Bronze Trust Badge
Entry-level credential for businesses establishing a verifiable cybersecurity readiness baseline.
What it signals: the business has completed Legacy Core foundational readiness review and is listed in the public registry.
Trust Badges
Bronze, Silver, and Gold Trust Badges — visible signals of progress through a structured credentialing pathway, backed by live verification in the Public Business Trust Registry. Readiness you can show; not legal compliance.
Three tiers signal progression in small business cybersecurity readiness. Each tier links to a public verification page.
Entry-level credential for businesses establishing a verifiable cybersecurity readiness baseline.
What it signals: the business has completed Legacy Core foundational readiness review and is listed in the public registry.
Intermediate credential for businesses operating documented controls and ongoing review.
What it signals: documented controls, periodic review, and continued alignment with small business cybersecurity readiness expectations.
Advanced credential for businesses demonstrating mature, sustained cybersecurity readiness practices.
What it signals: sustained controls, periodic third-party touchpoints, and a track record of credential renewal in good standing.
Why it matters now
Small businesses are increasingly being asked to show more than good intentions when it comes to cybersecurity. Customers, banks, insurers, and partners want clearer signals that a business has taken meaningful steps to reduce risk and build trust.
Customers, lenders, insurers, and regulators increasingly expect documented, verifiable cyber readiness. Legacy Core Trust Badges are visible signals of progress through a structured credentialing pathway — tied to live verification, not just a visual symbol.
What it means — and what it does not
A reviewed credential — not a marketing claim. Independently reviewed readiness with live verification.
The Trust Badge means
Awareness, action, or maintain — by tier
Bronze signals awareness credentialing. Silver reflects partner-attested implemented controls. Gold reflects ongoing monitoring and continued partner attestation.
A live verification link
Every badge display links to a real-time verification page in the Public Business Trust Registry. Status reflects current credential state.
Framework-informed readiness
The credentialing pathway is informed by recognized frameworks such as NIST CSF 2.0 — translated into plain English for small business owners.
The Trust Badge does not mean
Not a government credential
Legacy Core is a private credentialing authority, not a regulator. The badge is not a license, permit, or government endorsement.
Not a guarantee of any outcome
The badge demonstrates commitment to readiness; it does not promise the absence of risk or any particular incident outcome.
Not transferable
The credential belongs to the credentialed business. It cannot be assigned to subsidiaries, affiliates, or successor entities without re-credentialing.
Bronze. Silver. Gold.
Bronze is sold direct. Silver and Gold are earned outcomes that a business demonstrates over time — never purchased direct.
Awareness credential indicating the business has completed Legacy Core's 15-module Bronze credentialing pathway and final assessment.
Sold direct
Sold direct
Begin the credentialing pathway and earn Bronze through Legacy Core directly.
$699
Action credential earned through Alliance Partner attestation and evidence of implemented controls.
Earned — never sold direct
Alliance Partner attestation
Earned at no additional cost when an Alliance Partner attests to controls and supplies supporting evidence.
Free with Alliance Partner attestation + evidence
Third-party verification
Earned through independent verification by a CISSP-credentialed reviewer or qualified MSSP.
$299
Maintain credential signaling ongoing monitoring and continued partner attestation — sustained readiness over time.
Earned — never sold direct
Alliance Partner attestation
Earned at no additional cost when an Alliance Partner attests to mature controls and supplies supporting evidence.
Free with Alliance Partner attestation + evidence
Third-party verification
Earned through independent verification by a CISSP-credentialed reviewer or qualified MSSP.
$299
Display guidance
Wherever the badge appears, it must link to your verification URL. That live link is what makes the credential trustworthy.
Do
Do not
Verification link behavior
Every credential has a verification URL at /verify/<credential-ID>. The page returns the live credential state in real time: Active, Renewal Due, Expired, Suspended, or Revoked.
Misuse and revocation
Reports of badge misuse — display after expiration, display of a tier the business has not earned, modified artwork, or impersonation of a credentialed business — are investigated by Legacy Core. Confirmed misuse results in revocation. Revoked credentials remain visible in the registry as Revoked so the public record reflects accurate status.
Report suspected misuse: verify@legacycore.com
That the business has progressed through Legacy Core’s structured credentialing pathway at the displayed tier and is listed in the Public Business Trust Registry. Legacy Core Trust Badges are visible signals of progress backed by live verification — not a claim of legal compliance.
Silver and Gold are never sold direct. They are earned either through Alliance Partner attestation backed by supporting evidence (free) or through independent third-party verification by a CISSP-credentialed reviewer or qualified MSSP. Self-attestation is never accepted.
Every credentialed business receives a verification URL of the form /verify/[credential-ID]. Wrap the badge image in a link pointing to that URL. The page returns the live credential state — active, renewal due, expired, suspended, or revoked.
Suspected misuse can be reported to verify@legacycore.com. Legacy Core investigates each report, contacts the business, and revokes the credential where misuse is confirmed. Revoked credentials remain visible in the registry as Revoked, and verification pages return that status.
No. The badge must be removed from all displays when the credential expires, lapses, or is revoked. Continued display is a misuse and can result in revocation.
Start with a free Trust Audit, then follow the pathway to your first credential — always tied to live verification.