You asked
What criteria is used to determine "good faith" security research, as outlined in the Office of National Statistics' vulnerability disclosure policy.
We said
Thank you for your request.
The term "good faith" is used in this context as described in the dictionary definition:
"Done in an honest and sincere way"
The source for this definition can be found here: https://dictionary.cambridge.org/dictionary/english/good-faith?q=Good+faith
This definition and has been confirmed with the National Cyber Security Centre (NCSC), who wrote the vulnerability disclosure policy.