1What is the template document format in?
Each toolkit includes items created using Microsoft Office and delivered in 2010 format so that Microsoft Office 2010 and later can open and edit them. Most templates are Word documents, but the toolkit also includes Excel spreadsheets, PowerPoint presentations and Visio diagrams. Some products also include a Microsoft Project file with an implementation plan, and this is reproduced for customers who do not use Project in Excel.
2How are they going to be delivered?
You will be able to download your product directly from our website once your order is submitted and accepted. You will also receive an email containing a link to a secure website where, if you choose, you can download later. Each product consists of a zip file with a complete set of templates for the document. This means that you will need to access a copy of or similar to Winzip. A free copy of Winzip's evaluation is available at www.winzip.com. Once downloaded, simply unzip the file and get started with your toolkit.
3What can I change in the template of a document?
There's anything! The entire idea of the toolkit for the document is to make it your own. So if you want the layout to be changed, go ahead. No problem if you want to add or remove sections. If you want the content to be copied and inserted into your own document, it's also fine. Documents are in no way locked so there are no restrictions on what you can do with them. Some Excel files have cells or sheets protected to prevent you from changing them accidentally, but no password is used to remove this if you choose.
4How is the toolkits international?
In more than 95 countries, including the USA, UK, UAE, Australia, Canada, South Africa, Indonesia, Germany, Ireland, the Netherlands, Nigeria, Malaysia, China, India, Russia, Saudi Arabia, Switzerland, Eqypt and many more, we currently have customers using our toolkits successfully. Because the standards are international, in each country the requirements are the same and we try our best to reflect regional variations wherever possible.
5Why is the toolkit going to save me time (and money)?
You will be saved time by the toolkit because the documents you need to meet the standard are already created and populated with meaningful content that is relevant to most organizations. So compared to starting with a blank page and a copy of the standard, you have a huge head start. Also, since the document and spreadsheet format you need to complete is already defined, you can concentrate on getting the content exactly right for you without worrying too much about the structure.
6That's a lot of papers. Do I need all of them?
The number of specific documents specified in the standard part of the management system may be relatively small, e.g. for ISO / IEC 27001:
- Information security policy
- Risk assessment process
- Statement of applicability
- Risk treatment process
- Evidence of competence
- Risk assessments
- Monitoring and measurement results
- Audit programme and results
- Management reviews
- Non-conformities and corrective action
But from an audit point of view, it's all about being able to demonstrate evidence that you meet the standard's requirements and often the best way to do that is to provide some form of document. So what we have in the toolkit is a set of template documents that you can also use to demonstrate the level of evidence you need.
In theory, you can pass the audit without having documented processes and procedures etc. (apart from the above) as long as they are generally known and followed, but there is still too much to see anybody testing that theory. Also, unless you're a very small business, due to staff turnover and consistency etc., it's a very good idea to have the relevant procedures set out on paper.
Taking the controls in Annex A of the ISO / IEC 27001 standard as an example, it is again about being able to demonstrate that you have implemented them ; some of them can be demonstrated simply by showing the auditor e.g. installed software controls against malware or physical security controls such as locks, but others require some documented evidence such as asset inventory or secure development policy. It is therefore up to you to decide how best to prove that you fulfill the requirements and (in the case of ISO / IEC 27001) your selected Annex A controls and the toolkit will provide a head start in those areas for which you feel you need a document.
7How much will I need to customize to fit my organization?
You will need to spend some time making your own documents and reflecting your own specific organization, culture, technical infrastructure, geographic location(s) and applications to get the most out of implementing each of the standards.
This is an essential part of making the standard work for you and the toolkit's purpose is to guide you through this process of tailoring. Included in each document as well as in the comprehensive Implementation Guide are full instructions on how to tailor the documents.
8How often are you updating?
As part of our work as qualified consultants, we are constantly refining and updating the templates based on feedback from customers and auditors. To keep the update process as manageable as possible for us and our customers, we usually issue an update package twice a year, along with details of what was updated in the toolkit. We will inform you about an update by email.
9How does my organization become internationally certified?
Our toolkits are designed to help you implement a management system that meets each international standard's requirements. To be certified, you need to use your country's Registered Certification Body (RCB) to conduct a two - stage audit process to verify that you are meeting the requirements. Your organization will be certified once you have passed the second audit. For your audit, we recommend using an RCB accredited by UKAS (UK Accreditation Service) or ANAB (ANSI - ASQ National Accreditation Board). The RCB you choose will quote the certification cost to you in advance. Once certified, an annual monitoring visit will take place to confirm that your management system is still operating in accordance with the standard requirements.
10Do you sell toolkits individual documents?
No, what we offer is meant to be a complete documentation solution to help your organization get certified as quickly and efficiently as possible.
11What security measures are you taking to protect my website use?
We take security very seriously in view of the business we are in so that all communication between your browser and our website is encrypted using the TLS protocol. As a company we are certified to ISO / IEC 27001:2013 so we are regularly audited to ensure that we do our best to protect your data.
While we do not hold credit card data on our own, we are PCI - compliant and use secure, PCI - compliant third parties such as Stripe and PayPal to pay.
12How are you setting your prices internationally?
Our pricing base currency is USD. In other currencies, we do not use dynamic pricing because our customers have told us that this makes it difficult for them to obtain purchase approval within their organization. Instead, if we believe there is a case for it, we keep an eye on currency fluctuations and make changes. This usually happens when the change is substantial and likable
13My credit card was refused, what am I supposed to do?
We use payment providers to evaluate each credit card transaction and decide whether to accept it in a variety of different ways. This is beyond our control and you may find that at the first attempt a valid card is rejected. We would suggest that you check and try again the card details including the registered address, number, expiry date and CVV code. If you are still unsuccessful, you can contact us to discuss alternative payment methods, the main one being bank transfer.