We get asked numerous questions about the CertiKit Toolkits, and while we can’t list them all here, we can certainly answer the ones that come up more often than others.
If your question isn’t answered, just get in touch with the team by submitting an enquiry form. We will do our very best to respond to you within 24 hours.
Each toolkit consists of items created using Microsoft Office and delivered in 2010 format so that they can be opened and edited by Microsoft Office 2010 and later. Most templates are Word documents but there are also Excel spreadsheets, PowerPoint presentations and Visio diagrams (although we are in the process of phasing these out in favour of Word diagrams) within the toolkit. Some products also include a Microsoft Project file containing a plan for the implementation, and this is reproduced in Excel for customers who don’t use Project.
Once your order is submitted and accepted you will be able to download your product straight away from our website. You will receive an email that contains a link to our website where you will be able to download your toolkit later if you choose to. You can also log on to your account on our website and download the latest versions of your products at any time whilst you have a support subscription in place (this is included automatically for the first 12 months). Each product consists of a zip file containing the full set of document templates. Once downloaded, just unzip the file using standard Windows tools and your toolkit will be available for you to get started.
Anything! The whole idea of the document toolkit is that you make it your own. So if you want to change the layout, go ahead. If you want to add sections or take them out, no problem. If you want to copy the content and insert it into your own document then that’s fine too. The documents are not locked down in any way so there are no restrictions on what you can do with them. Some Excel files may have protected cells or sheets so that you don’t accidentally change them but no password is used so this can be removed if you choose to. Our documents are designed using standard Microsoft Office techniques such as Themes, so changing their look and feel is easy.
We currently have customers using our toolkits successfully in more than one hundred and twenty countries including the USA, UK, UAE, Australia, Canada, South Africa, Indonesia, Germany, Ireland, The Netherlands, Nigeria, Malaysia, China, India, Russia, Saudi Arabia, Switzerland, Eqypt and many, many more. Because ISO standards are international the requirements are the same in every country and we try our best to reflect regional variations where possible. Other products are specific to individual countries so we follow the conventions used in those countries. We generally use the same spelling as that used within the source document, whether that’s an ISO standard or a law such as the GDPR.
The toolkit will save you time because the documents you need to comply with the relevant standard, scheme, regulation etc. are already created and populated with meaningful content that is appropriate to most organizations. So you have a huge head start compared to beginning with a blank page and a copy of the standard or source document. Also, because the format of the documents and spreadsheets you will need to complete is already defined, you can concentrate on getting the contents exactly right for you without worrying too much about the structure.
For ISO standards, the number of documents specifically mentioned within the management system part of the standard can be relatively few e.g. for ISO/IEC 27001 it is:
But from an audit viewpoint it’s all about being able to show evidence that you are meeting the requirements of the standard and often the best way to do that is to provide some form of document. So what we have within the toolkit is a set of template documents that you can also use if you feel you need to in order to demonstrate the level of evidence required.
In theory you can pass the audit without having documented processes and procedures etc. (apart from the above) as long as they are generally known about and followed but we have yet to see anyone test that theory too much. Also, unless you’re a very small company, it’s a very good idea to have the relevant procedures set out on paper due to turnover of staff and consistency etc.
Taking the controls in Annex A of the ISO/IEC 27001 standard as an example, again it’s about being able to show that you have implemented them; some you can demonstrate simply by showing the auditor e.g. installed software controls against malware or physical security controls such as locks, but others really require some documented evidence e.g. inventory of assets or secure development policy. So it’s up to you to decide how best to evidence the fact that you meet the requirements and (in the case of ISO/IEC 27001) your selected Annex A controls and the toolkit will provide a head start in those areas you feel you need a document for.
To get the most out of your toolkit you will need to spend some time making the documents your own and reflecting your own specific organisation, culture, technical infrastructure, geographical location(s) and IT applications.
This is an essential part of making the relevant standard, scheme or regulation work for you and the purpose of the toolkit is to guide you through this tailoring process. Full instructions on how to tailor the documents are included both within each document and in the comprehensive Implementation Guide.
We are constantly refining and updating the templates based on feedback from customers and auditors and as part of our work as qualified consultants. The decision to release an updated version of a toolkit is based on a number of factors, including whether there has been a change to the standard or other source document that the toolkit is based on, the rate of change of the subject area and the popularity of the toolkit. This means that the frequency of updates varies across the product range. We will inform you by email when an update is available, together with details of what has been updated within the toolkit.
Our ISO toolkits are designed to help you implement a management system that meets the requirements of each international standard. To become certified, you need to use a Registered Certification Body (RCB) in your country who will conduct a two stage audit process to verify that you meet the requirements. Once you have passed the second audit, your organization will be certified. We recommend you use a UKAS (UK Accreditation Service) or ANAB (ANSI-ASQ National Accreditation Board) accredited RCB for your audit. The costs of certification will be quoted to you in advance by the RCB you choose. Once certified, there will be an annual surveillance visit to confirm that your management system is still operating according to the requirements of the standard.
No, what we provide is intended to be a complete documentation solution to help your organization to become certified to an ISO standard or other scheme or comply with a legal framework such as the GDPR as quickly and effectively as possible.
Given the business we’re in, we take security very seriously so all communication between your browser and our website is encrypted using the TLS protocol and we use an Extended Validation certificate so you can have confidence in who we are. As a company we are ISO/IEC 27001 and Cyber Essentials certified so we’re audited on a regular basis to make sure we do everything we can to protect your data.
Although we don’t hold credit card data ourselves, we are PCI-compliant and we make use of secure, PCI-compliant third parties such as Braintree and PayPal to take payments.
Our base currency for pricing is the British Pound. We don’t use dynamic pricing in other currencies because our customers have told us that this makes it difficult for them in obtaining approval for purchases within their organization. Instead we keep an eye on currency fluctuations and make changes if we believe there is a case for it. This is normally when the change is significant and is likely to last for a reasonable period of time.
The payment providers we use have a variety of different ways to evaluate each credit card transaction and decide whether to accept it. This is outside of our control and sometimes you may find that a valid card is rejected on the first attempt. We would suggest that you check the details of the card including the registered address, number, expiry date and CVV code and try again. If you still have no success you can contact us to discuss alternative methods of payment, the main one being bank transfer.