What is Accreditation and why is it so important to the Finance Sector

Those within the financial sector are constantly under pressure. From the extreme importance of consistent security, to understanding and implementing regulatory procedures and continually adapting to our ever changing world to stay up-to-date and ahead of competitors. This combined with pressures and ever changing demands from customers, mean it’s never been more important to choose the right third party suppliers who further reflect your values, but also understand your specific requirements.

But how can financial organisations know what to look for and why is choosing an accredited supplier so important?

What is an accreditation?

Accredited suppliers come with a wealth of experience and expertise to give you peace of mind that your project is in safe hands.

Here at CFH Docmail, we have held a wide range of accreditations and certifications, and have done for over 30 years. As a processor of data, we understand that holding these accreditations is vital for financial sector confidence, knowing that your data and communications are handled, managed and produced in the most secure way.

But we also recognise that these accreditations and certifications highlight us as a provider of the very best communication service to our different customers. They allow us to demonstrate our practices and prove we are a trusted, reliable and ethical supplier, while also supporting our core brand values.

In this blog, our Accreditation and Certification expert, Michelle Underwood, is going to focus on some of our accreditations and certifications that are most relevant to the finance sector, explaining what the accreditation is, why businesses may choose to achieve it and how we achieve it – which may also help you decide on partnering with us, to help you achieve your communication goals.

ISO 9001:2015 Quality Management System

What is it?

ISO 9001:2015 is a UKAS accredited international standard that specifies requirements for a quality management system (QMS). A QMS is a collection of business processes, aimed at consistently meeting customer requirements and enhancing their satisfaction. A QMS is often aligned with an organisation's purpose, goals and strategic direction.

In summary, this accreditation demonstrates the quality controls we have in place to meet our changing customer requirements.

Why do businesses choose to achieve this?

Organisations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements. It helps organisations ensure their customers constantly receive high-quality products and services, which in turn brings many benefits to a business, including satisfied customers, management and employees.

How do we achieve this?

Our head office, based in Radstock, has held the standard since 1991, to continuously maintain registration to ISO 9001 through BSI (certification governing body).Our site in Livingston maintains registration to ISO 9001 through NQA (a separate governing body). Our Windsor site, PRINT.UK.COM, maintain registration to ISO 9001 through QMS International, a separate governing body.

Independent certification governing body BSI, carry out continuing assessments against the standard twice per year at the Radstock site. NQA carries out an audit of Livingston site once per annum, and QMS International carry out an audit of the Windsor site once per annum.

ISO9001:2015 shows our commitment to providing a quality service to all our customers.

ISO 27001:2013 Information Security Management

What is it?

Encompassing people, processes and IT systems, an Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure.

BSI published a code of practice for these systems, which has now been adopted internationally as ISO/IEC 27002:2013.

This is one of the most important accreditations we hold, as it demonstrates our ability to securely manage data.

Why do businesses choose to achieve this?

Information is critical to the operation of an organisation, so ensuring it is secure is key to protecting a company. The key concept of information security management systems (ISMS) is the ability to equivalently protect, maintain and improve confidentiality, integrity, and availability of our information assets. Being certified to ISO/IEC 27001 helps to manage and protect valuable information assets.

ISO27001:2015 Underpins our commitment to take information security seriously and do all we can to protect any data that we have and keep it as secure as possible.

How do we achieve this?

CFH Radstock maintain registration to ISO 27001:2013. An independent audit is carried out by BSI, against the requirements of the standard twice per year at the Radstock site. PRINT.UK.COM has been added as an extension of scope to the Radstock certification to maintain registration to ISO 27001. The Windsor site is audited by BSI once per year as part of the schedule for both sites.

CFH Livingston maintain registration to ISO 27001:2013 through NQA certification governing body. Independent audit is carried out by NQA, against the requirements of the standard once per year at the Livingston site.

The 3 ISO standards work on a 3 year audit cycle – 2 years of surveillance audits where samples of the standard are audited and then in the third year, a full standard re-certification audit takes place to ensure that we are meeting the required standard and can continue to display the ISO badge.

Cyber Essentials Plus Certification

What is it?

This government-backed scheme is simple, but effective, that helps companies to protect their organisation, whatever its size, against a whole range of the most common cyber-attacks.

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections businesses need to put in place are the same, but for Cyber Essentials Plus a hands-on technical verification is carried out. The scheme includes five key controls that, when implemented correctly, can stop the majority of cyber-attacks.

Those controls are:

• Secure configuration
  
• Boundary firewalls and Internet gateways
  
• Access controls and administrative privilege management
  
• Patch management
  
• Malware protection
  

Why do businesses choose to achieve this?

Cyber Essentials permits us to work with the UK government and Cyber Essentials Plus gives us the opportunity to work with the MOD. According to the UK government, achieving Cyber Essentials could prevent “around 80% of cyber-attacks”.

How do we achieve this?

Cyber Essentials and Cyber Essentials Plus certification applies to the whole CFH group that covers all three sites.

Certification to Cyber Essentials & Cyber Essentials Plus requires annual re-assessment which includes carrying out vulnerability/penetration testing on our external and internal network systems by an external independent body. We use BSI for the provision of these services and certification.

C&CCC Standard 55

The Cheque and Credit Clearing Company (C&CCC) is a non-profit making industry body, which has managed the cheque clearing system for England, Scotland and Wales since 1996. As well as clearing cheques, the system processes bankers’ drafts, building society cheques, postal orders, warrants, government payable orders and travellers’ cheques.

Why do businesses choose to achieve this?

All accredited cheque printers must be certified to Standard 55, the Audit Standard for Cheque Printers and are required to print cheques according to Standard 3.1 – Automated Processing of Vouchers (Debits).

Used in conjunction with ISO 27001, the only auditable international standard which defines the requirements for an Information Security Management System (ISMS), Audit Standard for Cheque Printers – Standard 55 addresses the three specific information security requirements for accredited cheque printers:

• Customer data and cheque products
  
• Origination work (such as digital design files / signature files)
  
• Computer-based processes such as downloaded customer information, including transaction processing.

Other achievements we hold

So there you have it, some of our accreditations and certifications explained and they are just the start of it!

We are GDPR compliant (ICO Data Protection Certified) and hold other accreditations, including ISO 14001:2015 Environmental Management, Forest Stewardship Council Certification (FSC) and Programme for the Endorsement of Forests Certification (PEFC).

We also have sector specific accreditations, including places on a number of government frameworks including Crown Commercial Services and Shared Business Services for the NHS.

This combined with internal controls and processes we have in place to continuously manage our customer expectations and requirements; means we focus on delivering the best service and solutions possible to help achieve your practice goals and objectives.

Get in touch

Why not get in touch to find out more about the accreditations, certifications and processes we have in place and how we can help you achieve your goals with effective, reliable, industry leading communications.

Or why not check out our other news and other interesting topics, by subscribing to our blogs below.