BS 10012: Personal Information Management Systems
What is BS 10012?
BS 10012:2017 is a British Standard for Personal Information Management Systems (PIMS) that provides a best practice framework for helping organizations develop processes in the collection, handling, storage and deletion of personal data/information. The standard also assists maintenance and improves their compliance with legal requirements such as the EU’s GDPR scheme (General Data Protection Regulation). In Q1 2019/20 ICO, the UK’s independent authority set up to uphold information rights, had a total of 3,091 data security incidents which are breaches of the seventh data protection principle or personal data breaches.
BS 10012 was revised in 2017 in order to align with the requirements of GDPR but also to be consistent with ISO standards like the ISO 27001 (Information Security Management Systems), to help eliminate any duplication of efforts.
Helps you with
- GDPR compliance
- Security risks
- Data protection
- Customer trust
- Data breaches
- Risk management
- Organization’s reputation
Benefits of BS 10012 Certification
Supporting GDPR and data privacy compliance
Aligning to GDPR but also allowing organizations to use the standard to encompass other privacy laws, regulations and requirements.
Commitment to security
Demonstrate commitment to information security to customers, suppliers and other interested parties.
Improved risk management
Ensure customer records, financial information and intellectual property are protected from loss, theft and damage through a systematic framework.
Understand how statutory and regulatory requirements impact your organization and its customers, whilst reducing risk of facing prosecution and fines.
Avoid downtime and financial losses with effective management of risk, emergency preparedness and contingency planning.
Maintain the integrity of customers’ and other interested parties’ information. Conduct your activities with assurance that your systems can help manage data privacy risks.
Increase transparency of the organization’s processes and procedures.
Is BS 10012 certification right for me?
BS 10012 certification is right for you and your organization if you need the assurance that important data and information is protected from threats such as data breaches, security risks and misuse. BS 10012 is great if you want to comply with legal regulations, protect information and data and reduce the amount of data security risks.
No matter what size your business is or what type of personal information you are processing, BS 10012 can help you to manage risks to the privacy of personal data and implement the necessary policies, procedures and controls to help ensure compliance with data protection legislation.
BS 10012 and GDPR
The General Data Protection Regulation (GDPR) was implemented on May 2018, it was created to take the place of the EU’s 1995 Data Protection Directive and all member state law built on it, this includes the UK’s Data Protection Act 1998.
The regulation has two types of users, the data controllers and the data processors. The data controllers determines how and why the personal data is used and processed, while the data processors processes data on behalf of the data controllers.
BS 10012:2017 has a framework to assist an organization to meet legal requirements that align with GDPR, and will ensure that there is an ongoing compliance to GDPR.
Steps to Certification
Complete a Quote Request Form so that we can understand your company and requirements. You can do this by completing either the online quick quote or the online formal quote request form. We will use this information to accurately define your scope of assessment and provide you with a proposal for certification.
Once you’ve agreed your proposal, we will contact you to book your assessment with an NQA Assessor. This assessment consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been fully operational for a minimum of three months and has been subject to a management review and full cycle of internal audits.
Following a successful two stage audit, a certification decision is made and if positive, then certification to the required standard is issued by NQA. You will receive both a hard and soft copy of the certificate. Certification is valid for three years and is maintained through a programme of annual surveillance audits and a three yearly recertification audit.
Information Security Toolkit
Information Security Management Training
ISO 27001 in relation to GDPR video
Need a Consultant?
ISO 27001 Implementation Guide
Download Certification Logos
ISO 9001 to ISO 27001 Gap Guide
ISO 27701 Implementation Guide
Integrated Quote Request Form
Annex SL Comparison Tool
CityFibre Case Study
Is Your Management System Integrated?