Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.
Reveal Menu

Frequently Asked Questions

We get asked numerous questions about the CertiKit Toolkits, and while we can’t list them all here, we can certainly answer the ones that come up more often than others.

If your question isn’t answered, just get in touch with the team by submitting an enquiry form. We will do our very best to respond to you within 24 hours.

What format are the template documents in?

Each toolkit consists of items created using Microsoft Office and delivered in 2010 format so that they can be opened and edited by Microsoft Office 2010 and later. Most templates are Word documents but there are also Excel spreadsheets, PowerPoint presentations and Visio diagrams within the toolkit. Some products also include a Microsoft Project file containing a plan for the implementation.

How will they be delivered?

Once your order is submitted and accepted you will be able to download your product straight away from our site. You will also receive an email that contains a link to a secure site where you will be able to download later if you choose to. Each product consists of a zip file containing the full set of document templates. This means you will need a copy of Winzip or similar to access them. A free evaluation copy of Winzip is available from www.winzip.com. Once downloaded, just unzip the file and your toolkit will be available for you to get started.

What can I change in a document template?

Anything! The whole idea of the document toolkit is that you make it your own. So if you want to change the layout, go ahead. If you want to add sections or take them out, no problem. If you want to copy the content and insert it into your own document then that’s fine too. The documents are not locked down in any way so there are no restrictions on what you can do with them. Some Excel files have protected cells or sheets so that you don’t accidentally change them but no password is used so this can be removed if you choose to.

How international are the toolkits?

We currently have customers using our toolkits successfully in more than sixty countries including the USA, UK, UAE, Australia, Canada, South Africa, Indonesia, Germany, Ireland, The Netherlands, Nigeria, Malaysia, China, India, Russia, Saudi Arabia, Switzerland, Eqypt and many more. Because the standards are international the requirements are the same in every country and we try our best to reflect regional variations where possible.

Why will the toolkit save me time (and money)?

The toolkit will save you time because the documents you need to comply with the standard are already created and populated with meaningful content that is relevant to most organizations. So you have a huge head start compared to beginning with a blank page and a copy of the standard. Also, because the format of the documents and spreadsheets you will need to complete is already defined, you can concentrate on getting the contents exactly right for you without worrying too much about the structure.

That's a lot of documents. Do I really need them all?

The number of documents specifically mentioned within the management system part of the standard can be relatively few e.g. for ISO/IEC 27001 it is:

  • Scope
  • Information security policy
  • Risk assessment process
  • Statement of applicability
  • Risk treatment process
  • Objectives
  • Evidence of competence
  • Risk assessments
  • Monitoring and measurement results
  • Audit programme and results
  • Management reviews
  • Non-conformities and corrective action

But from an audit viewpoint it’s all about being able to show evidence that you are meeting the requirements of the standard and often the best way to do that is to provide some form of document. So what we have within the toolkit is a set of template documents that you can also use if you feel you need to in order to demonstrate the level of evidence required.

In theory you can pass the audit without having documented processes and procedures etc. (apart from the above) as long as they are generally known about and followed but we have yet to see anyone test that theory too much. Also, unless you’re a very small company, it’s a very good idea to have the relevant procedures set out on paper due to turnover of staff and consistency etc.

Taking the controls in Annex A of the ISO/IEC 27001 standard as an example, again it’s about being able to show that you have implemented them; some you can demonstrate simply by showing the auditor e.g. installed software controls against malware or physical security controls such as locks, but others really require some documented evidence e.g. inventory of assets or secure development policy. So it’s up to you to decide how best to evidence the fact that you meet the requirements and (in the case of ISO/IEC 27001) your selected Annex A controls and the toolkit will provide a head start in those areas you feel you need a document for.

How much customisation will I need to do to fit my organisation?

To get the most out of implementing each of the standards, you will need to spend some time making the documents your own and reflecting your own specific organisation, culture, technical infrastructure, geographical location(s) and applications.

This is an essential part of making the standard work for you and the purpose of the toolkit is to guide you through this tailoring process. Full instructions on how to tailor the documents are included both within each document and in the comprehensive Implementation Guide.

How often do you produce updates?

We are constantly refining and updating the templates based on feedback from customers and auditors and as part of our work as qualified consultants. In order to keep the update process as manageable as possible for us and our customers, we generally issue an update package once a year, together with details of what has been updated within the toolkit. We will inform you by email when an update is available.

How does my organization become certified to an international standard?

Our toolkits are designed to help you implement a management system that meets the requirements of each international standard. To become certified, you need to use a Registered Certification Body (RCB) in your country who will conduct a two stage audit process to verify that you meet the requirements. Once you have passed the second audit, your organization will be certified. We recommend you use a UKAS (UK Accreditation Service) or ANAB (ANSI-ASQ National Accreditation Board) accredited RCB for your audit. The costs of certification will be quoted to you in advance by the RCB you choose. Once certified, there will be an annual surveillance visit to confirm that your management system is still operating according to the requirements of the standard.

Do you sell individual documents from the toolkits?

No, what we provide is intended to be a complete documentation solution to help your organization to become certified as quickly and effectively as possible.

What security measures do you take to protect my use of your website?

Given the business we’re in, we take security very seriously so all communication between your browser and our website is encrypted using the TLS protocol. As a company we are ISO/IEC 27001:2013 certified so we’re audited on a regular basis to make sure we do everything we can to protect your data.

Although we don’t hold credit card data ourselves, we are PCI-compliant and we make use of secure, PCI-compliant third parties such as Braintree and PayPal to take payments.

How do you set your international pricing?

Our base currency for pricing is the British Pound. We don’t use dynamic pricing in other currencies because our customers have told us that this makes it difficult for them in obtaining approval for purchases within their organization. Instead we keep an eye on currency fluctuations and make changes if we believe there is a case for it. This is normally when the change is significant and is likely to last for a reasonable period of time.

My credit card has been refused, what should I do?

The payment providers we use have a variety of different ways to evaluate each credit card transaction and decide whether to accept it. This is outside of our control and sometimes you may find that a valid card is rejected on the first attempt. We would suggest that you check the details of the card including the registered address, number, expiry date and CVV code and try again. If you still have no success you can contact us to discuss alternative methods of payment, the main one being bank transfer.

Over 500 businesses have purchased our toolkits