Frequently asked questions

Of course, we offer free no-obligation pre-project meetings to discuss your requirements with our experts and see how we can help. We will then provide you with advice and a quote for next steps.

Enquire via our ISO Service Page to book your meeting.

The minimum number is one user licence, and there is no maximum. The licences allow annual access and we will notify you for renewal.

The Policy Management Module provides Admin Users with complete control over the creation, distribution, and management of policies within your organisation. Upload your own policies, including those from your CertiKit toolkit, and provide secure, centralised access to the most up-to-date documents.

• Ensure compliance and accountability – Track employee acknowledgment of policies to meet regulatory requirements with a clear audit trail.

• Simplify document management – Maintain and share policies from one platform, reducing admin time and ensuring everyone has access to current documents.

We don’t currently accept payment via these methods. The easiest way to pay is via our website or contact us to arrange payment via bank transfer.

The platform subscription is billed annually via invoice to pay on the website or by bank transfer.  You will receive a notification to pay for your subscription within 8 weeks of the renewal date.

We want you to be happy with your subscription and ensure you’re getting the best out of your investment. If you feel you’re not fully using all of the features within the platform and you’d like to know how to use it better, get in touch with our team at [email protected].

If you want to cancel, contact us to let us know and we can take you through the next steps.

Yes, we provide training to help you get the most out of the platform!

Our Help Centre includes a comprehensive Knowledge Base with easy-to-follow video tutorials and step-by-step guides covering all key topics.

You'll also receive regular email tutorials and updates with tips to help you navigate the platform and maximise your subscription.

If you ever need further assistance or can’t find what you’re looking for, our friendly support team is just an email away at [email protected] – we’re always happy to help!

Absolutely! You can fully customise the platform to suit your organisation’s needs.

As an Admin User, you’ll have control over all settings – from adjusting how often reminders are sent and tailoring the reports generated, to personalising the look and feel of the platform with your organisation’s fonts, colours, and logo. It’s easy to make the platform your own!

The Cyber Awareness Module is an interactive training tool designed to enhance your organisation’s cybersecurity (and other important topics) knowledge.

The process begins with each user completing a gap analysis to assess their current understanding, identifying strengths and highlighting areas that need improvement.

Based on the gap analysis results, users are then provided with a tailored series of short, engaging video courses focused on relevant cybersecurity topics. After each video, users complete a multiple-choice quiz to confirm their understanding of the material.

The User Admin has full control over the frequency and scheduling of these training sessions, ensuring they fit your organisation’s objectives.

All user progress, including course completions and quiz results, is automatically collected and displayed in an easy-to-use dashboard for the User Admin. This provides clear visibility into the overall status of your organisation's cyber awareness training, making it simple to monitor progress and share detailed reports with auditors when needed.

Phishing is one of the most common causes of data breaches, and the platform helps you strengthen your organisation’s defences by simulating phishing attacks to test user awareness.

If a user falls for a simulated phishing email, the system automatically assigns targeted training to help improve their understanding and resilience against future threats.

The Auto-Phish feature, sends automated phishing emails to users at a frequency you define. For greater control, Admin Users can also select specific phishing simulations from the platform’s library or create their own custom, bespoke phishing campaigns.

To ensure these phishing simulations reach users’ inboxes, Admins can easily update the domain allow list in the platform’s settings with the domains being used for simulations. Detailed instructions for this setup are available in the platform’s Help Centre.

This feature helps you proactively train your team, identify vulnerabilities, and build stronger defences against real-world phishing threats.

The Dark Web Monitoring module is a fully automated tool that continuously scans the dark web for potential threats to your organisation’s digital identity and sensitive data.

This powerful feature offers comprehensive monitoring by searching hidden areas of the internet – including underground forums, hacking sites, data dump repositories, and peer-to-peer networks – for exposed user information such as passwords, email addresses, phone numbers, and other personal details.

The system automatically scans the deep web, detects if any of your users have been involved in a data breach, and compiles the findings into a clear, actionable report. This report highlights any compromised data and provides guidance on how to mitigate risks and prevent further breaches.

Yes, we offer implementation consultancy for ISO 27001 and ISO 9001. You can find out more on our ISO Services page.

Our ISO consultants have successfully helped many organisations prepare for their ISO certification audits. We’re based in the UK and consult remotely via MS Teams, so our consultancy is best suited to organisations +/- five hours of the UK time zone.

CertiKit is not a Registered Certification Body and cannot provide you with a formal management system certification.

However, we have a team of lead auditors who can assist you with your ISO internal auditing requirements. We offer both full pre-certification audits and ongoing internal audits for ISO 27001 and ISO 9001.

You can find out more information on our ISO Services Page.

Yes, our toolkits come with a comprehensive support package to ensure compliance.

• Unlimited Email Support - Our experts are available via email to answer your questions and provide guidance whenever you need it.

• Lifetime Toolkit Updates - You'll receive updates to the toolkit documents as part of the package, so you can always have the most up-to-date documentation.

• Document Reviews - We'll review 3 of your completed documents and provide personalised feedback.

The Enhanced Gap Assessment provides detailed reports and visual data on your compliance status, making it easy to demonstrate readiness during audits.

Yes, the spreadsheet is fully customisable, allowing you to tailor it to your specific organisational needs and compliance goals.

Due to our licensing agreement with ISO, the Enhanced Gap Assessment includes the exact text of the standard. So instead of repeatedly cross-referencing the original standard document, you’re provided with a comprehensive spreadsheet that maps out each specific requirement clearly.

The Enhanced Gap Assessment is delivered in a user-friendly Microsoft Excel spreadsheet and includes tables and dashboards that show your status and progress to a precise level of detail. This format allows you to quickly input data, track your progress, and analyse gaps without the need for specialised software or technical knowledge.

Excel’s familiar interface ensures that users can easily navigate through the various sections, update statuses, and manage their compliance journey efficiently.

You can reset your password by going to Your Account Login and clicking ‘lost password’. You can then enter the registered email address and click ‘get new password’. This will email a verification link, where you can set up a new password.

When you purchase a CertiKit toolkit, your account will be automatically created. You will receive an email to the registered email address asking you to create a password. You can then login to your account at any time to view your invoices or download your toolkit via Your Account Login.

The payment providers we use have a variety of different ways to evaluate each credit card transaction and decide whether to accept it. This is outside of our control and sometimes you may find that a valid card is rejected on the first attempt. We would suggest that you check the details of the card including the registered address, number, expiry date and CVV code and try again. If you still have no success you can contact us to discuss alternative methods of payment, the main one being bank transfer.

Our base currency for pricing is the British Pound. We don’t use dynamic pricing in other currencies because our customers have told us that this makes it difficult for them in obtaining approval for purchases within their organisation. Instead we keep an eye on currency fluctuations and make changes if we believe there is a case for it. This is normally when the change is significant and is likely to last for a reasonable period of time.

Given the business we’re in, we take security very seriously so all communication between your browser and our website is encrypted using the TLS protocol and we use an Extended Validation certificate so you can have confidence in who we are. As a company we are ISO/IEC 27001 and Cyber Essentials certified so we’re audited on a regular basis to make sure we do everything we can to protect your data.

Although we don’t hold credit card data ourselves, we are PCI-compliant and we make use of secure, PCI-compliant third parties such as Braintree and PayPal to take payments.

We would highly recommend having a copy of the source document when preparing for compliance, especially when working towards an ISO Standard.

You can either buy a copy of the Standard on the official ISO website or you can purchase a BSI-licensed Enhanced Gap Assessment from CertiKit, which includes the exact wording of the Standard broken down into a user friendly spreadsheet.

If this is your first certification audit you will need to have completed an internal audit of the full management system and have evidence of this in the form of the report before the stage 2 audit.

After this, most certification auditors allow the management system to be internally audited over the three year recertification period of which will be managed with an internal audit program decided by your organisation.

This depends on the scope of the audit and if there are multiple sites, or business functions that fall under that audit scope.  Time also needs to be factored in for evidence gathering, writing the audit report along with any audit findings and nonconformities that may be identified.

• Confirms the health of your management system, the way it is operating and the efficiency of the business processes i.e. Is it wasting time, effort, and cash on inefficient processes?

• Ensures that your company operations, processes and procedures comply with statutory, regulatory and management system requirements.

• Gives senior management visibility into the effectiveness or weaknesses of the management system as part of the management review requirements.

No this isn’t a requirement, however it is a requirement that the internal auditor must be independent of the management system. This means if you’ve worked on implementing all or part of the management system you’re not able to audit your own work. This is why many organisations find it easier to outsource this to ensure compliance.

Again this isn’t a requirement, however the more experience and knowledge your internal auditor has the better the internal audit will be. From knowing what to look for, what questions to ask departments and ensuring a comprehensive audit that will match the certification auditors so there are no nasty surprises at the stage two certification audit.

Representatives within the scope of activities being audited will need to be interviewed, plus any other representatives as needed. Your internal auditor, whether this is in-house or outsourced will provide you with a schedule of interviewees based on their involvement with a certain business function or within the management system.

It is a requirement that an organisation defines an audit plan covering a period of time, typically organisations prepare an annual audit schedule showing which functions or areas of the standard are to be audited at a particular time.  Internal audits should be carried out in accordance with the audit schedule.

This is dependent on multiple factors from audit scope to size of the organisation and number of sites. Submitting an enquiry and completing our audit booking form is the best way to get a quote specific to your organisation.

Internal audits are a requirement of clause 9.2 of many ISO standards.  A certification auditor will verify that you are carrying out internal audits to your audit schedule, and are providing the relevant audit evidence (reports and any nonconformities) and that the audit programme is being managed.  Certification bodies will also check that the outputs of audits are being reviewed in your management review meetings to identify areas of weakness or areas for improvement.

If you haven’t found the information you’re looking for, don’t worry - we’re here to help! You can contact CertiKit through the following methods:

Email – Send us your email to [email protected], and we’ll get back to you promptly.

Phone – Call us at +44 1332 417 065 during UK business hours, and a member of our team will assist you.

Contact Form – Contact Us via our website and fill out a form with your query.

Each toolkit consists of items created using Microsoft Office. Most templates are Word documents but there are also Excel spreadsheets and PowerPoint presentations. Some products also include a Microsoft Project file containing a plan for the implementation, and this is reproduced in Excel for customers who don’t use Project.

No, what we provide is intended to be a complete documentation solution to help your organisation to become certified to an ISO standard or other scheme or comply with a legal framework such as the GDPR as quickly and effectively as possible.

The decision to release an updated version of a toolkit is based on a number of factors, including whether there has been a change to the standard or other source document that the toolkit is based on and the rate of change of the subject area. This means that the frequency of updates varies across the product range. We will inform you by email when an update is available, together with details of what has been updated within the toolkit.

Once your order is submitted and accepted you will be able to download your product straight away from our website.

You will receive an email that contains a link to our website where you will be able to download your toolkit later if you choose to.

You can also log on to your account on our website and download the latest versions of your products at any time. Each product consists of a zip file containing the full set of document templates. Once downloaded, just unzip the file using standard Windows tools and your toolkit will be available for you to get started.

Anything! The whole idea of the document toolkit is that you make it your own. So if you want to change the layout, go ahead. If you want to add sections or take them out, no problem. If you want to copy the content and insert it into your own document then that’s fine too. The documents are not locked down in any way so there are no restrictions on what you can do with them.

Some Excel files may have protected cells or sheets so that you don’t accidentally change them but no password is used so this can be removed if you choose to. Our documents are designed using standard Microsoft Office techniques such as Themes, so changing their look and feel is easy.

While our toolkits are mainly intended for use within a Microsoft environment, the compatibility of our Word, Excel and PowerPoint documents with Google’s G Suite has been tested as part of our product development procedures. At the time of testing, all documents were successfully opened using Google Docs, Google Sheets and Google Slides, with a PC or a Mac.

However, due to compatibility limitations between the two office suites, G Suite users may experience some formatting issues involving borders, headers, colours and spacing in documents and spreadsheets. We have tried to limit these issues to give as good an experience as possible for G Suite users. Additionally, some more advanced features we use in Microsoft Office, such as Excel pivot tables, charts and slicers, and Word fields, may not convert well.

The level of compatibility available changes regularly as the two companies develop their products, so things may further improve over time. In summary, if you choose to use the toolkit documents in G Suite, we believe most of the functionality of the documents in the toolkit remains broadly the same.

We currently have customers using our toolkits successfully all over the world, including in the UK, EU, USA, Australia, New Zealand and South Africa. Because ISO standards are international the requirements are the same in every country and we try our best to reflect regional variations where possible.

Other products are specific to individual countries so we follow the conventions used in those countries. We generally use the same spelling as that used within the source document, whether that’s an ISO standard or a law such as the GDPR.

The toolkit will save you time because the documents you need to comply with the relevant standard, scheme, regulation etc. are already created and populated with meaningful content that is appropriate to most organisations. So you have a huge head start compared to beginning with a blank page and a copy of the Standard or source document. Also, because the format of the documents and spreadsheets you will need to complete is already defined, you can concentrate on getting the contents exactly right for you without worrying too much about the structure.

The toolkits are designed to provide all the documents needed for compliance, suitable for organisations of any size. Start with the documents relevant to your current needs, and as your management system or regulatory requirements grow, the toolkit will support you with additional resources.

For ISO standards, the number of documents specifically mentioned within the management system part of the standard can be relatively few e.g. for ISO/IEC 27001 it is:

Scope

Information security policy

Risk assessment process

Statement of applicability

Risk treatment process

Objectives

Evidence of competence

Risk assessments

Monitoring and measurement results

Audit programme and results

Management reviews

Non-conformities and corrective action

From an audit viewpoint it’s all about being able to show evidence that you are meeting the requirements of the standard and often the best way to do that is to provide some form of document. So what we have within the toolkit is a set of template documents that you can also use if you feel you need to in order to demonstrate the level of evidence required.

To implement the standard or regulation effectively, and to get the most out of your toolkit you will need to spend some time making the documents your own and reflecting your own specific organisation, culture, technical infrastructure, geographical location(s) and IT applications.

This is an essential part of making the relevant standard, scheme or regulation work for you and the purpose of the toolkit is to guide you through this tailoring process. Full instructions on how to tailor the documents are included both within each document and in the comprehensive Implementation Guide.

Yes, you can either add your organisation's logo to each document as your work through the toolkit, or you can use our Logo Replacer Service and receive a personalised toolkit complete with your organisation's name and logo on each word and excel document.

Our ISO toolkits are designed to help you implement a management system that meets the requirements of each international standard.

To become certified, you need to use a Registered Certification Body (RCB) in your country who will conduct a two stage audit process to verify that you meet the requirements. Once you have passed the second audit, your organisation will be certified. We recommend you use an RCB that is accredited by a member of the IAF (International Accreditation Forum), such as UKAS in the UK or ANAB in the USA, for your audit. The costs of certification will be quoted to you in advance by the RCB you choose.

Once certified, there will be an annual surveillance visit to confirm that your management system is still operating according to the requirements of the standard.

We currently accept the following payment methods:

• Credit/Debit Cards – We accept major credit and debit cards, including Visa, Mastercard, and American Express.

• PayPal – A secure and convenient way to pay using your PayPal account.

• Bank Transfer – Contact our team with your order requirements and we will send you an invoice for payment via bank transfer.

If you have any issues or require assistance with payment, please don’t hesitate to get in touch.