Objective of the Standard
The standard ESCODI-QRO-001 V1.0 (Estándar de Confianza Digital de Querétaro) is a normative framework built to evaluate digital trust, web security, and operational legitimacy of commercial websites and applications located in the state of Querétaro, Mexico.
Principles
The evaluation under the standard is guided by five fundamental principles:
- Legitimacy: Operational and fiscal presence verified locally.
- Transparency: Clear terms of trade, contact methods, and ownership details.
- Security: Active encryption (SSL/HTTPS) protecting consumer data transit.
- Privacy: Transparent notices and data processing compliance.
- Objectivity: Direct inspections based on verifiable public web signals.
Scope & Exclusions
Scope: Applicable to websites, portals, and transactional apps (E-Commerce or Corporate) representing businesses with physical offices, warehouses, or operational centers in Querétaro.
Exclusions: The standard does not audit commercial pricing fairness, product quality satisfaction, shipping contract disputes between parties, nor does it replace ISO standards or state financial guarantees.
Site and Standard Versioning Policy
To ensure long-term consistency as the project scales, QRO. VERIFICADO implements a strict versioning framework across three distinct levels:
- Standard Version: Defines the evaluation criteria (e.g.,
ESCODI-QRO-001 V1.0). Updates to standard criteria do not invalidate active certificates automatically. - Platform Version: Regulates system code and automation updates (e.g.,
Core v2.2.0). - Documentary Version: Manages changes in user manuals, guidelines, and public policy documents.
Standard Version History
Below is the version log of the evaluation standard:
| Standard Version | Status | Validity |
|---|---|---|
| ESCODI-QRO-001 V1.0 | Active / Vigente | Since 2026 |
| ESCODI-QRO-002 | Planned / Planeada | Upcoming / Próximamente |
Evolution of the Standard
Criteria standards must evolve to address new cybersecurity threats and legal rules. Under our change policy:
- Standard updates may be published periodically.
- A newly published standard version does not automatically invalidate currently active certificates.
- Active certificates will remain valid until their expiration date, and subsequent renewals will be evaluated under the active standard version at the date of renewal.
- A public version history of all standard documents will always remain accessible for transparency.
Multilayer Validation Architecture (AVM-QRO V1.0)
The standard officially references the AVM-QRO V1.0 model (specifying the five layers: Context, Cryptography, Access Control, Traceability, and Continuous Monitoring) as the official mechanism to guarantee the authenticity, integrity, and non-repudiation of the Digital Trust Seal. For detailed specifications, refer to our official AVM-QRO Architecture Portal.