sufficient condition for recognition integrity verification — the methodology must also have been applied correctly, as evidenced by the submission record.

4.3 Indicator Identification Completeness Standard

VVS Domain 2.3 requires that the recognition process has systematically assessed all relevant indicator categories — not only those that were immediately obvious or that the practitioner had prior reason to expect. Completeness of indicator identification is one of the most challenging aspects of recognition quality to verify, because it requires assessing not only what was found but whether what was not found was appropriately assessed as absent. Domain 2.3 verification draws on the CIF™ indicator checklist: a systematic record of which indicator categories were assessed, with either positive findings or documented absence determinations.

4.4 Recognition Record Accuracy Standard

VVS Domain 2.4 requires that the recognition record accurately reflects the recognition process — that the indicators recorded correspond to observations made, that the methodology documentation reflects the methodology applied, and that the practitioner attribution is accurate. Record accuracy is partially verified through cross-referencing against the accountability metadata and partially through the institutional governance compliance assessment of Domain 5.

5. Domain 3: Continuity Assurance Standards™

5.1 Longitudinal Context Standard

VVS Domain 3.1 requires that each intelligence submission is placed within the longitudinal continuity record maintained under SIS-003 — that the submission explicitly references the prior intelligence record, addresses any changes from previous assessments, and explains the trajectory of the person's vulnerability profile since the last recorded assessment. Submissions that treat the person as if they have no prior safeguarding history — that fail to reference or integrate the continuity record — fail the longitudinal context standard regardless of their intrinsic quality.

5.2 Transition Protocol Compliance Standard

VVS Domain 3.2 requires that where the intelligence submission is generated at or immediately following an institutional transition, it demonstrates compliance with the SIS-003 transition protocol — including receipt confirmation, continuity window, post-transition verification, and accountability documentation. Transition submissions that cannot demonstrate protocol compliance are flagged for governance review before verification proceeds.

5.3 Continuity Chain Integrity Standard

VVS Domain 3.3 requires that the continuity chain documented in the submission is intact — that there are no unexplained gaps in the longitudinal record, no periods during which the person was engaged with safeguarding systems but no intelligence was generated, and no transitions that are not accounted for in the continuity documentation. Where gaps exist, the submission must document the reason for the gap and the governance action taken to address it. Unexplained gaps are a significant negative quality indicator and typically result in an elevated quality rating (Q3 or lower) even where other standards are met.

5.4 Intelligence Currency Standard

VVS Domain 3.4 requires that the intelligence submission is current — that the vulnerability profile it records reflects the person's circumstances at the time of the assessment, not circumstances that have materially changed since a prior assessment that has been inadequately updated. Currency is assessed against the time elapsed since the most recent substantive assessment, the volatility of the person's circumstances (which may require more frequent assessment), and the presence of material change indicators that should have triggered re-assessment.

6. Domain 4: Audit Standards™

6.1 Attribution Standard

VVS Domain 4.1 requires that every intelligence submission includes complete, accurate attribution: the identity and role of the practitioner who conducted the assessment; the identity and role of any supervisory practitioner who reviewed it; the institution submitting the intelligence; and the date and time of both the assessment and the submission. Attribution is a non-negotiable standard: unattributed intelligence does not receive verification. Verification of attribution involves cross-referencing the CIF™ attribution fields against the NVI™ participant registry.

6.2 Consent Documentation Standard

VVS Domain 4.2 requires that the consent documentation attached to the intelligence submission is complete and meets the NVI-002 consent quality standards. Verification confirms: the consent tier applied; the information provided to the person; the specific purposes and institutions covered by the consent; the review date; and any conditions or limitations. Intelligence submitted without NVI-002-compliant consent documentation is not verified.

6.3 Proportionality Assessment Standard

VVS Domain 4.3 requires that the proportionality assessment conducted before submission meets the NVI-002 four-dimension proportionality standard. Verification confirms that the proportionality assessment is documented, that it addresses all four dimensions (scope, institutional, temporal, and risk proportionality), that the conclusions are internally consistent, and that the intelligence submitted is consistent with the proportionality assessment's conclusions about the appropriate scope of sharing.

6.4 Accountability Record Completeness Standard

VVS Domain 4.4 requires that the Intelligence Audit Register™ record associated with the submission is complete — that all exchange events, access requests, consent validations, and proportionality assessments relating to the intelligence are recorded. Completeness verification is automated within the NSIE™ architecture: the IAR™ generates a completeness flag for each submission, which is included in the verification assessment.

7. Domain 5: Governance Compliance Standards™

7.1 Institutional NVI™ Compliance Standard

VVS Domain 5.1 requires that the submitting institution is a verified NVI™ participant operating within the Institutional Trust Framework™ (NVI-005) with no outstanding participation sanctions. Intelligence submitted by institutions not in good standing within the NVI™ trust framework is not verified until the standing issue is resolved. This requirement creates a direct link between institutional governance compliance and individual intelligence quality — recognising that intelligence quality cannot be sustained in an institution whose governance framework is deficient.

7.2 Practitioner Training and Competence Standard

VVS Domain 5.2 requires that the submitting institution can demonstrate that its practitioners generating NVI™ intelligence operate within an active, documented training and competence framework aligned to the NVI™ capability requirements. This is assessed institutionally, not only at individual practitioner level: an institution that relies on individual practitioner training without an institutional framework for maintaining and verifying competence over time does not meet Domain 5.2.

7.3 Internal Quality Assurance Standard

VVS Domain 5.3 requires that the submitting institution maintains an internal quality assurance process for NVI™ intelligence — a mechanism through which the institution itself reviews the quality of its submissions before they are presented for external verification. Internal QA is not a substitute for external verification: it is a prerequisite that ensures external verification is not the first quality check applied to an institution's intelligence. Domain 5.3 is assessed through the institutional governance audit conducted as part of NVI-005 onboarding and annual review.

8. The Verification Assessment Process

8.1 The Verification Workflow

Every intelligence submission to the NVI™ undergoes a defined verification workflow before it enters the exchange network:

1.     Pre-submission quality check: The submitting institution's internal QA process applies Domain 5.3 review before the submission is made to the NVI™.

2.     Automated compliance screening: The NVI™ system automatically screens the submission for completeness against all mandatory CIF™ fields, attribution requirements, and consent documentation requirements. Submissions failing automated screening are returned to the institution for remediation.

3.     Domain assignment: Successfully screened submissions are assigned to a verifier with the appropriate sector expertise and Verification Authority (as defined in NVI-003).

4.     Domain assessment: The verifier conducts a structured assessment against all five VVS™ domains, using the domain-specific assessment tools provided by the NVI™ Standards Board.

5.     Quality rating assignment: Based on the domain assessment, the verifier assigns a Q1-Q5 quality rating with documented justification for each domain finding.

6.     Verification certificate issue: Intelligence meeting verification standards receives a Verification Certificate recording the rating, verifier identity, verification date, and validity period.

7.     Remediation referral: Intelligence failing verification is returned to the institution with a structured remediation report identifying each domain failure, the evidence for it, and the remediation required before resubmission.

8.2 Verification Timeframes

Submission Category

Target Verification Timeframe

Standard submission

5 working days

Emergency submission (acute risk)

4 hours — condensed verification protocol

Transition submission

2 working days — prioritised due to continuity risk

Re-verification (renewed assessment)

3 working days

Resubmission after remediation

5 working days from resubmission

9. Non-Compliance and Remediation

9.1 The Remediation Framework

The VVS™ Non-Compliance and Remediation Framework addresses intelligence that fails verification — establishing a structured process through which institutions can understand, address, and resolve quality failures. The framework is not primarily a sanction mechanism: its purpose is quality improvement. Every verification failure is an opportunity to improve institutional intelligence quality, and the remediation process is designed to support that improvement.

9.2 Individual Submission Remediation

Where an individual intelligence submission fails verification, the institution receives a Remediation Report identifying: the specific domain(s) that failed verification; the specific standard(s) within those domains that were not met; the evidence on which the failure finding is based; and the specific remediation required before resubmission. Institutions have 14 days to complete remediation of standard submissions and 24 hours for emergency submissions. Resubmissions are processed within the timeframes defined above.

9.3 Institutional Quality Escalation

Where an institution's verification failure rate exceeds defined thresholds — more than 20% of submissions failing Domain 1 standards in any rolling 90-day period, or more than 10% failing Domain 2 standards — the institution is escalated to the Institutional Quality Improvement Programme (IQIP). IQIP involves: a structured diagnostic assessment of the institution's intelligence generation processes; a tailored capability development plan; enhanced oversight of submissions during the IQIP period; and a defined timeframe for quality improvement. Institutions that fail to achieve the required quality improvement within the IQIP timeframe are subject to restricted participation status under the Institutional Trust Framework™ (NVI-005).

9.4 Appeals

Institutions may appeal verification decisions through the NVI™ Appeals and Complaints Mechanism. Appeals are assessed by an independent panel that includes sector expertise different from the original verifier. Appeal decisions are binding and are incorporated into the Standards Board's quality jurisprudence — contributing to the development of consistent verification practice across the network.

Vulnerability Verification Standards™ transforms verification from an aspiration into an obligation — from the theoretical possibility that safeguarding intelligence might be reliable to the governance architecture that makes it reliably so. Standards are the architecture of accountability. Without them, improvement is accidental. With them, improvement is governable.

COPYRIGHT NOTICE

© 2026 Samantha Avril-Andreassen. All rights reserved.

SAFECHAINN Ltd (Company No. 12038453).

SAFECHAIN™, National Vulnerability Verification Infrastructure™ (NVI™), Safeguarding Intelligence Series™ (SIS™), Recognition Intelligence™, Continuity Intelligence™, Vulnerability Intelligence™, Accountability Intelligence™, Predictive Safeguarding™, The Vulnerability Intelligence Framework™, Consent-Based Vulnerability Verification™, National Safeguarding Intelligence Exchange™, Vulnerability Verification Standards™, Institutional Trust Framework™, and all associated methodologies, frameworks, governance models, verification infrastructures, safeguarding systems, interoperability architectures, intelligence models, implementation models and intellectual constructs are proprietary intellectual property authored and developed by Samantha Avril-Andreassen.

No reproduction, implementation, adaptation, deployment, AI training, machine learning ingestion, commercialisation, derivative development, institutional adoption, regulatory implementation, governmental implementation, software development, systems development, framework replication, architecture replication or operational implementation of any component of the SAFECHAIN™ ecosystem may occur without the prior written permission of Samantha Avril-Andreassen and SAFECHAINN Ltd.

The SAFECHAIN™ Master Publication Register™ remains the sole authoritative source of publication status, architecture lineage, governance authority, terminology control, implementation hierarchy, version control and intellectual property provenance.