Frequently Asked Questions

What happens if we do not have Professional Indemnity Insurance?

If you don’t have Professional Indemnity Insurance, your application for membership of CERIS will automatically be unsuccessful.

PII is a pre-requisite for membership, both for your protection and for that of your clients.

What happens if our employees have not taken any of the courses?

This question is included to gather data on the industry, rather than a requirement. Your answers will not influence CERIS membership

What happens if we do not employ external vetting?

Your application for CERIS membership will not be affected if you do not employ external vetting, however, your internal vetting will then need to cover all criteria listed.

CERIS will be looking for a quality policy/manual if your business is not yet accredited to ISO 9001.

The below are the minimum requirements to be included in a quality manual;

Includes a commitment for continuous improvement of quality
Includes a commitment to quality within the business and its activities
Includes a commitment to comply with all applicable requirement (statutory, regulatory and contractual)

If we’re not accredited to ISO27001, what sort of detail will be accepted by CERIS?

CERIS will be looking for an information security management policy/system if your business is not yet accredited to ISO 27001.

A security management system would normally include statements on management responsibility for the ISMS including:

Management Responsibility
Management Commitment
Management Representative
Quality Policy and Objectives
Customer Focus and Customer Satisfaction
Corrective Actions
Preventative Actions

CERIS would not necessarily look for evidence in all of these areas but management commitment to their process is essential for effective implementation.

Is it mandated to be certified to Cyber Essentials/Cyber Essentials Plus?

No.

If the business is not certified to CE/CE+, a MINOR non-conformity will be awarded. Please note, up to 3 MINOR’s can be taken forward and still be successfully approved.

What should a client complaints handling process contain?

Any complaints policy should be a repeatable, easy process to follow for your internal staff when handling a client complaint.

It should include a clearly documented escalation path and a process for regular reviews and updates.

How much supporting documentation is needed for the application?

CERIS want to see all documents that you have referred to or referenced in your application form in order to validate the assertions that you make.

These not only provide evidence for your application but are the documents that you are agreeing to abide by through your Code of Conduct.

Please get in contact with CERIS via CERIS@crest-approved.org if you have any questions.

Why do we have to supply multiple contact details?

CERIS is able to target specific categories of people in your organisation with appropriate mailings. For example, your marketing contact will receive requests from CERIS for its own publications and any opportunities passed to CERIS through its PR company.

By supplying us with multiple points of contact, we can ensure that they only receive correspondence from us that is relevant to them. We will ask you to validate these contact details during the annual renewal process.

What does an Annual Renewal entail?

CERIS membership must be renewed on an annual basis.

Your point of contact will be sent a renewal reminder by email at least two months’ in advance of the renewal date. You will be asked to complete your renewal on the CREST Membership Portal. You will have to complete the CERIS renewal form and supply the supporting documentation requested, as well as re-signing the CERIS Code of Conduct.

CERIS carries out a thorough review of your renewal based on the information provided. Once approved, the annual membership fee will be payable.

There are no administration fees payable for annual renewal of your CERIS membership.

Frequently Asked Questions

What happens if we do not have Professional Indemnity Insurance?

If you don’t have Professional Indemnity Insurance, your application for membership of CERIS will automatically be unsuccessful.

PII is a pre-requisite for membership, both for your protection and for that of your clients.

What happens if our employees have not taken any of the courses?

This question is included to gather data on the industry, rather than a requirement. Your answers will not influence CERIS membership

What happens if we do not employ external vetting?

Your application for CERIS membership will not be affected if you do not employ external vetting, however, your internal vetting will then need to cover all criteria listed.

CERIS will be looking for a quality policy/manual if your business is not yet accredited to ISO 9001.

The below are the minimum requirements to be included in a quality manual;

Includes a commitment for continuous improvement of quality

Includes a commitment to quality within the business and its activities

Includes a commitment to comply with all applicable requirement (statutory, regulatory and contractual)

If we’re not accredited to ISO27001, what sort of detail will be accepted by CERIS?

CERIS will be looking for an information security management policy/system if your business is not yet accredited to ISO 27001.

A security management system would normally include statements on management responsibility for the ISMS including:

Management Responsibility

Management Commitment

Management Representative

Quality Policy and Objectives

Customer Focus and Customer Satisfaction

Corrective Actions

Preventative Actions

CERIS would not necessarily look for evidence in all of these areas but management commitment to their process is essential for effective implementation.

Is it mandated to be certified to Cyber Essentials/Cyber Essentials Plus?

No.

If the business is not certified to CE/CE+, a MINOR non-conformity will be awarded. Please note, up to 3 MINOR’s can be taken forward and still be successfully approved.

What should a client complaints handling process contain?

Any complaints policy should be a repeatable, easy process to follow for your internal staff when handling a client complaint.

It should include a clearly documented escalation path and a process for regular reviews and updates.

How much supporting documentation is needed for the application?

CERIS want to see all documents that you have referred to or referenced in your application form in order to validate the assertions that you make.

These not only provide evidence for your application but are the documents that you are agreeing to abide by through your Code of Conduct.

Please get in contact with CERIS via CERIS@crest-approved.org if you have any questions.

Why do we have to supply multiple contact details?

CERIS is able to target specific categories of people in your organisation with appropriate mailings. For example, your marketing contact will receive requests from CERIS for its own publications and any opportunities passed to CERIS through its PR company.

By supplying us with multiple points of contact, we can ensure that they only receive correspondence from us that is relevant to them. We will ask you to validate these contact details during the annual renewal process.

What does an Annual Renewal entail?

CERIS membership must be renewed on an annual basis.

CERIS carries out a thorough review of your renewal based on the information provided. Once approved, the annual membership fee will be payable.

There are no administration fees payable for annual renewal of your CERIS membership.