FAQ

ISSUED MAY 2018

What is the Age Check Certification Scheme?

The Age Check Certification Scheme is set up to provide robust, impartial and independent third-party certification and validation of systems and processes used by age verification service providers. This includes Proof-of-Age ID Providers, Age Check Providers, Age Exchange Service Providers and Relying Parties (age restricted goods or services business).

What types of business can apply for certification?

Broadly, businesses that undertake age checking will fall into the following categories:

  • Proof-of-Age ID Providers that verify age attributes and issue a reusable physical ID card, token or app that an unknown third party (such as a retailer) can rely on without a pre-arranged contractual relationship with the Proof-of-Age ID Provider
  • Age Check Providers that verify age attributes on request by a third party on a transaction-by-transaction basis under a pre-arranged contractual relationship with the Age Check Provider
  • Age Check Exchange Providers that provide an online gateway for Age Check Providers and Relying Parties to access user asserted, permissioned and verified attributes
  • Relying Parties that rely on results of an age check (either remotely or during a face-to-face encounter) to establish the age-related eligibility of an individual for the purposes of a transaction (such as sellers or providers of age restricted goods and services)

Some types of age check provider may fall into more than one category.

Is this certification, accreditation, validation, verification, monitoring or audit?

These terms are sometimes used in an interchangeable way, but they mean different things.

To start with, we are not an accreditation scheme. Accreditation is the process in which certification of competency, authority or credibility is presented usually by a government appointed body, such as the United Kingdom Accreditation Service (UKAS). Currently, UKAS do not assess age check certification for formal accreditation, although this may change in the future. However, the Proof-of-Age Standards Scheme does describe its decision to approve a card issuer as ‘accreditation’.

We are a certification scheme. Certification is the provision by an independent body of written assurance that the product, service or system in question meets specific requirements.

We do this through the validation and verification of systems and procedures of applicant companies to reach a certification decision. From that point forward, we undertake monitoring and audit to satisfy ourselves that the certified service provider continues to meet the requirements of certification. After a defined period, we then undertake recertification of the service provider.

What codes, legislation or standards can the Age Check Certification Scheme cover?

A non-exhaustive list of codes, legislation or standards for UK businesses include:

  • The UK’s Proof of Age Standards Scheme (PASS) – relating to physical proof-of-age cards that are recognised and supported by police, trading standards and the security industry.
  • PAS 1296:2018 – relating to Online Age Verification Code of Practice for age check services, age check exchange services and relying parties.
  • Part 3 of the Digital Economy Act 2017 – relating to preventing access for children to pornographic material.
  • Article 8 of the EU’s General Data Protection Regulation (EU 2016:679) – relating to age restrictions for children on use of social media services.
  • Article 12 of the EU’s Audio-visual Media Services Directive (2010/13/EU) – relating to age restrictions for children accessing TV-on-demand services.
  • Article 18(4) of the EU’s Tobacco Products Directive (2014/40/EU) – relating to age restrictions for access to tobacco, tobacco products, e-cigarettes and nicotine products.
  • Article 7 of the EU’s Pyrotechnic Articles Directive (2013/29/EU) – relating to age restrictions on pyrotechnic articles, such as fireworks, sparklers and other explosives.
  • Licensing Act 2003 Mandatory Age Verification Policies – relating to age restrictions for access to alcohol and regulated entertainment.
  • Gambling Act 2005 Social Responsibility Codes of Practice – relating to age restrictions for access to gambling services.
  • Regulatory Delivery Age Restricted Sales Enforcement – relating to the enforcement of age restricted goods and services by law enforcement professionals.

We are working towards being able to certify against other requirements from around the World, such as the US Children’s Online Privacy Protection Act (COPPA) (15 U.S.C. §§ 6501–6506) or similar provisions that exist in Australia, Canada, Japan, Korea, Turkey and New Zealand. We are also currently developing a worldwide certification scheme that would cover all relevant requirements in all jurisdictions. Visit our international certification scheme website http://www.accscheme.com for more information about our plans.

Do you provide age check services?

No. We certify the providers and users of age check services against the appropriate standards. We are independent of the age check services industry and provide regulators, service users, relying parties and the public with confidence and assurance that the age check systems and procedure are applied diligently and work well to protect children.

We do not recommend any particular provider or methodology for age checking, there are many different approaches that are adopted.

Do you certify identity verification services?

No. We only certify services and relying parties that have a need to answer the question: Is this person a certain age? Some age check services provide much broader customer identification services, which are outside of the scope of our certification scheme. These are sometimes known as ‘know your customer’ or KYC services. We can only certify the age verification element of their service.

How long does initial certification take?

This depends upon on your state of readiness. We aim to complete certification within three months, but this can be delayed if you are not ready. If you are unsure about your state of readiness, then we recommend you ask us to undertake a pre-application assessment, which will provide you with a gap analysis of areas that you may need to do further work on to prepare for a certification audit.

Typically, a certification audit will take two auditors two days to complete. Additional audits may be needed at your data processing centres or ID issuing centres depending on the nature of your age check services.

What are the aspects of certification?

The process of certification is in four stages:

  • Application for Certification – we receive an application for one or more areas of certification, which could lead to pre-assessment, initial audit, compliance sweeps and evidence gathering – you can apply online at http://www.accscheme.co.uk/apply
  • Certification Decision – we reach a point where a decision can be made and, for a successful applicant a ‘Certificate of Conformity’ can be issued against the relevant standard or aspects of the standard identified in the certificate
  • Certification Monitoring – we undertake monitoring of activity based on a pre-arranged random sampling programme from a menu of monitoring options tailored specifically to your needs
  • Recertification – after a defined period, we undertake a recertification process through audits

What happens during the certification process?

We start the certification by understanding your business and your certification needs. The initial application form provides you with an opportunity to explain your business, but we will also speak with you to understand your needs further. We also need to gain an understanding of your state of readiness to gain certification, which means understanding what you have done so far. We cannot provide you with consultancy advice about how to get ready, but we can provide you with a pre-application assessment and gap analysis which may help you to prepare for your audit.

We must audit all your systems and processes that are covered by the applicable standard. You should note that, this may include locations, data centres or places where you handle aspects of your age checking procedures where they are, even if they are overseas. This may not be necessary where your data centres are merely processing or storing your data and they have the appropriate international certifications for data processing. Our auditors must be satisfied that your approach meets the requirements of the applicable standard through a review of objective evidence of conformity.

Once you have demonstrated all the appropriate evidence, our auditors will submit a report for final review and certification decision to be made. The final review and certification decision is made by somebody other than the auditors but is based upon their report. If the certification decision is positive, you will be issued with a ‘Certificate of Conformity’.

What is a compliance sweep and when might it be required?

A compliance sweep is a review across your estate of outlets or domains of the levels of compliance. It is only applicable for applications by Relying Parties and examines your levels of compliance in challenging for and checking the age attributes of customers in accordance with your age check policies. It will also review your methodology for creating an expectation of challenge for age checks and your approach to systems, training, records and internal audit.

What will we receive if we are certified?

Once certified, the applicant will receive a ‘Certificate of Conformity’ against the relevant standard or area of certification. They will also be listed on our public register of certified age check providers. The ‘Certificate of Conformity’ can be used as earned recognition by law enforcement agencies, such as the Gambling Commission, BBFC, Trading Standards or Licensing Authorities that your service meets the requirements of the relevant standard or area of certification.

You also receive a certification mark and certification number that you can use to publicise your certification on your own website, marketing and promotional materials.

What happens if we do not meet the requirements?

A ‘Certificate of Conformity’ can only be issued once we are satisfied that you meet all the requirements under the relevant standard or area of certification.

What happens if certification is suspended, withdrawn or terminated?

We aim to work with you to improve your systems and processes to avoid the suspension, withdrawal or termination of your certification. However, we must retain confidence that you are meeting the requirements of the scheme. For persistent or serious non-compliance, it may be necessary for us to suspend, withdraw or terminate your certification. You will be given a fair opportunity to respond to our concerns and implement improvements.

If your certification is suspended, withdrawn or terminated we will issue a ‘certification bulletin’ to law enforcement agencies. In some cases, it is a legal requirement for us to notify law enforcement of the withdrawal of certification. A bulletin from us does not necessarily result in action or sanctions being taken by law enforcement agencies, but it would be likely to attract their attention.

How do we know that the Age Check Certification Scheme is robust and fair?

Our certification services are carried out in accordance with the provisions of ISO 17065:2012. It should be noted that, at present, none of the standards in place for age verification are eligible for UKAS accreditation under ISO 17065:2012, but it is hoped that in due course they will be. Our auditors are all fully qualified trading standards professionals who are bound by the code of professional conduct of the Chartered Trading Standards Institute. Our certification processes are required by ISO 17065:2012 to be independent, competent and consistent. Our quality management system and latest audit technology ensure that our scheme is robust and fair.

What is earned recognition?

Earned recognition is a process recognised in the Regulator’s Code under the terms of the Legislative and Regulatory Reform Act 2006. The relationship between regulated businesses, certification schemes and regulators are described below:

Earned Recognition Table

The principle is based on the focus of attention of self-regulatory certification schemes being on broadly compliant and striving to be compliant regulated businesses; whereas the focus of attention of regulators is on non-compliant or uncooperative regulated businesses.

The withdrawal or lack of certification will lead to attracting greater attention from regulators.

What is certification monitoring?

Certification monitoring takes place during your term of certification. The type and frequency of monitoring differs depending upon the type of age check activities that you undertake from a menu of monitoring options. The level of monitoring is designed to maintain the trust and confidence of regulators, relying parties, individuals and stakeholders that your approach is consistent and monitored.

Monitoring activities take place in parallel and at the same time as your age check activities based on a randomised sampling process. The methodology for sampling is agreed with the applicant prior to the certification decision being made. Monitoring does not hinder or replace your age check decisions. As a part of the requirements for data minimisation, you are not required to keep evidence of age check records for a future audit; instead, our monitoring sampling takes place at the time of your own age check decision.

Submitting to monitoring in accordance with the monitoring frequency is a condition of certification and a failure to cooperate with monitoring will result in withdrawal of certification.

What is the menu of monitoring options?

There are multiple means of monitoring that your systems and procedures are working in practice. As a part of the initial audit, we will agree with you the types of monitoring that are appropriate to your model of age check practices. Not all of the types of monitoring will be appropriate.

The monitoring menu includes randomly:

  • Conducting a test purchase using an 18/19-year-old mystery shopper
  • Carrying out a visit to the site or domain to review your age check warning notices
  • Selecting a sample of an age check stage in your system and comparing that against your model system for that stage
  • Reviewing CCTV footage of a sample of transactions or entries to your site (for age restricted threshold offences)
  • Reviewing the training record for a particular member of staff
  • Reviewing the refusals or age check challenge records for a sample of transactions
  • Asking you to submit a photograph or screenshot of a part of your age check system
  • Selecting a sample of the primary credentials used for a Proof-of-Age ID Card Provider to determine card eligibility
  • Reviewing the verification steps taken before an age eligibility decision is made

Am I required to keep the records of individual’s identity for audit purposes?

No. We do not require you to keep records of an individual’s identity for the purposes of any future audit. Instead, on a randomised sampling basis, a copy of the age check attributes you have used to make an age check decision including any primary credentials, metadata, verifiers or social proofing just for the selected sample is reviewed by us at the time and a notification of conformity or non-conformity is issued to you within 7 days. A selection for certification monitoring does not prevent, hinder or delay you making your own age check decision, although we would expect you to correct any non-conformances identified.

How do we protect the privacy of the customer if you are reviewing their age eligibility?

We have no interest in the identify of your customer, what we do is verify that you have the appropriate systems in place to establish the age eligibility of your customer. In most cases, therefore, it is not necessary for us to know the identity of the customer and we do not collect or keep that data. In the case of primary ID providers, however, it may be necessary for us to determine the primary credentials that have been used to verify the age eligibility of the ID applicant. We only view this data, we do not collect or keep it.

We protect the privacy of individuals by using a distributed sampling model that means only a small aspect of the customer journey is reviewed, with different aspects being reviewed for different customers. We do not keep the data that is reviewed and the location that it is reviewed has high level end-to-end encryption, but even if this were to be compromised, there would be insufficient data to be able to recreate the identity of an individual in any event.

How is the monitoring frequency determined?

The frequency of certification monitoring is based on several factors:

  • The number of age checks that you undertake
  • The number of outlets or domains that you operate from
  • If your age check decisions are automated or involve individual human judgements to be made
  • The vectors of trust that you have adopted for age checking
  • The type of age check business that you are (Proof-of-Age ID Provider; Age Check Provider; Age Check Exchange Provider; or Relying Party)
  • The types of monitoring that have been selected from the monitoring menu
  • Any regulatory requirements or considerations

In addition, for persistent non-conformance, you may be subject to accelerated monitoring frequency.

We agree with you the default monitoring frequency that is applicable to your terms of certification. The following are only typical examples.

Monitoring Frequencies Table

What happens during certification monitoring?

For all situations except monitoring in physical outlets by relying parties, certification monitoring takes the form of sharing the basis and grounds for the age check decision for the randomly selected sample electronically with our certification team at the same time as you make the age check decision through a secure document exchange. It is then reviewed by our team and a notification of conformance or non-conformance is issued within 7 days. This does not prevent, hinder or delay you making your own age check decision. Once reviewed, the documents are permanently deleted from the exchange. We do not download or keep the evidence of age checks. In addition, monitoring can include randomised screenshots of your age check practices (without any personal data shown) demonstrating compliance, visits to your domain by our certification officers.

In physical outlets for relying parties (i.e. ID checks in retail premises) our certification monitoring takes the form of sending a person aged 18 or 19 in to the premises to carry out a test purchase. The frequency of test purchases is determined based on the monitoring frequency for age checks completed per outlet. Therefore, the bigger or busier the outlet, the more frequent the test purchasing will need to be. Following a test purchase, a notification of conformance or non-conformance is issued within 7 days. In addition, monitoring can include randomised checks of your systems and procedures, your records or your CCTV footage of transactions/entry to your premises.

You will need to have a method for recording when age checks are taking place, such as having an electronic point of sale system with an age verification module and reporting function. We will verify the anticipated level of age checks you will undertake prior to the certification decision being made and we will determine the method of random sampling in partnership with you.

How is the random sample selected?

The random sample is selected automatically immediately after you make your age check decision. You will not know in advance which age check decision will be selected for sample. We agree the process for setting up the random sample on your systems as a part of the initial certification. It is a simple piece of code that takes a snapshot of the decision in the format that you or your systems see it and the age attributes that you rely upon.

It is then automatically placed in a secure location where we can access it. The secure location is end-to-end encrypted. The data is held there for seven days after which it is automatically purged and permanently deleted. We do not need to be granted any access to your systems or any user permissions. You retain full control and ownership of all your data.

What is accelerated monitoring frequency?

We will implement accelerated monitoring frequency for persistent non-conformances. The use of accelerated monitoring frequency is a step short of withdrawal of certification. It can be used if we have concerns about standards of compliance. It could be used at a specific outlet or on a specific domain.

We may be asked, or directed, by law enforcement agencies to implement accelerated monitoring frequency where non-compliance with statutory regulations has been identified.

Can you do test purchasing using children under 18?

We can only do this under the authority and supervision of your regulator if they instruct us to do so. In some cases, it is an offence for a young person to attempt to access an age restricted product (such as alcohol or gambling) making test purchasing (other than under the authority of the regulator) illegal. In addition, an attempt by us to procure access to an age restricted product by making a false statement (such as using an under 18 to lie about their age when accessing a website) could be an offence, especially if this risked causing loss to the site operator (such as a loss of certification for instance). It is also illegal for us to gain unauthorised access to your systems by, for instance, using an under 18-year-old to circumvent your procedures to gain access to material or services that they are not authorised to access.

For all these reasons, we do not undertake test purchasing using children under the relevant age eligibility – that is properly a role for regulators. We will, however, help regulators to do so, should they wish to.

Most regulators do not require you to undertake test purchasing using under age children. The Gambling Commission, for instance, are content that test purchasers aged 18 or 19 are suitable for testing whether you are appropriately challenging for ID.

What are vectors of trust?

Vectors of trust are explained in PAS 1296:2018. They are a method of communicating the level of reliability of age authentication. The higher the vector of trust, the higher the level of confidence in the reliability of age authentication. For relying parties, we require you to only accept higher or medium vectors of trust. You are not permitted to accept lower vectors of trust. If you accept medium vectors of trust, then you will be subjected to a higher level of certification monitoring.

Do we need to provide the age and identification attributes for the age check decision?

You do not necessarily need to provide the age and identification attributes together for certification monitoring. The certified age check process that you operate may not provide for identification attributes to be held together with the age attributes, particularly when dealing with pseudonymized data. In some types of activity, the relying party may be making an age-related eligibility check without access to the identity attributes (other than age) of the individual.

What is recertification?

The process of recertification occurs towards the end of your certification period. It will involve a formal review of your certification, audit and a decision on whether to allow continued certification.

How long is the certification period?

The length of your certification period is determined by several factors:

  • Whether you reach your number of age checks that are permitted within certification (called the ‘age check cap’)
  • The number of outlets or domains that you operate from
  • If your age check decisions are automated or involve individual human judgements to be made
  • The type of age check business that you are (Proof-of-Age ID Provider; Age Check Provider; Age Check Exchange Provider; or Relying Party)
  • Any regulatory requirements or considerations – for instance, the US COPPA regulations require annual recertification

Your certification period will not last for more than two years. Broadly speaking the bigger you are, or the more age checks you undertake, the more frequent the need for recertification would be. We agree with you the default recertification parameters that are applicable to your terms of certification.

What is the Proof-of-Age Standards Scheme?

The PASS card scheme is operated by a Community Interest Company providing accreditation to suppliers of Proof-of-Age Cards in the UK. The scheme is supported by the UK Home Office, police, law enforcement and a wide range of trade bodies. To obtain accreditation from the PASS Board, you will need to obtain initial certification against the PASS scheme standards from us first. We are appointed by the PASS Board to undertake audits, monitoring and recertification, but it is the PASS Board that makes the ultimate decision on accreditation of PASS card issuers. Currently, the PASS scheme is only applicable to issuers of physical ID cards, not issuers of electronic tokens or app-based ID’s for use by individuals.

To apply to become a PASS accredited card issuer, applicants will need to apply directly to the PASS Scheme (www.pass-scheme.org.uk), but we can assist with pre-audit checks if you want to understand what you will need to do to achieve accreditation by PASS. We then undertake the Monitoring audits on behalf of the PASS Board.

What is PAS 1296:2018?

PAS 1296:2018 is a Code of Practice for Online Age Verification service providers developed by the British Standards Institute and the Digital Policy Alliance. The PAS – a Publicly Available Specification – is intended to assist providers of age restricted products and services online (such as gambling, adult content, goods or services) with a means to adopt and demonstrate best practice and compliance.

As PAS 1296:2018 is a code of practice, the principal auxiliary verb is “should”. To present an auditable standard for claims of conformity, “should” is transposed to “shall” where relevant to the type of age check business as the applicant.

Claims of conformity against PAS 1296:2018 should be verified by an independent third party (called ‘other party’ in the PAS) certification scheme. Currently PAS 1296:2018 is not eligible for UKAS accreditation under ISO 17065:2012, but our systems and processes for certification are all set up in accordance with these provisions.

The age check businesses are assessed against the PAS 1296:2018 standards by our team of qualified auditors to ensure that they operate to the highest standards. A certificate of conformity issued by us can be used to demonstrate earned recognition for regulators, such as the Gambling Commission, British Board of Film Classification or local licensing or trading standards officials.

What is COPPA?

The Children’s Online Privacy Protection Act is part of the US Code (15 U.S.C. §§ 6501–6506) which prohibits unfair or deceptive acts or practices in connection with the collection, use, and/or disclosure of personal information from and about children on the Internet. It imposes age verification requirements which are overseen by the US Federal Trade Commission through ‘safe harbor’ self-regulatory regimes.

You should note that compliance with COPPA is not sufficient to demonstrate compliance with Article 8 of the EU’s General Data Protection Regulation. We are currently in the process of attempting to develop worldwide certification, but current constraints in different jurisdictions (particularly the US) make this challenging.

What is GDPR?

GDPR is the European Union’s General Data Protection Regulation (EU 2016:679). Article 8 places constraints on operators of social media services, placing age restrictions at a minimum of 13- although member states can opt for higher levels up to 16. The GDPR does not expressly require age verification, although by Article 29, it is impossible to see how firms can comply with the requirements of GDPR without age verification processes being in place.

The whole of the GDPR is relevant to the age verification industry and to certification. In particular, the requirements relating to data privacy, data minimisation and the principles of consent and control of data by individuals. The GDPR requirements are reflected in the scheme rules for the Age Check Certification Scheme.

Article 43 of GDPR provides an option for the European Data Protection Board and, in the UK, the Information Commissioners’ Office to accredit certification schemes. These will be governed, like our scheme, by ISO 17065:2012. At present, the data protection authorities are not ready for accreditation, but as they become ready, we intend that the Age Check Certification Scheme will be accredited under GDPR.

How do we know that you are impartial?

The Age Check Certification Scheme does not provide age verification or proof-of-age services and we are not connected to any such providers. Our parent company, social enterprise Under Age Sales Ltd is appointed as the independent and impartial auditor for the UK Home Office-endorsed Proof-of-Age Standards Scheme (PASS). Our impartiality is assured by an Impartiality Committee to provide independent review and oversight of quality management certification activities. The role of this Committee is to review our certification activities and verify that they are performed impartially without undue influences that might affect the impartiality of services offered.

What does the Impartiality Committee do?

The main responsibilities of the Impartiality Committee are:

  • To assist with the development of policies relating to the impartiality of our certification services
  • To periodically review the impartiality of our certification processes.
  • To advise on matters affecting confidence in certification, including openness and public perception
  • To prevent commercial or other considerations from affecting the objective provision of certification services
  • To ensure that the actions of the committee itself do not present any risks to impartiality

How do we know that your auditors are competent?

We invest in our people to make them the very best at what they do. We believe in continuous personal and professional development of both our staff and our contractors.

Our team consists of fully qualified trading standards professionals and audit professionals. We are bound by the code of professional conduct of the Chartered Trading Standards Institute. Our team have substantial experience of age verification techniques, policies and procedures in multiple industries. In addition, we have specialist technical advisors to deal with some of the more complex algorithms or programming that is utilised in age verification processes if required.

How do we know that your decisions will be consistent between us and our competitors?

We operate quality control measures to guarantee a consistency of approach. We have a three-stage complaints and appeals process with clear routes for applicants and others to challenge decisions. We manage our audits using the latest audit tracking technology, with audit reports, non-conformances and required actions shared instantly and electronically.

We have a formal certification complaints and appeals process, which is overseen by our Certification Panel. Should you disagree with our decision you can ask us to review it. If you still disagree with our decision, you can ask us to refer your application for certification to our Certification Panel.

How do we know that our proprietary information will be kept confidential?

We are bound by the code of professional conduct of the Chartered Trading Standards Institute, which includes provisions about maintaining the confidentiality of client information. We are also set up in accordance with the provisions of ISO 17065:2012, which require us to have confidentiality provisions in our terms of business and in our systems and processes. We maintain secure data systems and protect them from unauthorised access.

How do we know that you will keep our client/user data confidential?

We rarely, if ever, need to remove your client/user data from your possession or control. As a Certification Scheme, we are not interested in the identity of your individual clients, but on the systems and processes that you adopt to age check them. In conducting our audits, our auditors anonymise data about individual clients. Nevertheless, if it is necessary to hold client/user data – such as if we are dealing with a complaint from one of your clients/users – then we have all the appropriate data protection processes in place and we are registered with the Information Commissioner Office in the UK.

Who decides what the certification rules are?

The Rules are overseen by an independent Certification Panel, consisting of experts and specialists in the age verification and identity management field. The Certification Panel consider the applicable laws and regulations, industry needs, privacy and consumer concerns, regulatory constraints and practical application to determine the rules that are applied.

The Panel provide guidance to our certification officers on how to interpret the rules. All the guidance that they have issued will be shown on our website. Ultimately, the Panel will determine in any appeal, what the rules mean.

What if we are not content with the Certification Service we receive?

We hope that you are never dissatisfied with our service, but we view complaints as an opportunity to learn and improve for the future – as well as a chance to put things right for the person or organisation involved. Should you need to complain, we want you to know that we will take your dissatisfaction seriously, make it easy for you to let us know about it, and keep you updated as it goes through our clear, documented process and procedure which is available on our website.

How much will it cost to gain certification?

This depends upon your state of readiness, the complexity of your business operations and the area of certification that you are applying for. Our audit fees are charged on a per day per auditor basis. There is then a final review and certification fee (to issue the ‘Certificate of Conformity’). You will also be expected to meet the reasonable travel and accommodation expenses of our auditors. Once you are certified, we need to carry out certification Monitoring to ensure that ongoing certification is justified and after two years, you will need to apply for recertification.

Costs will be higher for operators from multiple premises, locations or domains. In addition, for relying party certifications, a cost of a compliance sweep will need to be considered.

When you apply for certification, we will talk to you about your specific certification needs and we will be able to provide you with a quotation so that you know in advance what the costs of certification are likely to be. You will pay 40% of your certification fee up front and 60% before the certification decision is made.

How much does certification monitoring cost?

You will be charged a fee for each certification monitoring check. These vary depending upon the type of business and monitoring check being undertaken. We will agree the monitoring methodology, frequency and fees with you in advance of a certification decision being made.

How much does recertification cost?

This will depend upon the level of non-conformances that have been identified during your certification period, but typically, you should budget for roughly half the cost of your initial certification.

How do we apply for certification?

You can apply for certification here. You will not be charged a fee for your application until after we have conducted a telephone interview with you to understand your certification needs. Thereafter, if you want to proceed, you will pay 40% of your certification fee up front and 60% before the certification decision is made.

Apply Here Icon