Information Security Management

BS 10012

BS 10012:2017 is a British Standard for Personal Information Management Systems (PIMS).

BS 10012: Personal Information Management Systems

What is BS 10012?

BS 10012:2017 is a British Standard for Personal Information Management Systems (PIMS) that provides a best practice framework for helping organizations develop processes in the collection, handling, storage and deletion of personal data/information. The standard also assists maintenance and improves their compliance with legal requirements such as the EU’s GDPR scheme (General Data Protection Regulation). In Q1 2019/20 ICO, the UK’s independent authority set up to uphold information rights, had a total of 3,091 data security incidents which are breaches of the seventh data protection principle or personal data breaches.
BS 10012 was revised in 2017 in order to align with the requirements of GDPR but also to be consistent with ISO standards like the ISO 27001 (Information Security Management Systems), to help eliminate any duplication of efforts.  



We will only use your details for this request, they will not be used for any marketing. Read our privacy policy for more information.

We won't pass your details on to third parties.

Helps you with

  • GDPR compliance
  • Security risks
  • Data protection
  • Customer trust
  • Data breaches
  • Risk management
  • Organization’s reputation
Achieving the BS 10012 certification shows that your business can offer confidence and reassurance to customers that their personal data is protected and managed at all times.

Benefits of BS 10012 Certification

Supporting GDPR and data privacy compliance  icon

Supporting GDPR and data privacy compliance

Aligning to GDPR but also allowing organizations to use the standard to encompass other privacy laws, regulations and requirements.

Commitment to security  icon

Commitment to security

Demonstrate commitment to information security to customers, suppliers and other interested parties.

Improved risk management icon

Improved risk management

Ensure customer records, financial information and intellectual property are protected from loss, theft and damage through a systematic framework.

Legal compliance icon

Legal compliance

Understand how statutory and regulatory requirements impact your organisation and its customers, whilst reducing risk of facing prosecution and fines.

Business resilience icon

Business resilience

Avoid downtime and financial losses with effective management of risk, emergency preparedness and contingency planning.

Maintain integrity  icon

Maintain integrity

Maintain the integrity of customers’ and other interested parties’ information. Conduct your activities with assurance that your systems can help manage data privacy risks.

Customer satisfaction icon

Customer satisfaction

Increase transparency of the organization’s processes and procedures.

Is BS 10012 certification right for me?

BS 10012 certification is right for you and your organization if you need the assurance that important data and information is protected from threats such as data breaches, security risks and misuse. BS 10012 is great if you want to comply with legal regulations, protect information and data and reduce the amount of data security risks.
No matter what size your business is or what type of personal information you are processing, BS 10012 can help you to manage risks to the privacy of personal data and implement the necessary policies, procedures and controls to help ensure compliance with data protection legislation.

BS 10012 and GDPR

The General Data Protection Regulation (GDPR) was implemented on May 2018, it was created to take the place of the EU’s 1995 Data Protection Directive and all member state law built on it, this includes the UK’s Data Protection Act 1998.

The regulation has two types of users, the data controllers and the data processors. The data controllers determines how and why the personal data is used and processed, while the data processors processes data on behalf of the data controllers.
BS 10012:2017 has a framework to assist an organization to meet legal requirements that align with GDPR, and will ensure that there is an ongoing compliance to GDPR.

Steps to Certification

  1. Step 1

    Complete a Quote Request Form so we can understand you and your business. We will then use this to personally prepare a proposal for your certification and define what is known as your 'scope of assessment'.

  2. Step 2

    We will then contact you to book your assessment with an NQA assessor. It consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been operational for a minimum of three months and has been subject to a management review and a full cycle of internal audits.

  3. Step 3

    Following a successful stage two audit, a decision is made. If positive, your certification will be issued by NQA, with both a hard and soft copy of the certificate awarded. Certification is valid for three years and maintained through surveillance audits (years one and two) and a recertification audit in year three.

See more details

Information Security Toolkit 2013

ISO 27001 FAQs

ISO 27701 Implementation Guide

ISO 27001 Information Security Checklist

ISO 27001 27017 27018 27701 Mapping

Risk Assurance Brochure

Integrated Quote Request Form

Information Security Management Training

Measuring Operational Resilience Method

Annex SL Comparison Tool

Gap Analysis

CityFibre Case Study

Is Your Management System Integrated?

Need a Consultant?

Download Certification Logos

Combining ISO 27001 with ISO 9001 Gap Guide