BS10012 - the Data Protections Standard for implementing a PIMS (Personal Information Management System)

The Data Protection Act (DPA) sets out eight principles for securely managing personal information. The DPA does not articulate any detailed specification as to how these principles should be complied with, making it difficult for organisations to clearly identify what they have to do to satisfy themselves and others that their management systems are compliant. The ICO's website contains substantial detailed information and is a valuable resources for all organisations pursuing data security.

BS10012 has now been released. It is a specification for a Personal Information Management System (PIMS) sets out, in detail, all the actioins that organisations should take to ensure that they do comply with the DPA. While compliance with BS10012 does not confer legal immunity, it will certainly put organisations in a position to demonstrate conclusively that they are following recognised best practice in personal information security.

You purchse the BS10012:2009 Data Protection. Specification for a Personal Info. Management System(PIMS) as a Hardcopy or as a Download

BS10012 recognises the role of ISO/IEC 27001 in providing effective information security management and, in particular, in achieving compliance with the seventh principle of the DPA. There will also obviously be an intersection with the PCI DSS.

As well as purchasing copies of the standard from this site, we will be publishing guidance on implementation and tools and a toolkit to help organisations simplify the compliance process.