BS 10012: Personal Information Management Systems
What is BS 10012?
BS 10012:2017 is a British Standard for Personal Information Management Systems (PIMS) that provides a best practice framework for helping organizations develop processes in the collection, handling, storage and deletion of personal data/information. The standard also assists maintenance and improves their compliance with legal requirements such as the EU’s GDPR scheme (General Data Protection Regulation). In Q1 2019/20 ICO, the UK’s independent authority set up to uphold information rights, had a total of 3,091 data security incidents which are breaches of the seventh data protection principle or personal data breaches.
BS 10012 was revised in 2017 in order to align with the requirements of GDPR but also to be consistent with ISO standards like the ISO 27001 (Information Security Management Systems), to help eliminate any duplication of efforts.
Helps you with
- GDPR compliance
- Security risks
- Data protection
- Customer trust
- Data breaches
- Risk management
- Organization’s reputation
Benefits of BS 10012 Certification
Supporting GDPR and data privacy compliance
Aligning to GDPR but also allowing organizations to use the standard to encompass other privacy laws, regulations and requirements.
Commitment to security
Demonstrate commitment to information security to customers, suppliers and other interested parties.
Improved risk management
Ensure customer records, financial information and intellectual property are protected from loss, theft and damage through a systematic framework.
Understand how statutory and regulatory requirements impact your organisation and its customers, whilst reducing risk of facing prosecution and fines.
Avoid downtime and financial losses with effective management of risk, emergency preparedness and contingency planning.
Maintain the integrity of customers’ and other interested parties’ information. Conduct your activities with assurance that your systems can help manage data privacy risks.
Increase transparency of the organization’s processes and procedures.
Is BS 10012 certification right for me?
BS 10012 certification is right for you and your organization if you need the assurance that important data and information is protected from threats such as data breaches, security risks and misuse. BS 10012 is great if you want to comply with legal regulations, protect information and data and reduce the amount of data security risks.
No matter what size your business is or what type of personal information you are processing, BS 10012 can help you to manage risks to the privacy of personal data and implement the necessary policies, procedures and controls to help ensure compliance with data protection legislation.
BS 10012 and GDPR
The General Data Protection Regulation (GDPR) was implemented on May 2018, it was created to take the place of the EU’s 1995 Data Protection Directive and all member state law built on it, this includes the UK’s Data Protection Act 1998.
The regulation has two types of users, the data controllers and the data processors. The data controllers determines how and why the personal data is used and processed, while the data processors processes data on behalf of the data controllers.
BS 10012:2017 has a framework to assist an organization to meet legal requirements that align with GDPR, and will ensure that there is an ongoing compliance to GDPR.
Steps to Certification
Complete a Quote Request Form so we can understand you and your business. We will then use this to personally prepare a proposal for your certification and define what is known as your 'scope of assessment'.
We will then contact you to book your assessment with an NQA assessor. It consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been operational for a minimum of three months and has been subject to a management review and a full cycle of internal audits.
Following a successful stage two audit, a decision is made. If positive, your certification will be issued by NQA, with both a hard and soft copy of the certificate awarded. Certification is valid for three years and maintained through surveillance audits (years one and two) and a recertification audit in year three.
Information Security Toolkit 2013
ISO 27001 FAQs
ISO 27701 Implementation Guide
ISO 27001 Information Security Checklist
ISO 27001 27017 27018 27701 Mapping
Risk Assurance Brochure
Integrated Quote Request Form
Information Security Management Training
Measuring Operational Resilience Method
Annex SL Comparison Tool
CityFibre Case Study
Is Your Management System Integrated?
Need a Consultant?
Download Certification Logos
Combining ISO 27001 with ISO 9001 Gap Guide