Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

Frequently Asked Questions

Please find our list of most commonly asked questions about our toolkits and services.

If you can’t find the answer you’re looking for, head over to our contact us page to get in touch with team, and we will do our very best to respond to you within 24 hours on UK business days.

What format are the template documents in?

Each toolkit consists of items created using Microsoft Office and delivered in 2010 format so that they can be opened and edited by Microsoft Office 2010 and later. Most templates are Word documents but there are also Excel spreadsheets, PowerPoint presentations and Visio diagrams (although we are in the process of phasing these out in favour of Word diagrams) within the toolkit. Some products also include a Microsoft Project file containing a plan for the implementation, and this is reproduced in Excel for customers who don’t use Project.

How will the toolkits be delivered?

Once your order is submitted and accepted you will be able to download your product straight away from our website. You will receive an email that contains a link to our website where you will be able to download your toolkit later if you choose to. You can also log on to your account on our website and download the latest versions of your products at any time. Each product consists of a zip file containing the full set of document templates. Once downloaded, just unzip the file using standard Windows tools and your toolkit will be available for you to get started.

What can I change in a document template?

Anything! The whole idea of the document toolkit is that you make it your own. So if you want to change the layout, go ahead. If you want to add sections or take them out, no problem. If you want to copy the content and insert it into your own document then that’s fine too. The documents are not locked down in any way so there are no restrictions on what you can do with them. Some Excel files may have protected cells or sheets so that you don’t accidentally change them but no password is used so this can be removed if you choose to. Our documents are designed using standard Microsoft Office techniques such as Themes, so changing their look and feel is easy.

How international are the toolkits?

We currently have customers using our toolkits successfully all over the world, including in the UK, EU, USA, Australia, New Zealand and South Africa. Because ISO standards are international the requirements are the same in every country and we try our best to reflect regional variations where possible. Other products are specific to individual countries so we follow the conventions used in those countries. We generally use the same spelling as that used within the source document, whether that’s an ISO standard or a law such as the GDPR.

Why will the toolkit save me time (and money)?

The toolkit will save you time because the documents you need to comply with the relevant standard, scheme, regulation etc. are already created and populated with meaningful content that is appropriate to most organizations. So you have a huge head start compared to beginning with a blank page and a copy of the Standard or source document. Also, because the format of the documents and spreadsheets you will need to complete is already defined, you can concentrate on getting the contents exactly right for you without worrying too much about the structure.

That's a lot of documents. Do I really need them all?

For ISO standards, the number of documents specifically mentioned within the management system part of the standard can be relatively few e.g. for ISO/IEC 27001 it is:

  • Scope
  • Information security policy
  • Risk assessment process
  • Statement of applicability
  • Risk treatment process
  • Objectives
  • Evidence of competence
  • Risk assessments
  • Monitoring and measurement results
  • Audit programme and results
  • Management reviews
  • Non-conformities and corrective action

But from an audit viewpoint it’s all about being able to show evidence that you are meeting the requirements of the standard and often the best way to do that is to provide some form of document. So what we have within the toolkit is a set of template documents that you can also use if you feel you need to in order to demonstrate the level of evidence required.

In theory you can pass the audit without having documented processes and procedures etc. (apart from the above) as long as they are generally known about and followed but we have yet to see anyone test that theory too much. Also, unless you’re a very small company, it’s a very good idea to have the relevant procedures set out on paper due to turnover of staff and consistency etc.

Taking the controls in Annex A of the ISO/IEC 27001 standard as an example, again it’s about being able to show that you have implemented them; some you can demonstrate simply by showing the auditor e.g. installed software controls against malware or physical security controls such as locks, but others really require some documented evidence e.g. inventory of assets or secure development policy. So it’s up to you to decide how best to evidence the fact that you meet the requirements and (in the case of ISO/IEC 27001) your selected Annex A controls and the toolkit will provide a head start in those areas you feel you need a document for.

Do you offer consultancy?

Yes, we offer implementation consultancy for ISO/IEC 27001, ISO 22301, ISO 9001, ISO 14001 and ISO 45001. You can find out more on our ISO consultancy page.

Our ISO consultants have successfully helped many organizations prepare for their ISO certification audits. We’re based in the UK and consult remotely via MS Teams, so our consultancy is best suited to organizations +/- five hours of the UK time zone.

Our clients use our consultancy in the following ways:

  • Ad-hoc hours or days to cover a few specific areas
  • Weekly or monthly meetings to keep the project moving forward
  • Documentation writing to speed up the process
  • A fully managed project to get you to certification fast

For other standards or regulations, we may be able to put you in touch with a member of our consultancy scheme, contact us via: [email protected] to see if we have anyone suitable in your area.

Do you conduct ISO audits?

CertiKit is not a Registered Certification Body and cannot provide you with a formal management system certification.

However, we have a team of lead auditors who can assist you with your ISO internal auditing requirements. We offer both full pre-certification audits and ongoing internal audits for ISO/IEC 27001, ISO 22301, ISO 9001, ISO 14001 and ISO 45001.

CertiKit’s internal audits are performed remotely via MS Teams by our consultants in the UK and are most suitable for organizations +/- 5 hours of UK time zone. You can find out more information on our internal audit page.

How much customisation will I need to do to fit my organisation?

To get the most out of your toolkit you will need to spend some time making the documents your own and reflecting your own specific organisation, culture, technical infrastructure, geographical location(s) and IT applications.

This is an essential part of making the relevant standard, scheme or regulation work for you and the purpose of the toolkit is to guide you through this tailoring process. Full instructions on how to tailor the documents are included both within each document and in the comprehensive Implementation Guide.

How often do you produce updates?

The decision to release an updated version of a toolkit is based on a number of factors, including whether there has been a change to the standard or other source document that the toolkit is based on and the rate of change of the subject area. This means that the frequency of updates varies across the product range. We will inform you by email when an update is available, together with details of what has been updated within the toolkit.

Do you sell individual documents from the toolkits?

No, what we provide is intended to be a complete documentation solution to help your organization to become certified to an ISO standard or other scheme or comply with a legal framework such as the GDPR as quickly and effectively as possible.

Do I need to buy a copy of the standard?

We would highly recommend having a copy of the source document when preparing for compliance, especially when working towards an ISO Standard. You can either buy a copy of the Standard on the official ISO website or you can purchase a BSI-licensed Enhanced Gap Assessment from CertiKit, which includes the exact wording of the Standard broken down into a user friendly spreadsheet

How does my organization become certified to an ISO standard?

Our ISO toolkits are designed to help you implement a management system that meets the requirements of each international standard. To become certified, you need to use a Registered Certification Body (RCB) in your country who will conduct a two stage audit process to verify that you meet the requirements. Once you have passed the second audit, your organization will be certified. We recommend you use a UKAS (UK Accreditation Service) or ANAB (ANSI-ASQ National Accreditation Board) accredited RCB for your audit. The costs of certification will be quoted to you in advance by the RCB you choose. Once certified, there will be an annual surveillance visit to confirm that your management system is still operating according to the requirements of the standard.

What security measures do you take to protect my use of your website?

Given the business we’re in, we take security very seriously so all communication between your browser and our website is encrypted using the TLS protocol and we use an Extended Validation certificate so you can have confidence in who we are. As a company we are ISO/IEC 27001 and Cyber Essentials certified so we’re audited on a regular basis to make sure we do everything we can to protect your data.

Although we don’t hold credit card data ourselves, we are PCI-compliant and we make use of secure, PCI-compliant third parties such as Braintree and PayPal to take payments.

How do you set your international pricing?

Our base currency for pricing is the British Pound. We don’t use dynamic pricing in other currencies because our customers have told us that this makes it difficult for them in obtaining approval for purchases within their organization. Instead we keep an eye on currency fluctuations and make changes if we believe there is a case for it. This is normally when the change is significant and is likely to last for a reasonable period of time.

My credit card has been refused, what should I do?

The payment providers we use have a variety of different ways to evaluate each credit card transaction and decide whether to accept it. This is outside of our control and sometimes you may find that a valid card is rejected on the first attempt. We would suggest that you check the details of the card including the registered address, number, expiry date and CVV code and try again. If you still have no success you can contact us to discuss alternative methods of payment, the main one being bank transfer.

How do I set up my user account?

When you purchase a CertiKit toolkit, your account will be automatically created. You will receive an email to the registered email address asking you to create a password. You can then login to your account at any time to view your invoices or download your toolkit via Your Account Login

How do I reset my password?

You can reset your password by going to Your Account Login and clicking ‘lost password’. You can then enter the registered email address and click ‘get new password’. This will email a verification link, where you can set up a new password.

We’ve helped more than 4000 businesses with their compliance