ISO 22458:2022

INTERNATIONAL ISO
STANDARD 22458
First edition
2022-04
Consumer vulnerability —
Requirements and guidelines for
the design and delivery of inclusive
service
Consommateurs en situation de vulnérabilité — Exigences et lignes
directrices pour la conception et la fourniture de services inclusifs
Reference number
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Organizational commitment, principles and strategy . 3
4.1 Commitment . 3
4.2 Principles . 3
4.3 Strategy . 4
4.3.1 Outcomes focused . 4
4.3.2 Responsibility . 4
4.3.3 Proactive approach . 5
4.3.4 Policies . 5
5 Inclusive design . . 6
5.1 General . 6
5.2 Touchpoints . 6
5.3 Understanding consumer vulnerability . 6
5.3.1 Consumer insight methodology . 6
5.3.2 Research and mapping . 7
5.3.3 Stakeholder partnerships . 7
5.3.4 Consumer engagement . 7
5.4 Consumer contact channels . 8
5.4.1 Choice . 8
5.4.2 Ease of use . 8
5.4.3 Awareness . 8
5.4.4 Telephone services . 8
5.4.5 Online services . 9
5.5 Consumer information . 9
5.5.1 General . 9
5.5.2 Presentation of key information . 9
5.6 Sales and contracts . 10
5.6.1 Sales . 10
5.6.2 Contract terms . 11
5.7 Payments and billing . 11
5.7.1 Choice and flexibility of payments . 11
5.7.2 Acting responsibly to non-payment . 11
5.7.3 Billing .12
5.8 Complaints and disputes .12
6 Resources to support service delivery .12
6.1 General .12
6.2 Frontline staff . 13
6.2.1 Resources .13
6.2.2 Empowerment .13
6.2.3 Training in consumer vulnerability . 13
6.3 Consumer-facing online systems . 14
6.4 Management of consumer vulnerability data . 15
6.4.1 General .15
6.4.2 Data policy . 15
6.4.3 Privacy and security .15
6.4.4 Knowledge and consent . 16
6.4.5 Internal data sharing . 16
6.4.6 External data sharing . 17
iii
6.5 Dealing with third-party representatives . 17
6.6 Interruptions to service . 18
6.6.1 Interruption due to external events . 18
6.6.2 Interruption to essential services . 18
7 Identifying consumer vulnerability .18
7.1 General . 18
7.2 Risk factors . 19
7.3 Signs of vulnerability . 20
7.3.1 General .20
7.3.2 Frontline staff observation . 20
7.3.3 Automated flags . 21
7.4 Encouraging sharing of vulnerability information . 22
7.4.1 General .22
7.4.2 Frontline staff . 22
7.4.3 Online and paper forms . 23
7.5 Recording information about vulnerability . 23
7.5.1 General .23
7.5.2 Creating customer records. 23
7.5.3 Referring to customer records . 24
7.5.4 Updating customer records . 24
8 Responding to consumer vulnerability .24
8.1 General . 24
8.2 Taking action to improve outcomes for individuals . 24
8.2.1 Understanding risks and needs . 24
8.2.2 Understanding the individual’s relationship with the organization.25
8.2.3 Response options . 25
8.2.4 Shared decision making . 27
8.2.5 Directing to specialist information, advice and support . 27
8.3 Taking action to improve outcomes for others . 27
9 Monitoring, evaluation and improvement .28
9.1 Monitoring .28
9.2 Evaluation .28
9.3 Continual improvement .29
Annex A (informative) Guidance for organizations on how to implement ISO 22458 .30
Bibliography .34
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Project Committee ISO/PC 311, Vulnerable consumers.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
0.1 What is consumer vulnerability?
Vulnerability can affect anyone at any time. All consumers are different, with a wide range of needs,
personal characteristics, health, abilities, and skills. These factors, plus the impact of life events and
external conditions, such as organizational behaviour, can place consumers in a vulnerable situation,
increasing the risk of them experiencing harm when dealing with organizations. Table 1 contains
further information about these risk factors.
Consumer vulnerability can be permanent, temporary or sporadic, long or short term. A consumer’s
needs and abilities can change over time, particularly if the consumer is faced with an unexpected
change of circumstance or a particularly urgent or complex situation.
0.2 Impact of vulnerability on individuals
It is important to recognize that an organization’s systems, policies and processes can reduce or
exacerbate consumer vulnerability and the risk of harm occurring. The presence of one or more
vulnerability risk factors does not automatically mean that an individual is vulnerable. However, the
presence of one or more of these factors, combined with organizational poor practice, can contribute to
consumer vulnerability and lead to harm.
Consumers in vulnerable situations can find it difficult to:
— obtain, assimilate or retain information;
— access or choose suitable services;
— switch providers or tariffs;
— make decisions in their best interests;
— understand their rights;
— pursue complaints and obtain redress;
— pay for services.
Therefore, consumers in vulnerable situations are at a greater risk of experiencing negative outcomes
when interacting with organizations. For example, financial loss, being unable to access services,
receiving services unsuitable for needs, stress, inconvenience, exploitation or other harm.
Organizations that understand consumer vulnerability, and provide an inclusive and flexible approach,
are better able to meet a diverse range of consumer needs, making it easier for consumers to access
services and information, make good decisions and achieve positive outcomes.
0.3 Organizational benefits of adopting an inclusive service approach
This document specifies requirements and gives guidance for organizations on how to provide an
inclusive service at all stages of service delivery, helping them to identify and support consumers in
vulnerable situations. It is recognized that organizations will need to develop a tailored approach to
the development and implementation of an inclusive service (see Annex A), dependent on the nature of
their business and level of existing provision.
Adopting an inclusive service approach offers many potential benefits for organizations:
— increased customer base, by making services accessible to a greater number of individuals;
— improved service provision for all customers irrespective of their vulnerability status;
— improvement in the quality of consumer interactions, thereby minimizing the risk of harm;
vi
— reduced likelihood of problems and complaints, as a result of operating effectively and getting
things right first time, leading to a reduced cost of complaints handling;
— improved customer satisfaction, building consumer trust and enhancing the organization’s
reputation;
— ability to demonstrate ethical behaviour and social responsibility;
— strengthened staff loyalty and engagement by ensuring that they feel valued, supported and
confident in handling difficult situations;
— help to achieve compliance with legal obligations related to fairness and equality, by following good
practice in the fair treatment of consumers in vulnerable situations.
vii
INTERNATIONAL STANDARD ISO 22458:2022(E)
Consumer vulnerability — Requirements and guidelines
for the design and delivery of inclusive service
1 Scope
This document specifies requirements and guidelines for organizations on how to design and deliver
fair, flexible and inclusive services that will increase positive outcomes for consumers in vulnerable
situations and minimize the risk of consumer harm. It covers organizational culture and strategy,
inclusive design and how to identify and respond to consumer vulnerability.
It is applicable to any organization that provides services, including service-related products, to
consumers, regardless of location or size.
NOTE 1 The term “services” refers to any service provided to consumers online or offline. Service sectors can
include, for example, healthcare, leisure and entertainment, retail, energy, communication, financial services,
travel and tourism, digital services, professions and trades.
NOTE 2 Service providers can include private or public organizations, charities, government agencies, local
authorities of any size.
NOTE 3 It can be fair and reasonable, in some cases, for an inclusive service provider to limit access for
individuals outside of the organization’s target audience, where the main objective is to protect consumers and
prevent harm. For example, preventing children from accessing online gambling sites.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
accessible
product, service, environment or facility that is usable by the greatest number of people with a diverse
range of capabilities
3.2
artificial intelligence
engineered system with capability to acquire, process and apply knowledge and skills
[15]
[SOURCE: ISO/IEC TR 24028:2020, 3.4 — modified, deleted Note 1 to entry and changed “capability
of an engineered system” to “engineered system with capability”.]
3.3
consumer
individual member of the general public who is the end user of services or service-related products
Note 1 to entry: For the purposes of this document, use of the term “consumer” includes a range of potential and
existing service users, e.g.
— those thinking about using or purchasing a service;
— those who have purchased a one-off service;
— those in a short- or long-term service contract;
— end users of a service paying directly for the service;
— end users of a service not paying for the service.
Note 2 to entry: The end user might not be the customer who purchased the service (e.g. persons having a meal at
a restaurant that is paid for either by one person in this group or by a different person).
[16]
[SOURCE: ISO/IEC Guide 76:2020, 3.5 — modified, deleted “(e.g. a smart speaker)”.]
3.4
consumer harm
consumer detriment
instance of a consumer (3.3) suffering or experiencing negative outcomes, as a result of their dealings
with an organization
Note 1 to entry: Harm is often caused by organizations unintentionally.
Note 2 to entry: Harm can be caused by an organization treating a consumer unfairly, providing poor service,
giving unsuitable advice, using inaccessible or inflexible systems and/or making it difficult to access complaints
handling systems.
Note 3 to entry: Harm includes, for example, financial loss, physical harm, loss of dignity, inconvenience, stress,
being denied a service available to others and/or paying for a service that is unsuitable or does not meet
individual needs.
3.5
consumer vulnerability
state in which an individual can be placed at risk of harm during their interaction with a service
provider due to the presence of personal, situational and market environment factors
[16]
[SOURCE: ISO/IEC Guide 76:2020, 3.14 — modified, changed “his/her” for “their”, changed
“detriment” to “harm”.]
3.6
essential service
service that is vital to consumer health and wellbeing, where the risk of harm is particularly high if
consumers (3.3) are unable to access it
Note 1 to entry: Essential services can vary depending on geographical area, current circumstances and the
needs of the community. For example, during the COVID-19 pandemic, access to online grocery deliveries became
an essential service for many people who were confined to their homes.
Note 2 to entry: Essential services can include, for example, energy, water, healthcare and communications.
3.7
frontline staff
staff responsible for interacting with consumers (3.3) in person or remotely via telephone, email,
internet or any other form of interaction in the nature of conversation or discussion
Note 1 to entry: Frontline staff can include, for example, customer service advisors, sales advisors, tradespeople.
Note 2 to entry: Frontline staff can be permanent or temporary employees or contracted third parties.
3.8
inclusive service
design of a service, service-related product or service environment that enables access and use by as
many individuals as possible, regardless of their personal circumstances
Note 1 to entry: It can be fair and reasonable, in some cases, for an inclusive service provider to limit access for
individuals outside of the organization’s target audience, where the main objective is to protect consumers and
prevent harm. For example, preventing children from accessing online gambling sites.
3.9
risk factor
characteristic or circumstance which can contribute to, or cause, consumer vulnerability (3.5)
3.10
service-related product
intangible product, linked to service provision, delivered by a service organization
Note 1 to entry: Examples of service-related products include mortgages and insurance policies, energy tariffs,
telephone, mobile or internet plans.
3.11
touchpoint
place at which consumers (3.3) contact or interact with an organization to exchange information, access
services or make transactions
Note 1 to entry: Touchpoints can include, for example, service environments such as branches, shops, hotels, or
methods of communication such as telephone, email, websites or apps.
3.12
vulnerable situation
temporary, sporadic or permanent circumstance which places a consumer (3.3) at risk of harm or
disadvantage, if an organization does not act with appropriate levels of care
4 Organizational commitment, principles and strategy
4.1 Commitment
The organization shall demonstrate a clear commitment to improving outcomes for consumers in
vulnerable situations and minimizing the risk of consumer harm by following the principles detailed
in 4.2. This commitment shall be led by top management and embedded across the organization through
ongoing engagement and communication with staff.
4.2 Principles
The organization’s top management shall demonstrate a clear commitment to the following principles
at all stages of service design and delivery.
a) Accountability – Embed a culture of accountability by taking responsibility for organizational
actions and resulting consumer outcomes.
b) Empathy – Treat consumers in vulnerable situations with kindness and without judgement or
assumption.
c) Empowerment – Provide consumers with the tools they need to make informed decisions about
services. Provide staff with the tools they need to support consumers in decision making and to
facilitate quick and effective resolution of problems.
d) Fairness – Treat all consumers fairly, and do not discriminate against or seek to mislead or exploit
any particular group(s) of consumers.
e) Flexibility – Adopt a flexible approach to service provision, which can be adapted to suit the
specific needs and abilities of an individual in a vulnerable situation.
f) Inclusivity – Design and deliver services so that they are accessible to, and usable by, a diverse
range of individuals, including those who are vulnerable.
g) Innovation – Be creative in using new technology and processes to identify and support consumers
in vulnerable situations. Recognize and adapt to emerging marketplace issues and new concepts
in consumer protection, while ensuring that use of new technology and processes does not risk
unintended exclusion of some consumers.
h) Privacy – Treat personal information respectfully and confidentially.
i) Transparency – Be clear and open about the intent to provide an inclusive service, the nature of
support available for consumers in vulnerable situations, details of policies, terms and conditions
and potential risks.
The organization’s top management shall ensure that these principles are clearly communicated to staff
at all levels within the organization to ensure that consumers in vulnerable situations are identified
and supported.
4.3 Strategy
4.3.1 Outcomes focused
The organization shall be outcomes-focused with the aim of achieving positive outcomes for consumers
in vulnerable situations.
NOTE For example, positive outcomes for consumers in vulnerable situations would be receiving fair and
flexible treatment, being supported through difficulties, benefitting from risks being minimized and harm being
prevented.
The organization shall ensure that:
a) consumers in vulnerable situations can be confident that they will receive fair treatment from the
organization and experience outcomes as good as those for other consumers;
b) services are designed inclusively to meet the requirements of consumers with a wide range of
needs and abilities and do not create or increase the risk of harm;
c) consumers are able to obtain, understand and make informed decisions based upon information
and support provided by the organization;
d) where consumers receive information, advice or support, this is suitable for their needs and takes
account of their personal circumstances related to vulnerability;
e) consumers do not face unreasonable barriers to accessing services, communicating with the
organization, switching products or price plans, submitting complaints and obtaining satisfactory
redress;
f) services do not unfairly disadvantage or penalize those in vulnerable situations, making their life
more difficult (e.g. through higher prices, financial penalties or inability to switch products or
plans).
4.3.2 Responsibility
The organization shall designate (a) specific member(s) of staff with overall responsibility for:
— advocacy and coordination of consumer vulnerability strategy across the organization;
— implementation of policies, processes and procedures related to inclusive service;
— identification and allocation of resources required for effective inclusive service;
— collection of data to better understand vulnerability risk factors in the existing customer base, and
those which could affect the target market, based on wider external research and datasets (see 5.3);
— staff awareness and training;
— performance monitoring and evaluation;
— reporting back to top management on significant complaints, systemic issues or trends identified,
with recommendations for improvement where appropriate.
The organization shall make all members of staff aware of the person(s) responsible, the role that they
perform and how to contact them.
4.3.3 Proactive approach
The organization shall proactively seek to understand, anticipate and meet the needs of consumers
in vulnerable situations (see 5.3) so that it can design and deliver inclusive services that prevent or
minimize harm, rather than responding retrospectively to consumers’ problems after they have
occurred.
The organization shall do this by:
— collecting and responding to data and insight about its customers;
— seeking and acting upon feedback from customers and staff;
— engaging effectively with relevant stakeholders.
NOTE Relevant stakeholders can include, for example, consumers with lived experience of vulnerability,
consumer organizations, professional associations, regulators and other organizations demonstrating a
commitment to delivering inclusive services.
4.3.4 Policies
The organization shall develop policies that explain the processes and procedures it will use to meet its
principles and goals. As a minimum, the policies should cover the following.
a) Consumer vulnerability – how it plans to design and deliver an inclusive service, including
whether a specialist internal vulnerability team is needed with rationale provided for decisions
made.
NOTE Annex A contains a checklist and step-by-step guidance for organizations on how to implement
this document, including how to conduct a gap analysis and create an action plan.
b) Data protection – how it will maintain privacy and security of personal information (see 6.4).
c) Third-party representatives – how frontline staff deal with third-party representatives (see 6.5).
d) Interruptions to essential services – where an organization considers its service to be essential
(see 3.6), how it deals with consumers in vulnerable situations affected by planned or unplanned
interruptions (see 6.6).
Processes and procedures should be flexible and easily adaptable so that they can respond to unforeseen
social or market changes that could impact consumers.
5 Inclusive design
5.1 General
As anyone can be vulnerable at any time, inclusive design is vital to help organizations plan for
vulnerability and to ensure that services, service-related products, processes and procedures reduce
barriers and problems, rather than create them. The organization shall design an inclusive service that:
a) is accessible to, and usable by, the greatest number of consumers possible;
b) involves consumers in service design and draws on research undertaken with specific groups of
consumers about their needs and experiences (see 5.3);
c) protects consumers in vulnerable situations by providing tools that allow individuals to control
their own access to services (e.g. gambling, credit) that have the potential to cause harm;
NOTE Tools include, for example, daily spend limits, the ability to block certain websites or prevent
payments to specific organizations.
d) does not unfairly penalize consumers in vulnerable situations (e.g. by imposing financial penalties,
higher costs or restricting ability to switch);
e) minimizes the risks of the organization’s actions, or omissions, creating or exacerbating harm to
consumers in vulnerable situations;
f) assesses the potential positive and negative impacts of a service on consumers in vulnerable
situations by understanding how vulnerability affects individuals (see 5.3) and listening to
feedback (see Clause 9).
5.2 Touchpoints
Inclusive design shall be considered at all stages of service delivery and at all touchpoints (as defined
in 3.10) where a consumer interacts with the organization.
NOTE The touchpoints depend on the nature and size of the organization. Examples of key touchpoints
include:
a) consumer contact channels (see 5.4);
b) consumer information (see 5.5);
c) sales and contracts (see 5.6);
d) payments and billing (see 5.7);
e) cancellation;
f) complaints and disputes (see 5.8);
g) service environment.
5.3 Understanding consumer vulnerability
5.3.1 Consumer insight methodology
Understanding the views and experiences of consumers in vulnerable situations is central to effective
inclusive design, helping to inform and improve the quality of service provision and minimize the risk
of consumers in vulnerable situations experiencing harm.
To gain valuable insight into consumer needs and experiences, the organization shall take proactive
steps to:
— understand the nature and scale of vulnerability characteristics present in their potential and
existing customer base;
— understand the impact of vulnerability and how this can affect consumer experience, needs and
outcomes.
Proactive steps can include:
a) research and mapping tools (see 5.3.2);
b) building stakeholder partnerships (see 5.3.3);
c) engagement with consumers who have lived experience of vulnerability (see 5.3.4);
d) monitoring and evaluating customer satisfaction, feedback and complaints [see 9.1 a)].
5.3.2 Research and mapping
The organization should conduct research and mapping to gain insight into the characteristics of its
potential and existing customer base.
NOTE For example, mapping can highlight demographics and social indicators that might be useful in
planning inclusive service provision, such as population numbers, age profiles, languages spoken, number of
people with internet access or mobile phones, or living in urban or rural communities. It can also identify those
who might be at risk due to external factors, such as natural disasters.
5.3.3 Stakeholder partnerships
Building successful partnerships with trusted stakeholders provides valuable insight that can help the
organization to:
— direct consumers in vulnerable situations to sources of specialist information, advice and support;
— inform content of vulnerability training programme (see 6.2.3);
— design inclusive services based on real experiences that meet real needs;
— better identify risks of harm and potential solutions.
The organization should engage with specialist organizations that represent vulnerable groups to help
understand risk factors and how certain vulnerabilities potentially affect consumer behaviour, needs
and experiences.
NOTE Specialist organizations can include those that represent people who are disabled, experiencing abuse
or living with dementia, terminal illness or debt.
5.3.4 Consumer engagement
The organization shall engage with consumers who have lived experience of vulnerability so that their
opinions and experiences can be taken into account at all stages of service design and delivery. This
should include conversations, testing and trials with individuals, or groups that represent individuals,
to:
— understand actual consumer experience and difficulties faced;
— explore the impact of service provision on consumers, including any unplanned or unintended
impacts on specific groups of consumers;
— help prioritize and develop effective approaches to meet the anticipated needs of consumers.
NOTE User testing can be particularly valuable in the design of bills, invoices, contracts, terms and
conditions, websites and contact centres.
5.4 Consumer contact channels
5.4.1 Choice
Different contact channels will suit different people at different times. The organization shall offer a
range of free, easy-to-access contact channels so that consumers can choose their preferred method
of communication for enquiries and complaints. The organization should ask individuals about their
preferences for communication and record their preferred format(s) for future communications.
NOTE Examples of contact channels can include telephone, letter, email, webchat, social media and face-to-
face.
5.4.2 Ease of use
The organization shall make communications easier for consumers in vulnerable situations by adopting
an inclusive design approach to ensure that all contact channels are accessible to, and usable by, the
greatest number of consumers possible.
5.4.3 Awareness
The organization shall make consumers aware of the various contact channels available at all relevant
touchpoints highlighting:
a) who to contact for what (e.g. enquiries, complaints, further disputes);
b) hours and days of operation, including afterhours emergency contact details, where applicable;
c) any costs associated with telephone calls, particularly where charges are above the standard rate;
d) any additional assistance available for communications and how to access it.
5.4.4 Telephone services
All telephone services shall be accessible to, and usable by, the greatest number of consumers possible.
Features which can improve accessibility of telephone services include:
a) making it simple to reach the right help, with the least number of choices or steps possible;
b) offering clear exit routes for individuals to leave automated systems at any time and speak to a real
person;
c) ensuring that automated voice systems ‘speak’ slowly and clearly to ensure that all consumers can
understand and act upon the information provided;
d) ensuring text services and voice systems allow enough time for delayed or slow response;
e) offering additional assistance for those who might experience difficulty in using standard systems.
NOTE 1 Examples of additional assistance i
...