ISO 22458:2022

INTERNATIONAL ISO
STANDARD 22458
First edition
2022-04
Consumer vulnerability —
Requirements and guidelines for
the design and delivery of inclusive
service
Consommateurs en situation de vulnérabilité — Exigences et lignes
directrices pour la conception et la fourniture de services inclusifs
Reference number
ISO 22458:2022(E)
© ISO 2022

---------------------- Page: 1 ----------------------
ISO 22458:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO 2022 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 22458:2022(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Organizational commitment, principles and strategy . 3
4.1 Commitment . 3
4.2 Principles . 3
4.3 Strategy . 4
4.3.1 Outcomes focused . 4
4.3.2 Responsibility . 4
4.3.3 Proactive approach . 5
4.3.4 Policies . 5
5 Inclusive design . . 6
5.1 General . 6
5.2 Touchpoints . 6
5.3 Understanding consumer vulnerability . 6
5.3.1 Consumer insight methodology . 6
5.3.2 Research and mapping . 7
5.3.3 Stakeholder partnerships . 7
5.3.4 Consumer engagement . 7
5.4 Consumer contact channels . 8
5.4.1 Choice . 8
5.4.2 Ease of use . 8
5.4.3 Awareness . 8
5.4.4 Telephone services . 8
5.4.5 Online services . 9
5.5 Consumer information . 9
5.5.1 General . 9
5.5.2 Presentation of key information . 9
5.6 Sales and contracts . 10
5.6.1 Sales . 10
5.6.2 Contract terms . 11
5.7 Payments and billing . 11
5.7.1 Choice and flexibility of payments . 11
5.7.2 Acting responsibly to non-payment . 11
5.7.3 Billing .12
5.8 Complaints and disputes .12
6 Resources to support service delivery .12
6.1 General .12
6.2 Frontline staff . 13
6.2.1 Resources .13
6.2.2 Empowerment .13
6.2.3 Training in consumer vulnerability . 13
6.3 Consumer-facing online systems . 14
6.4 Management of consumer vulnerability data . 15
6.4.1 General .15
6.4.2 Data policy . 15
6.4.3 Privacy and security .15
6.4.4 Knowledge and consent . 16
6.4.5 Internal data sharing . 16
6.4.6 External data sharing . 17
iii
© ISO 2022 – All rights reserved

---------------------- Page: 3 ----------------------
ISO 22458:2022(E)
6.5 Dealing with third-party representatives . 17
6.6 Interruptions to service . 18
6.6.1 Interruption due to external events . 18
6.6.2 Interruption to essential services . 18
7 Identifying consumer vulnerability .18
7.1 General . 18
7.2 Risk factors . 19
7.3 Signs of vulnerability . 20
7.3.1 General .20
7.3.2 Frontline staff observation . 20
7.3.3 Automated flags . 21
7.4 Encouraging sharing of vulnerability information . 22
7.4.1 General .22
7.4.2 Frontline staff . 22
7.4.3 Online and paper forms . 23
7.5 Recording information about vulnerability . 23
7.5.1 General .23
7.5.2 Creating customer records. 23
7.5.3 Referring to customer records . 24
7.5.4 Updating customer records . 24
8 Responding to consumer vulnerability .24
8.1 General . 24
8.2 Taking action to improve outcomes for individuals . 24
8.2.1 Understanding risks and needs . 24
8.2.2 Understanding the individual’s relationship with the organization.25
8.2.3 Response options . 25
8.2.4 Shared decision making . 27
8.2.5 Directing to specialist information, advice and support . 27
8.3 Taking action to improve outcomes for others . 27
9 Monitoring, evaluation and improvement .28
9.1 Monitoring .28
9.2 Evaluation .28
9.3 Continual improvement .29
Annex A (informative) Guidance for organizations on how to implement ISO 22458 .30
Bibliography .34
iv
  © ISO 2022 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 22458:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Project Committee ISO/PC 311, Vulnerable consumers.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
© ISO 2022 – All rights reserved

---------------------- Page: 5 ----------------------
ISO 22458:2022(E)
Introduction
0.1 What is consumer vulnerability?
Vulnerability can affect anyone at any time. All consumers are different, with a wide range of needs,
personal characteristics, health, abilities, and skills. These factors, plus the impact of life events and
external conditions, such as organizational behaviour, can place consumers in a vulnerable situation,
increasing the risk of them experiencing harm when dealing with organizations. Table 1 contains
further information about these risk factors.
Consumer vulnerability can be permanent, temporary or sporadic, long or short term. A consumer’s
needs and abilities can change over time, particularly if the consumer is faced with an unexpected
change of circumstance or a particularly urgent or complex situation.
0.2 Impact of vulnerability on individuals
It is important to recognize that an organization’s systems, policies and processes can reduce or
exacerbate consumer vulnerability and the risk of harm occurring. The presence of one or more
vulnerability risk factors does not automatically mean that an individual is vulnerable. However, the
presence of one or more of these factors, combined with organizational poor practice, can contribute to
consumer vulnerability and lead to harm.
Consumers in vulnerable situations can find it difficult to:
— obtain, assimilate or retain information;
— access or choose suitable services;
— switch providers or tariffs;
— make decisions in their best interests;
— understand their rights;
— pursue complaints and obtain redress;
— pay for services.
Therefore, consumers in vulnerable situations are at a greater risk of experiencing negative outcomes
when interacting with organizations. For example, financial loss, being unable to access services,
receiving services unsuitable for needs, stress, inconvenience, exploitation or other harm.
Organizations that understand consumer vulnerability, and provide an inclusive and flexible approach,
are better able to meet a diverse range of consumer needs, making it easier for consumers to access
services and information, make good decisions and achieve positive outcomes.
0.3 Organizational benefits of adopting an inclusive service approach
This document specifies requirements and gives guidance for organizations on how to provide an
inclusive service at all stages of service delivery, helping them to identify and support consumers in
vulnerable situations. It is recognized that organizations will need to develop a tailored approach to
the development and implementation of an inclusive service (see Annex A), dependent on the nature of
their business and level of existing provision.
Adopting an inclusive service approach offers many potential benefits for organizations:
— increased customer base, by making services accessible to a greater number of individuals;
— improved service provision for all customers irrespective of their vulnerability status;
— improvement in the quality of consumer interactions, thereby minimizing the risk of harm;
vi
  © ISO 2022 – All rights reserved

---------------------- Page: 6 ----------------------
ISO 22458:2022(E)
— reduced likelihood of problems and complaints, as a result of operating effectively and getting
things right first time, leading to a reduced cost of complaints handling;
— improved customer satisfaction, building consumer trust and enhancing the organization’s
reputation;
— ability to demonstrate ethical behaviour and social responsibility;
— strengthened staff loyalty and engagement by ensuring that they feel valued, supported and
confident in handling difficult situations;
— help to achieve compliance with legal obligations related to fairness and equality, by following good
practice in the fair treatment of consumers in vulnerable situations.
vii
© ISO 2022 – All rights reserved

---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO 22458:2022(E)
Consumer vulnerability — Requirements and guidelines
for the design and delivery of inclusive service
1 Scope
This document specifies requirements and guidelines for organizations on how to design and deliver
fair, flexible and inclusive services that will increase positive outcomes for consumers in vulnerable
situations and minimize the risk of consumer harm. It covers organizational culture and strategy,
inclusive design and how to identify and respond to consumer vulnerability.
It is applicable to any organization that provides services, including service-related products, to
consumers, regardless of location or size.
NOTE 1 The term “services” refers to any service provided to consumers online or offline. Service sectors can
include, for example, healthcare, leisure and entertainment, retail, energy, communication, financial services,
travel and tourism, digital services, professions and trades.
NOTE 2 Service providers can include private or public organizations, charities, government agencies, local
authorities of any size.
NOTE 3 It can be fair and reasonable, in some cases, for an inclusive service provider to limit access for
individuals outside of the organization’s target audience, where the main objective is to protect consumers and
prevent harm. For example, preventing children from accessing online gambling sites.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
accessible
product, service, environment or facility that is usable by the greatest number of people with a diverse
range of capabilities
3.2
artificial intelligence
engineered system with capability to acquire, process and apply knowledge and skills
[15]
[SOURCE: ISO/IEC TR 24028:2020, 3.4 — modified, deleted Note 1 to entry and changed “capability
of an engineered system” to “engineered system with capability”.]
3.3
consumer
individual member of the general public who is the end user of services or service-related products
Note 1 to entry: For the purposes of this document, use of the term “consumer” includes a range of potential and
existing service users, e.g.
1
© ISO 2022 – All rights reserved

---------------------- Page: 8 ----------------------
ISO 22458:2022(E)
— those thinking about using or purchasing a service;
— those who have purchased a one-off service;
— those in a short- or long-term service contract;
— end users of a service paying directly for the service;
— end users of a service not paying for the service.
Note 2 to entry: The end user might not be the customer who purchased the service (e.g. persons having a meal at
a restaurant that is paid for either by one person in this group or by a different person).
[16]
[SOURCE: ISO/IEC Guide 76:2020, 3.5 — modified, deleted “(e.g. a smart speaker)”.]
3.4
consumer harm
consumer detriment
instance of a consumer (3.3) suffering or experiencing negative outcomes, as a result of their dealings
with an organization
Note 1 to entry: Harm is often caused by organizations unintentionally.
Note 2 to entry: Harm can be caused by an organization treating a consumer unfairly, providing poor service,
giving unsuitable advice, using inaccessible or inflexible systems and/or making it difficult to access complaints
handling systems.
Note 3 to entry: Harm includes, for example, financial loss, physical harm, loss of dignity, inconvenience, stress,
being denied a service available to others and/or paying for a service that is unsuitable or does not meet
individual needs.
3.5
consumer vulnerability
state in which an individual can be placed at risk of harm during their interaction with a service
provider due to the presence of personal, situational and market environment factors
[16]
[SOURCE: ISO/IEC Guide 76:2020, 3.14 — modified, changed “his/her” for “their”, changed
“detriment” to “harm”.]
3.6
essential service
service that is vital to consumer health and wellbeing, where the risk of harm is particularly high if
consumers (3.3) are unable to access it
Note 1 to entry: Essential services can vary depending on geographical area, current circumstances and the
needs of the community. For example, during the COVID-19 pandemic, access to online grocery deliveries became
an essential service for many people who were confined to their homes.
Note 2 to entry: Essential services can include, for example, energy, water, healthcare and communications.
3.7
frontline staff
staff responsible for interacting with consumers (3.3) in person or remotely via telephone, email,
internet or any other form of interaction in the nature of conversation or discussion
Note 1 to entry: Frontline staff can include, for example, customer service advisors, sales advisors, tradespeople.
Note 2 to entry: Frontline staff can be permanent or temporary employees or contracted third parties.
2
  © ISO 2022 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 22458:2022(E)
3.8
inclusive service
design of a service, service-related product or service environment that enables access and use by as
many individuals as possible, regardless of their personal circumstances
Note 1 to entry: It can be fair and reasonable, in some cases, for an inclusive service provider to limit access for
individuals outside of the organization’s target audience, where the main objective is to protect consumers and
prevent harm. For example, preventing children from accessing online gambling sites.
3.9
risk factor
characteristic or circumstance which can contribute to, or cause, consumer vulnerability (3.5)
3.10
service-related product
intangible product, linked to service provision, delivered by a service organization
Note 1 to entry: Examples of service-related products include mortgages and insurance policies, energy tariffs,
telephone, mobile or internet plans.
3.11
touchpoint
place at which consumers (3.3) contact or interact with an organization to exchange info
...