Complaints and Appeals Policy


  • Complaints from any customer related to any product or service provided by GRC International PLC group of companies falls within the remit of this procedure. This procedure also addresses complaints from data subject(s) related to the processing of their personal data and appeals from data subjects on how complaints have been handled.
  • Due to the time differences between the geographical locations of the business it may be that a short period of time will pass before the complaint can be allocated and managed by the appropriate person. It may be that the appropriate person is based in a different time zone to the recipient of the complaint. Complaints may also enter the business not from the most logical point - so this also needs to be considered when logging a complaint.


  • Any member of staff from within GRCI or a subsidiary of GRCI receiving a complaint from any customer is responsible for reporting the complaint. The recipient of the complaint and the complaint owner can be the same person.
  • Recipients are responsible for ensuring that the complaint is logged and allocated to a complaint owner. Should there be uncertainty over who the complaint owner should be, then the recipient should refer to their line manager for clarification. Subsequently complaint owners are responsible for ensuring the complaint is satisfactorily resolved.
  • The Process & Accreditations team is responsible for overseeing the complaints process and ensuring that it is effective and being implemented.
  • The Chief Executive Officer is responsible for ensuring that employees have the necessary resources and training to deal with complaints effectively.


  • BS 8543:2015 (complaint handling in organisations) refers to a complaint as being any expression of dissatisfaction made to an organisation, related to its products, services, practices, staff or the handling of a complaint where a response or a resolution is explicably or implicitly expected. In cases of uncertainty, it should be taken and treated as a complaint and this procedure followed.
  • A complaint may also be a repetition or an addition to a previous issue or known problem that has an identified root cause, so a review of previously resolved cases in the continual improvement logging system for a potential resolution should be carried out, particularly in more complex cases.
  • The complaint-handling process has two levels of categorisation, these are defined as either; level one basic, or level two complex. The definitions of each resolution category are:
    • Basic - if upon analysis, a complaint can be resolved within 24 hours (or immediately), due to either experience of previous issues of a similar nature or from data within the knowledgebase, then it is classified as a level one category complaint and labelled as basic.
    • Complex - if upon analysis a complaint requires a longer time to resolve than the level one (basic) status allows then the complaint is categorised as a level two category complaint and labelled as “complex” - Complex issues differ from basic issues in that typically it may require input from multiple areas within the business, potentially requiring input from globally based resources to resolve, due to potential time differences. This means it is envisaged that up to 48 hours may be required to resolve.


  • On receipt of negative communication, the recipient is not to acknowledge or accept responsibility from the outset, but empathise with the position until at such time an in-depth assessment can be made as to whether it warrants progressing as a nonconformity, incident and/or information security incident, etc. Relevant information is collated, and the alleged situation/experience is investigated appropriately (sensitively, with an awareness of privacy issues, personal performance matters, etc.)
  • A complaint is received into the business, the recipient records the complaint details and the nature of the complaint into the Continual Improvement Log.
  • Recipient allocates the complaint to the appropriate complaint owner via the CI log and sends an email notification to the owner, if uncertain as to whom the owner should be, the recipient may take advice from within the business and/or their line manager or complaints of a similar nature from viewing closed complaints within the CI log.
  • The complaint owner receives the email notification that a complaint has been allocated to them to action. The complaint is analysed for appropriate category selection by the complaint owner.
  • There are two levels of categorisation for complaints, level 1 – a basic issue or level 2 – a complex issue (see above for category definitions).
  • The complaint owner acknowledges by email back to the complainant receipt of the complaint and that the issue is now being investigated and that a response will be communicated in due course and within 24 or 48 hours dependent on the classification. When sending an acknowledgment of the complaint to the complainant the complaint owner may use the acknowledgement template: QA-TPT-013.
  • The complaint owner carries out a thorough investigation into the complaint to obtain a satisfactory resolution.
  • Complaint owner will update the complainant if it becomes clear that the resolution requires further investigation or a recategorisation or more time in order to resolve.
  • Resolution is achieved, complainant is updated and asked if the resolution is satisfactory in order to close the complaint down.
  • If the complainant is satisfied with the resolution then the complaint can be closed, the CI log can then be updated, and the log entry closed. Should the complainant not be satisfied with the resolution from the complaint owner then the complaint owner may consider taking further action based on the dissatisfaction reason from the complainant; if the owner considers that further action is not feasible or logical to the business and that all reasonable efforts have been made with the resolution being offered then it should be deemed that the resolution is satisfactory and no further investigation is necessary, the owner should make a note in the CI log of the complainants response to the resolution for future reporting analysis.
  • Complaint Closed.

Post Reviews

  • The complaint log is reviewed on a fortnightly basis by the Process & Accreditation team to ensure compliance with this procedure is maintained.
  • Output data from the complaints log is analysed and reviewed on a regular basis at various review audiences such as input into the KPI report for the operational performance meeting(s).

Related information

  • Where a third party with whom the business has a professional relationship has its own complaints procedure, the relevant part of the business shall, where applicable, comply with their procedure whilst ensuring, wherever possible, that there is no deviation from following this procedure.
  • This complaint handling procedure shall be followed in circumstances where a candidate wishes to appeal an examination result. In these cases, we are reliant on the appeals processes operated by the respective examination bodies. Where required to defer to the appeals process of third parties this shall be explained to the candidate. Resolution time scales, in these specific cases, will depend on the responses received from the third party and as such may differ from the norm.
This website uses cookies. View our cookie policy
SAVE 10%