BS 10012 Certification

Personal Information Management System (Data Protection)

What is BS 10012 Certification?

BS 10012, also known as the Personal Information Management System (Data Protection), is the "BS 10012:2017 Specification for a Personal Information Management System with Data Protection Evidence" standard. It is a management system standard for the processing and protection of personal data, published by the UK-based British Standards Institution (BSI).

BS 10012 sets out to help organisations arrange their processes for processing and protecting personal data and to take suitable measures. The standard provides a framework covering:

Definition and scope of personal data.
Identifying and applying the lawful conditions for processing personal data.
Establishing suitable policies, processes, and procedures for processing personal data.
Methods for identifying, reporting, and handling personal data breaches.
Staff training and raising awareness.
Controlling access to personal data and applying security measures.

Why Choose Eurocert for BS 10012 Certification?

Choosing a certification body like Eurocert for BS 10012 certification offers several advantages:

International recognition: Eurocert is an internationally recognised, well-regarded certification body. This means that a BS 10012 certificate issued by Eurocert gains recognition and acceptance on the international market. Demonstrating your business's conformity with BS 10012 through a Eurocert certificate gives international customers and partners a reliable reference.
Expertise and experience: Eurocert is a specialist in data protection and personal information management. The firm's experience and expertise in this area help businesses understand BS 10012 requirements, apply them, and improve their processes.
Independence and impartiality: Eurocert is an independent, impartial certification body. This means your conformity with BS 10012 is evaluated and verified impartially. Audits conducted by Eurocert give you an objective view of your business's actual level of conformity.
Customer trust: a Eurocert certificate builds customer trust. It gives customers assurance that your business is aligned with personal data management and data protection processes, handles customer data safely, and respects personal privacy rights.
Continual improvement: Eurocert audits certified businesses periodically and contributes to continual improvement. This helps your business keep developing its data protection and personal information management processes over time.
Competitive position: the BS 10012 certificate provides a competitive position for your business. Customers care about the safe protection and processing of their data, so holding a Eurocert certificate can raise customer preference and help you create new business opportunities.

In short, choosing a trustworthy specialist certification body like Eurocert provides international recognition, customer trust, and continual improvement benefits by verifying your business's conformity with BS 10012.

Core Requirements of BS 10012

BS 10012, also known as the Personal Information Management System (Data Protection) requirements, sets out to build a management system for the protection of personal data. The standard covers the following core requirements:

Scope and responsibilities: the standard defines the scope of personal data processing activities and the related roles and responsibilities. The organisation commits to processing personal data only on a lawful basis and to treating data subjects (data owners) with respect.
Policy and processes: BS 10012 requires organisations to set a data protection policy and develop the processes and procedures to put the policy into practice. The policy must define core principles such as how personal data will be processed, stored, secured, and shared.
Risk assessment: organisations are responsible for identifying potential risks in personal data processing and taking suitable measures to reduce them. Risk management is a critical step in delivering data security and data protection effectively.
Information security: BS 10012 requires suitable technical and organisational measures to provide the security of personal data. These measures cover preventing unauthorised access, providing data integrity, preventing data loss, and detecting data breaches.
Staff training and awareness: organisations are responsible for providing staff training on data protection policies and processes and raising awareness of data protection. Well-informed staff play an important role in building a data protection culture.
Data breach management: BS 10012 requires a mechanism for detecting, reporting, and handling potential data breaches. Data breaches must be reported to data subjects and regulators in a timely manner.
Performance monitoring and review: organisations should monitor and evaluate the effectiveness of their data protection processes and policies regularly. Performance reviews matter for identifying gaps and taking corrective action.
Regulatory conformity: BS 10012 requires organisations to align with data protection regulations and legal requirements. This includes meeting the requirements of data protection laws such as the GDPR.

The BS 10012 standard provides organisations with a thorough framework for organising data protection processes and providing the security of personal data. The aim is for organisations following this standard to gain the trust of data subjects and reduce data protection risk. This way, organisations support legal conformity and protect their reputation by keeping data breaches to a minimum.

How to Obtain BS 10012 Certification

To obtain a conformity certificate for BS 10012, follow these steps:

Conformity assessment: the first step is to determine whether your organisation meets the BS 10012 standard. To make this assessment, you can run internal audits, compare current processes and policies against the standard's requirements, or work with an independent audit firm.
Preparation: after the conformity assessment, you may need to identify gaps and make the changes needed to take corrective action. To meet the requirements in the BS 10012 standard, you should create or revise policies, procedures, and processes.
Conformity audit: you can select an independent audit body for the conformity process. This body evaluates whether your organisation meets the BS 10012 standard.
Audit report and corrective actions: once the audit is complete, you receive the audit report. The report sets out the conformity status of your organisation and may identify any gaps. If gaps are found, take the corrective action needed at this stage.
Application and certification: after corrective actions are in place, you can apply to a certification body. The body reviews your application and, when conformity is confirmed, issues the conformity certificate for the BS 10012 standard.

Important Notes:

When choosing a certification body, confirm that it is a trustworthy, accredited body.
The certificate is valid for a defined period, and audits must be carried out at set intervals.
There is no specific legal requirement for BS 10012 certification, but the certification provides independent assurance that your organisation arranges, applies, and improves its data protection processes.

Obtaining a BS 10012 conformity certificate can be valuable for reputation and trust at organisations that care about personal data protection and data security. The process can take time, and the changes required must be made with care.

BS 10012 Certificate Cost

The certification process and price for the BS 10012 certificate vary with several factors. Factors that affect the cost of the certification process include:

Organisation size and complexity: the size and area of activity of your organisation affect the cost of certification. Larger, more complex organisations may require more resources and audit time.
Certification body: the certification body you choose for the process also affects the price. Different certification bodies offer different pricing and service packages.
Current state: how prepared your organisation already is also affects the price. If your current data protection and personal information management processes are already close to the BS 10012 standard, fewer changes may be needed to reach conformity, which can lower the cost.
Scope of the certification process: the scope of certification for the BS 10012 conformity certificate matters. Certifying only a specific department or process can lower the cost, while certifying the entire organisation is a wider, more costly process.

Take a look at these related services:

BS 10008 Certification

BS 6701 Certification

TS 13298 Electronic Document Management

BS 10012 Personal Information Management System

System Certifications

Looking for professional support?

BS 10012 Certification

What is BS 10012 Certification?

How to Obtain BS 10012 Certification

BS 10012 Certificate Cost