Information Security Management

BS 10012

BS 10012:2017 is a British Standard for Personal Information Management Systems (PIMS).

BS 10012: Personal Information Management Systems

What is BS 10012?

BS 10012:2017 is a British Standard for Personal Information Management Systems (PIMS) that provides a best practice framework for helping organizations develop processes in the collection, handling, storage and deletion of personal data/information. The standard also assists maintenance and improves their compliance with legal requirements such as the EU’s GDPR scheme (General Data Protection Regulation). In Q1 2019/20 ICO, the UK’s independent authority set up to uphold information rights, had a total of 3,091 data security incidents which are breaches of the seventh data protection principle or personal data breaches.
 
BS 10012 was revised in 2017 in order to align with the requirements of GDPR but also to be consistent with ISO standards like the ISO 27001 (Information Security Management Systems), to help eliminate any duplication of efforts.  

Helps you with

  • GDPR compliance
  • Security risks
  • Data protection
  • Customer trust
  • Data breaches
  • Risk management
  • Organization’s reputation
Achieving the BS 10012 certification shows that your business can offer confidence and reassurance to customers that their personal data is protected and managed at all times.

Benefits of BS 10012 Certification

Supporting GDPR and data privacy compliance

Aligning to GDPR but also allowing organizations to use the standard to encompass other privacy laws, regulations and requirements.

Commitment to security

Demonstrate commitment to information security to customers, suppliers and other interested parties.

Improved risk management

Ensure customer records, financial information and intellectual property are protected from loss, theft and damage through a systematic framework.

Legal compliance

Understand how statutory and regulatory requirements impact your organization and its customers, whilst reducing risk of facing prosecution and fines.

Business resilience

Avoid downtime and financial losses with effective management of risk, emergency preparedness and contingency planning.

Maintain integrity

Maintain the integrity of customers’ and other interested parties’ information. Conduct your activities with assurance that your systems can help manage data privacy risks.

Customer satisfaction

Increase transparency of the organization’s processes and procedures.

Is BS 10012 certification right for me?

BS 10012 certification is right for you and your organization if you need the assurance that important data and information is protected from threats such as data breaches, security risks and misuse. BS 10012 is great if you want to comply with legal regulations, protect information and data and reduce the amount of data security risks.
 
No matter what size your business is or what type of personal information you are processing, BS 10012 can help you to manage risks to the privacy of personal data and implement the necessary policies, procedures and controls to help ensure compliance with data protection legislation.

BS 10012 and GDPR

The General Data Protection Regulation (GDPR) was implemented on May 2018, it was created to take the place of the EU’s 1995 Data Protection Directive and all member state law built on it, this includes the UK’s Data Protection Act 1998.

The regulation has two types of users, the data controllers and the data processors. The data controllers determines how and why the personal data is used and processed, while the data processors processes data on behalf of the data controllers.
 
BS 10012:2017 has a framework to assist an organization to meet legal requirements that align with GDPR, and will ensure that there is an ongoing compliance to GDPR.

Steps to Certification

  1. Step 1

    Complete a Quote Request Form so that we can understand your company and requirements. You can do this by completing either the online quick quote or the online formal quote request form. We will use this information to accurately define your scope of assessment and provide you with a proposal for certification.

  2. Step 2

    Once you’ve agreed your proposal, we will contact you to book your assessment with an NQA Assessor. This assessment consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been fully operational for a minimum of three months and has been subject to a management review and full cycle of internal audits.

  3. Step 3

    Following a successful two stage audit, a certification decision is made and if positive, then certification to the required standard is issued by NQA. You will receive both a hard and soft copy of the certificate. Certification is valid for three years and is maintained through a programme of annual surveillance audits and a three yearly recertification audit.

See more details

Information Security Toolkit

Information Security Management Training

ISO 27001 in relation to GDPR video

Need a Consultant?

ISO 27001 Implementation Guide

Download Certification Logos

ISO 9001 to ISO 27001 Gap Guide

Ready to start your journey?

We'll give you a clear indication of the costs of gaining and maintaining certification.
Not ready yet? Call us on 0800 052 2424 or request a callback to discuss your certification requirements.