Image of a Light Bulb
Jun 08 2022

What Is Accreditation And Why Is It So Important To The Public Sector

By Michelle Underwood, Compliance Officer

Public sector organisations are finding themselves increasingly under pressure, not only to deliver the very best services to their audiences but to achieve efficiency savings and justify their public expenditure. With this in mind, it’s never been more important to choose the right third-party suppliers. But how can public sector organisations know what to look for and why is choosing an accredited supplier so important?

Accreditation is independent recognition that an organisation meets the requirements of governing industry standards. It is an important way to give confidence in goods, services, management systems and people.

You want to partner with companies you can trust and develop a relationship with so that you can rely on and work together to meet your objectives.

Accredited suppliers come with a wealth of experience and expertise to give you peace of mind that your project is in safe hands.

Here at CFH Docmail, we hold a range of accreditations and certifications and have done for over 30 years. As a processor of data, trusted partner and communication expert, we understand that holding these accreditations is vital for Public Sector confidence, knowing that your data and communications are handled, managed and produced in the best possible way. But we also recognise that these accreditations and certifications highlight us as a provider of the very best communication service to our different customers. They allow us to demonstrate our practices and prove we are a trusted, reliable and ethical supplier, while also supporting our core brand values.

We have a range of accreditations and certifications, each covering different aspects and topics of vital business and industry requirements as well as data security. In this blog, our Accreditation and Certification expert, Michelle Underwood, is going to focus on some of our accreditations and certifications that are most relevant to the Public Sector, explaining what the accreditation is, why businesses may choose to achieve it and how we achieve it - which may also help you decide on partnering with us, to help you achieve your communication goals.


What is it?

ISO 9001:2015 is a UKAS-accredited international standard that specifies requirements for a quality management system (QMS). A QMS is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction. It is aligned with an organisation's purpose and strategic direction.

In short, this accreditation demonstrates the quality controls we have in place to meet our changing customer requirements to a particular standard.

Why do businesses choose to achieve this?

Organisations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements. It helps organisations ensure their customers constantly receive high-quality products and services, which in turn brings many benefits to a business, including satisfied customers, management and employees.

How do we achieve this?

CFH Radstock (our head office) continuously maintain registration to ISO 9001 through BSI (certification governing body) and has held the standard since 1991. CFH Livingston (our site in Scotland) maintains registration to ISO 9001 through NQA (a separate governing body). PRINT.UK.COM (our site in Windsor) maintain registration to ISO 9001 through QMS International, a separate governing body.

Independent certification governing body BSI, carry out continuing assessments against the standard twice per year at the Radstock site. NQA carry out an audit of the Livingston site once per annum, and QMS International carry out an audit of the Windsor site once per annum.

ISO9001:2015 shows our commitment to providing quality service to all our customers.

ISO 14001:2015 Environmental Management

What is it?

An Environmental Management System (EMS) is a framework that helps a company achieve its environmental goals through consistent control of its operations.

This accreditation simply means we ensure our processes have little to no impact on the environment and that we have controls in place to manage any impacts.

Why do businesses choose to achieve this?

It’s a management tool for evaluating the activities of an organisation, identifying the environmental impacts associated with those activities and managing resources to reduce those impacts. An EMS also helps businesses stay compliant with environmental regulations requirements. The key concepts of an EMS are intended to help an organisation understand the full range of its environmental impact, prioritise and effectively manage its programs, track and document its progress, and reduce environmental impact (reduce energy use, waste, prevent pollution and sustainably sourced materials).

How do we achieve this?

CFH Radstock maintains registration to ISO 14001 through the BSI certification governing body. CFH Livingston maintains registration to ISO 14001 through the NQA certification governing body. PRINT.UK.COM maintain registration to ISO 14001 through QMS International.

Independent audits are carried out by BSI, NQA & QMS against the requirements of the standard at each site (2 x Radstock, 1 x Livingston, 1 x Windsor).

ISO14001:2015 demonstrates our commitment to the environment, that we are responsible and monitor our impact and reduce it as much as possible.

ISO 27001:2013 Information Security Management

What is it?

An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems.

BSI published a code of practice for these systems, which has now been adopted internationally as ISO/IEC 27002:2013.

This is one of the most important accreditations we hold, as it demonstrates our ability to securely manage data.

Why do businesses choose to achieve this?

Information is critical to the operation and protection of an organisation. Being certified to ISO/IEC 27001 helps to manage and protect valuable information assets. The key concept of information security management systems (ISMS) is the ability to equivalently protect, maintain and improve confidentiality, integrity, and availability of our information assets that should be protected by the organisation.

ISO27001:2015 Underpins our commitment to take information security seriously and do all we can to protect any data that we have and keep it as secure as possible.

How do we achieve this?

CFH Radstock maintains registration to ISO 27001:2013. An Independent audit is carried out by BSI, against the requirements of the standard twice per year at the Radstock site. PRINT.UK.COM has been added as an extension of scope to the Radstock certification to maintain registration to ISO 27001. The Windsor site is audited by BSI once per year as part of the schedule for both sites.

CFH Livingston maintains registration to ISO 27001:2013 through the NQA certification governing body. An Independent audit is carried out by NQA, against the requirements of the standard once per year at the Livingston site.

The 3 ISO standards work on a 3 year audit cycle - 2 years of surveillance audits where samples of the standard are audited and then in the third year, a full standard re-certification audit takes place to ensure that we are meeting the required standard and can continue to display the ISO badge.

C&CCC Standard 55

What is it?

Companies who wish to print and personalise cheques and gyros must have, and maintain the accreditation to Pay.UK Limited (‘Pay.UK’) Standard 55 under the Cheque Printer Accreditation Scheme (CPAS) – Audit Standard for Cheque Printers (CPAS mapping to BS ISO/IEC 27001:2013

Why do businesses choose to achieve this?

Accredited cheque printers are the only organisations permitted to print and personalise cheques, so having this certification makes this possible.

How do we achieve this?

This scheme only applies to our Radstock & Livingston sites.

Each manufacturing site is required to have its own independent certification and each site is assessed by, and at the same time as our ISO 27001 audits against Standard 55 requirements, at a minimum of once per year on behalf of Pay.UK Limited (‘Pay.UK’) as part of our ISO27001 audit schedule. We must have, and maintain certification to ISO 27001:2013 to achieve Pay.UK Limited (‘Pay.UK’) Std 55. Strict physical security controls, with regard to all aspects of cheque printing (such as data, printing plates, printed cheques, reconciliation, stock control and waste disposal) must be adhered to at all times.

Cyber Essentials Certification

What is it?

This government-backed scheme is simple but effective, that helps companies to protect their organisation, whatever its size, against a whole range of the most common cyber-attacks.

Cyber Essentials’ trademark is its simplicity of approach. It provides guidance for the protection businesses need to put in place. The Cyber Essentials accreditation is a hands-on self-assessment technical verification that is carried out. The scheme includes five key controls that, when implemented correctly, can stop the majority of cyber-attacks.

Those controls are:

  • Secure configuration

  • Boundary firewalls and Internet gateways

  • Access controls and administrative privilege management

  • Patch management

  • Malware protection

Why do businesses choose to achieve this?

Cyber Essentials permits us to work with the UK government. According to the UK government, achieving Cyber Essentials could prevent “around 80% of cyber-attacks”.

How do we achieve this?

Cyber Essentials certification applies to the whole CFH group that covers all three sites.

Certification to Cyber Essentials requires annual re-assessment which includes carrying out a full technical check across all of our internal systems which includes everything in the control list.

Forest Stewardship Council Certification (FSC)

What is it?

Forest certification is a voluntary, market-based instrument, implemented through two separate but linked processes: sustainable forest management certification and chain of custody certification. This system must be in line with the requirements of the FSC Forest Management and/or Chain of Custody Standards.

Why do businesses choose to achieve this?

Being part of FSC certified shows that we a business is complying with the highest social and environmental standards on the market. Civic apprehension about the state of the world’s forests and timber resources is growing, and the FSC accreditation enables a company to find a trustworthy solution to intricate environmental and social issues.

How do we achieve this?

This Scheme is relevant for all 3 of our sites.

Our internal audit process on FSC chain of custody is happening twice per year, and gets involved a large amount of paperwork traceability with the help of CS Production team, Logistics and Accounts.

The FSC certification audit will assess CFH Docmail’s compliance for the relevant FSC requirements. An audit report is produced, on which the certification body makes a decision. In the last years, our certification body produced very positive reports, we only had two minor non-conformances based on changing the wording for some of our procedures, to be in line with the last updates of FSC standards. Following a positive certification decision, we receive an FSC certificate and the FSC certificate and license codes.

Programme for the Endorsement of Forests Certification (PEFC)

What is it?

PEFC chain of custody certification provides independent verified assurance that the certified forest-based material contained in a product originates from sustainably managed forests.

Why do businesses choose to achieve this?

It enables businesses to demonstrate their legal and sustainable sourcing of forest products to their customers and provides them with a variety of advantages that help the environment, people, and the bottom line, such as access to new markets and compliance with legislation.

How do we achieve this?

This Scheme is relevant for all 3 of our sites.

Organisations with chain of custody activities in multiple locations can gain certification for all their sites under one certificate through PEFC multi-site certification.

So there you have it...

...some of our accreditations and certifications explained and they are just the start of it! From other sector-specific accreditations, including a 100% rating with the Data Security & Protection Toolkit approved and of course GDPR compliance to internal controls and processes we have in place to continuously manage our customer expectations and requirements, we focus on delivering the best service and solutions possible to help achieve your goals and objectives.

Why not get in touch to find out more about the accreditations, certifications and processes we have in place and how we can help you achieve your goals with effective, reliable, industry-leading communications? To do so, fill out our contact form below.

Or why not check out our Public Sector Success Stories other news and other interesting topics, by subscribing to our blogs here:

Blogs, Communications

Subscribe to receive the latest CFH insights straight to your mail box